How Cyber Fraudsters Conspired To Steal ₹35 Lakh From A Gurugram-Based Company.

How Cyber Fraudsters Conspired to Steal ₹35 Lakh from a Gurugram-based Company.

With the rise of the digital economy, online payment platforms have become an essential part of conducting transactions. However, with the increasing dependence on digital payment methods, the threat of cyber fraud and data breaches has also risen.

A recent example of one of these incidents involved the loss of INR 35 lakh by Gurugram-based Parviom Technologies as a result of an alleged cyberattack on the payment gateway of fintech company Cashfree Payments. The incident has raised concerns about the security of digital payment methods and the need for more robust cybersecurity measures.

In response to the article, Cashfree has released a second statement. We’d want to make it clear that there was no security breach at Cashfree Payments.

Unfortunately, our investigation has revealed that the merchant’s end suffered a compromise of their credentials. A representative for the company said, “We are working closely with the banking partner in retrieving the stolen sum.”

An alleged cyber attack on the payment gateway of the fintech platform Cashfree Payments resulted in a loss of INR 35 lakh for Gurugram-based Parviom Technologies.

The Cyber Breach

On March 31, Ankit Rawat, national head of operations at Parviom Technologies, filed a police complaint against unknown people under Sections 420 (cheating) of the Indian Penal Code and Sections 66 and 66-D of the IT Act.

Rawat claimed that his company uses the payment gateway of Cashfree Payments, which was breached, resulting in unknown fraudsters gaining unauthorized access to their systems via the dashboard.

Because of this, unidentified fraudsters were able to get unauthorized access to its systems through its dashboard. The complaint claims that 35 UPI transactions were performed by the defendants.

The Source of the Cyber Breach

The source of the cyber breach remains unknown. However, Cashfree Payments issued a statement denying any breach in their payment gateway. Instead, the company spokesperson pointed to the compromise of the merchant credentials as the source of the fraud.

“We would like to clarify that Cashfree Payments’ system was not breached. Basis the investigation, we have learned that, unfortunately, the merchant credentials were compromised from their end. We are closely working with the banking partner in recovering the lost amount,” the spokesperson said.

“Through the fraudulent transactions, a total of around INR 35 Lakh were transferred in the different bank accounts,” Rawat was quoted as saying by the news agency.

It is yet unknown where the cyber breach originated. According to a corporate spokeswoman, “Cashfree Payments’ payment gateway was not compromised.”

Akash Sinha and Reeju Datta created Cashfree Payments in 2015. The company runs a full-stack digital payments solution platform that makes it possible for companies to collect payments and provides API banking solutions. As part of a restructuring effort earlier this year, the company let go of 80 people.

While the fintech ecosystem has grown over the past few years, making digital transactions easier for both businesses and individuals, cyber fraud incidents have also sharply increased along with it. Around 95,000 fraud incidences involving UPI transactions were reported in India in 2022–2023, up from 77,000 such cases in 2020–2021, the finance ministry recently informed the House.

OneCard, a fintech company, recently submitted a cyber fraud case to the Delhi Police after being tricked by five fraudsters who used credit cards to buy goods worth INR 21.32 Lakh.

India presently has over 30 million UPI users, and with increasing internet and smartphone penetration, this number is projected to increase further in the coming days. Another anticipated outcome of the government’s focus on providing cross-border financial services via UPI is an increase in UPI users.

According to data from the National Payments Corporation of India (NPCI), UPI recorded 753 Cr transactions in February, totalling INR 12.36 Lakh Cr ($150.65 Billion).

Preventing Cyber Fraud and Data Breaches

Cyber fraud and data breaches can have a significant impact on businesses, including financial losses, damage to reputation, and loss of customer trust. To prevent such incidents, companies must adopt robust cybersecurity measures, including regular audits, vulnerability assessments, and employee training programs.

They should also implement multi-factor authentication and encryption methods to protect sensitive data. Additionally, companies should ensure that their payment gateway providers have adequate security protocols in place to prevent unauthorized access.

It is crucial to abide by the following advice to prevent UPI fraud:

1. Don’t ever give your personal information to anyone, including your phone number, bank account number, OTP, and PIN.

2. Keep in mind that you can get money without entering a PIN. The only time the PIN is necessary is when transferring money.

3. Confirm a person’s information before sending them money.

4. When utilizing UPI, avoid using open networks.

National Payments Corporation (NPCI) frequently offers advice on how to prevent UPI fraud. In the past, cybercriminals in Mumbai stole more than Rs 1 crore by using over 81 people as their victims.

Modern society cannot function without the digital payment system, but consumers must be on the lookout for fraudsters. To prevent UPI fraud, users must safeguard their personal information and adhere to safety precautions.

Implications for the Fintech Industry in India.

The incident involving Cashfree Payments and Parviom Technologies highlights the increasing risk of cyber breaches in the fintech industry in India. As more businesses move online and adopt digital payment systems, the risk of cyber-attacks increases. Cybercriminals are becoming more sophisticated, and it is essential for businesses to adopt robust security measures to protect their systems and customers.

The incident also highlights the need for collaboration between fintech companies, banks, and other stakeholders in the industry to prevent and mitigate the impact of cyber breaches. In this case, Cashfree Payments is working closely with its banking partner to recover the lost amount, demonstrating the importance of collaboration and communication in addressing such incidents.

Conclusion

The cyber breach involving Parviom Technologies and Cashfree Payments underscores the need for businesses to adopt robust security measures to protect their systems and customers.

It also highlights the importance of collaboration and communication between stakeholders in the fintech industry to prevent and mitigate the impact of such incidents. As the adoption of digital payment systems continues to grow in India, businesses must remain vigilant in their efforts to protect against cyber threats.

Edited by Prakriti Arora