RazorPay Hacked: Rs 7.3 Crore Robbed By Hackers Using ‘Failed Transactions’
Update: We have received an official statement and clarification from Razorpay spokesperson regarding this incident:
“Razorpay’s payment gateway is at par with the industry standards on data security.
During a routine payment process, an unauthorized actor(s) with malicious intent used the browser to tamper with authorization data on a few merchant sites which were using an older version of Razorpay’s integration, due to gaps in their payment verification process. The company has conducted an audit of the platform to ensure no other systems, no merchant data and funds and neither their end-consumers were affected by this incident.
The company is ISO 27k, PCI-DSS and SOC 2 compliant, it applies end-to-end transaction data security features, combined with strong authentication and authorization protocols to protect businesses from potential threats.
Razorpay has proactively taken steps to mitigate the issue permanently and eliminate future occurrences. The company has already recovered part of the amount and is proactively working with the relevant authorities for the rest of the process.”
An unbelievable Rs. 7.3 crore have been robbed by a hacker from a payment gateway company, Razorpay.
This amount was stolen from the gateway over a period of 3 months and 831 transactions.
Read on to find out how this fraud was conducted!
Razorpay Robbed, Loses Rs. 7.3 Crores In Three Months
The case is being investigated by the South East cyber crime police. Apparently, this fraud came to notice when officials of Razorpay Software Private Limited conducted an audit of the transactions, and they couldn’t reconcile the receipt of Rs. 7,38,36,192 against 831 transactions
This means that the scamster manipulated the authorization process of the payment gateway company to authenticate 831 failed transactions. An internal probe has revealed that some person or persons have tampered, altered, and manipulated the ‘authorisation and authentication process’
This resulted in false approvals being sent to Razorpay against the 831 failed transactions, which in turn resulted in the loss of Rs. 7,38,36,192.
Massive Rise In Cyber Crimes Between 2018 and 2021
Between 2018 and 2021, there was an over five-fold jump in the number of cybercrime and fraud incidents recorded by the government, as informed by the ministry of electronics and information technology (Meity) to a parliamentary panel.
Basically, the number of incidents rose from 208,456 in 2018 to 1,402,809 in 2021, as per the Data available with the Indian Computer Emergency Response Team (Cert-In).
Indian Computer Emergency Response Team is the government agency for computer security.
So far, 212,485 such cases have been recorded in the first two months of 2022.
How To Fight Cyber Crimes?
The Union home ministry has trained more than 7,500 police officials to combat some of these problems along with improving awareness of safe cyber practices. The ministry has informed the panel that the country’s response to such rising cybersecurity incidents has improved, as per an unnamed study.
Further adding, “India was ranked among the top 10 countries out of 193 countries in cyber security posture for the year 2020. India jumped from the 47th position in 2018 to 10th position in 2020.”
Apart from this, Meity has rolled out additional factor authentication for government employees to protect their official accounts.