Hackers steal Rs 7.3 cr in 831 transactions over three months from Razorpay

Online payment gateway Razorpay said hackers stole Rs 7.3 crore worth of funds in 831 transactions over a period of three months.

The fraud came to light, during an audit the company carried on transactions. A Razorpay spokesperson said: “During a routine payment process, an unauthorised actor(s) with malicious intent used the browser to tamper with authorisation data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. No end-consumer and no merchant data or merchant funds were affected by this incident.”

According to media reports, the hacker manipulated the authorisation process of the gateway to authenticate 831 transactions. “Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process,” the company’s spokesperson said.

Hacking of banks and financial institutions for data theft is a well-known trend, but the Razorpay incident could be the first among payment gateway players.

The only other hacking incident where money was stolen from a bank was in 2016, when the Union Bank of India lost $171 million to hackers. The hackers had made use of the SWIFT to swindle money.

Some other well-known breaches include the one at MobiKwik in 2021, when data of over 3 million users was hacked into. But data breach or hacking into systems to get customer data like KYC or passwords are very common. Hacking to steal money directly from financial institutions is still very rare.

Cybercrime and cyber attacks have gone up exponentially since 2020. According to the Ministry of Electronics and Information Technology, between 2018 and 2021 there was a fivefold jump in the number of cybercrimes and frauds.

For the financial sector, threat levels have gone up significantly. For instance, Trend Micro detected 4,497 online banking malware in India in the first half of 2021.

Kaspersky said in its threat prediction for 2022, “We are likely to witness the growth of attacks against payment systems and more advanced mobile threats.”

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor