Online payment gateway Razorpay said hackers stole Rs 7.3 crore from funds over a three-month period and 831 transactions.
The fraud came to the company’s attention during an audit it performed for its transaction. A Razorpay spokesperson said in a statement: “During a routine checkout process, one or more unauthorized actors with malicious intent used the browser to tamper with authorization data on a few merchant sites that were using an older version of the Razorpay integration, due to deficiencies in their payment verification process.No end consumers, merchant data or merchant funds were affected by this incident.
According to media reports, the hacker manipulated the gateway’s authorization process to authenticate 831 transactions. “Razorpay has taken proactive steps to permanently mitigate the issue and eliminate future occurrences. The company has already recovered a portion of the amount and is proactively working with the relevant authorities for the remainder of the process,” the carrier said. word of Razorpay.
Hackers attacking banks and financial institutions for data breach and data theft is a well-known trend, but the Razorpay incident might be the first among payment gateway players.
The only other hacking incident where money was stolen from a bank was in 2016 when Union Bank of India lost $171 million to hackers. The hackers had used SWIFT to swindle money.
Some of the other well-known breaches include Mobikwik in 2021, when the data of over 3 million users was hacked. But data breach or hacking of systems to obtain customer data like KYC or passwords is very common. Hacking to steal money directly from financial institutions is still very rare.
Cybercrime and cyberattacks have increased exponentially since 2020. According to the Ministry of Electronics and Information Technology (Meity), between 2018 and 2021, the number of cybercrime and fraud incidents increased fivefold.
As far as the financial sector is concerned, threat levels have increased significantly. For example, the total number of online banking malware detected by Trend Micro in India is 4497, in the first half of 2021.
According to Kaspersky’s Threat Predictions for 2022, “We are likely to see the growth of attacks against payment systems and more advanced mobile threats.”
The pandemic has boosted mobile banking, which has also become more mature. Kaspersky experts expect more mobile banking Trojans for the Android platform, especially RATs capable of bypassing the security means adopted by banks (such as OTP and MFA). Local and regional Android implant projects will move around the world, exporting attacks to Western Europe and other countries around the world.