Hacker steals ₹7.3 crore from payment gateway company Razorpay in Bengaluru

The hacker stole ₹7.3 crore over three months by manipulating the authorisation process of the payment gateway company to authenticate 831 failed transactions

May 19, 2022 01:42 pm | Updated May 20, 2022 09:30 pm IST - Bengaluru

The theft came to light when officials of Razorpay Software Private Limited were unable to reconcile receipt of ₹7,38,36,192 against 831 transactions.

The theft came to light when officials of Razorpay Software Private Limited were unable to reconcile receipt of ₹7,38,36,192 against 831 transactions. | Photo Credit: Getty Images

The South East cyber crime police are trying to track down a hacker who stole ₹7.3 crore over three months by manipulating the authorisation process of a payment gateway company to authenticate 831 failed transactions.

The theft came to light when officials of Razorpay Software Private Limited were auditing the transactions. They were unable to reconcile receipt of ₹7,38,36,192 against 831 transactions.

Razorpay Software Private Limited provides online payment services that allows businesses in India to collect payments through credit card, debit card, net banking, and wallets.

Abhishek Abhinav Anand, head of Legal Disputes and Law Enforcement at Razorpay Software Private Limited, filed a complaint with the South East cyber crime police on May 16.

The police are trying to track down the hacker based on online transactions. An internal probe carried out by Razorpay Software Private Limited found that some person, or persons, had tampered, altered and manipulated the ‘authorisation and authentication process’. As a result, false ‘approvals’ were sent to Razorpay against the 831 failed transactions, resulting in a loss amounting to ₹7,38,36,192.

Razorpay Software Private Limited provided details of the 831 failed transactions, including date, time and IP address, along with other relevant information to the police.

According to a statement issued by Razorpay, a spokespersonsaid "Razorpay's payment gateway is at par with the industry standards on data security. During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites which were using an older version of Razorpay's integration, due to gaps in their payment verification process.

The company has conducted an audit of the platform to ensure no other systems, no merchant data and funds and neither their end-consumers were affected by this incident.

The company is ISO 27k, PCI-DSS and SOC 2 compliant, it applies end-to-end transaction data security features, combined with strong authentication and authorization protocols to protect businesses from potential threats.

Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process."

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.