 "Hackers steal Rs 7.3 cr in 831 transactions over three months from Razorpay")
Online payment gateway Razorpay said hackers stole Rs 7.3 crore worth of funds in 831 transactions over a period of three months.
The fraud came to light, during an audit the company carried on transactions. A Razorpay spokesperson said: “During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”
According to media reports, the hacker manipulated the authorisation process of the gateway to authenticate 831 transactions. “Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” the company’s spokesperson said.
Hacking of banks and financial institutions for data theft is a well-known trend, but the Razorpay incident could be the first among payment gateway players.
The only other hacking incident where money was stolen from a bank was in 2016, when the Union Bank of India lost $171 million to hackers. The hackers had made use of the SWIFT to swindle money.
Some other well-known breaches include the one at MobiKwik in 2021, when data of over 3 million users was hacked into. But data breach or hacking into systems to get customer data like KYC or passwords are very common. Hacking to steal money directly from financial institutions is still very rare.
Cybercrime and cyber attacks have gone up exponentially since 2020. According to the Ministry of Electronics and Information Technology, between 2018 and 2021 there was a fivefold jump in the number of cybercrimes and frauds.
For the financial sector, threat levels have gone up significantly. For instance, Trend Micro detected 4,497 online banking malware in India in the first half of 2021.
Kaspersky said in its threat prediction for 2022, “We are likely to witness the growth of attacks against payment systems and more advanced mobile threats.”
The fraud came to light, during an audit the company carried on transactions. A Razorpay spokesperson said: “During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”
According to media reports, the hacker manipulated the authorisation process of the gateway to authenticate 831 transactions. “Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” the company’s spokesperson said.
Hacking of banks and financial institutions for data theft is a well-known trend, but the Razorpay incident could be the first among payment gateway players.
The only other hacking incident where money was stolen from a bank was in 2016, when the Union Bank of India lost $171 million to hackers. The hackers had made use of the SWIFT to swindle money.
Some other well-known breaches include the one at MobiKwik in 2021, when data of over 3 million users was hacked into. But data breach or hacking into systems to get customer data like KYC or passwords are very common. Hacking to steal money directly from financial institutions is still very rare.
Cybercrime and cyber attacks have gone up exponentially since 2020. According to the Ministry of Electronics and Information Technology, between 2018 and 2021 there was a fivefold jump in the number of cybercrimes and frauds.
For the financial sector, threat levels have gone up significantly. For instance, Trend Micro detected 4,497 online banking malware in India in the first half of 2021.
Kaspersky said in its threat prediction for 2022, “We are likely to witness the growth of attacks against payment systems and more advanced mobile threats.”
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%