 "Hackers")
Online payment gateway Razorpay said hackers stole Rs 7.3 crore worth of funds in 831 transactions over a period of three months.
The fraud came to light, during an audit the company carried on transactions. A Razorpay spokesperson said: “During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”
According to media reports, the hacker manipulated the authorisation process of the gateway to authenticate 831 transactions. “Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” the company’s spokesperson said.
Hacking of banks and financial institutions for data theft is a well-known trend, but the Razorpay incident could be the first among payment gateway players.
The fraud came to light, during an audit the company carried on transactions. A Razorpay spokesperson said: “During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”
According to media reports, the hacker manipulated the authorisation process of the gateway to authenticate 831 transactions. “Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” the company’s spokesperson said.
Hacking of banks and financial institutions for data theft is a well-known trend, but the Razorpay incident could be the first among payment gateway players.
