The South East cybercrime police are investigating a fraudulent case where a hacker stole ₹7.3 crores over three months by exploiting the authorization process of Razorpay Software Private Limited, a payment gateway company to authenticate 831 failed transactions.
The fraud came to light when officials of the payment gateway company Razorpay Software Private Limited conducted an audit of the transactions, and they couldn’t accommodate the receipt of Rs. 7,38,36,192 against 831 transactions.
Razorpay Software Private Limited was founded by Shashank Kumar and Harshil Mathur in 2015. The company offers online payment services that allow businesses in India to collect payments via credit card, debit card, net banking, and wallets.
On May 16, Abhishek Abhinav Anand, head of Legal Disputes and Law Enforcement at Razorpay Software Private Limited, lodged a complaint with the South East cybercrime police.
The police are currently attempting to track down the hacker on the basis of online transactions.
An internal probe has revealed that some person or persons have tampered with and manipulated the authorization and authentication process.
As a result, false ‘approvals’ were sent to Razorpay against the 831 failed transactions, resulting in a loss amounting to ₹7,38,36,192. The company provided details of the 831 failed transactions, including date, time, IP address, and other relevant information to the police.
"Razorpay's payment gateway is at par with the industry standards on data security. During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites that used an older version of Razorpay's integration, due to gaps in their payment verification process.
The company has conducted an audit of the platform to ensure no other systems, no merchant data, and funds, and neither their end-consumers were affected by this incident,” Razorpay’s spokesperson stated.
According to the ministry of electronics and information technology (Meity), between 2018 and 2021, there was an over a five-fold jump in the number of cybercrime and fraud incidents recorded by the government.
Basically, the number of incidents surged from 208,456 in 2018 to 1,402,809 in 2021, as per the Data available with the Indian Computer Emergency Response Team (Cert-In). Indian Computer Emergency Response Team is the government agency for computer security.
