Razorpay, based in Bangalore, India, allows online merchants to accept, process, and pay for digital payments using a range of payment methods such as debit cards, credit cards, online banking, UPI, and prepaid digital wallets. When Razorpay’s valuation exceeded $1 billion late last year, it became the first Indian firm sponsored by Y Combinator, making it a highly sought-after “unicorn” by venture capitalists. The Indian business has tripled its worth in less than six months and is set to expand in Southeast Asia.
According to a police complaint filed by the payment gateway company, hackers and fraudulent consumers stole Rs. 7.38 billion by interfering with and manipulating the authorization process of Razorpay software to legitimize 831 unsuccessful transactions. abhishek In a May 16 complaint to the southeast cybercrime, Abhinav Anand, the head of Razorpay’s legal disputes and enforcement team, claimed. According to the panel’s charge, the business was unable to reconcile the Rs. 7.38 billion in receipts with the 831 transactions.
Razorpay was advised that the transactions failed and were not permitted or certified when it contacted its “authorized and certified partner,” Fiserv, a financial technology and payments provider, according to the complainant. Razorpay launched an internal investigation and discovered 831 transactions “totaling Rs. 7,38,36,192” against 16 Razorpay merchants from March 6 to May 13 this year, according to Fiserv communications.
According to a Razorpay representative, “An unauthorized actor with malicious intent tampered with authorization data on select merchant sites that use older versions of the Razorpay integration because they are vulnerable throughout the daily payment process. Process of payment verification This event had no impact on end users, merchant data, or merchant payments.”
The company claims to have taken steps to permanently resolve the problem and prevent it from recurring. It also claims to have recovered some of the money and is coordinating the rest of the procedure with the appropriate authorities.
Rising Cybercrime in India and the Government’s Response
Indian organizations like Razorpay have noticed an increase in cyber attacks targeting their vital infrastructure in recent years. For example, hackers stole the personal data of 4.5 million Air India passengers in 2022, the Indian refinery network experienced over 90,000 cybercrime events, and many phony “gift card” WhatsApp messages.
220,000 cybercrime events were reported in the first two months of 2022, indicating the necessity for a strong cybersecurity regulation. In truth, Rajkumar Rao and Sunny Leone’s CIBIL scores were affected by PAN card fraud when their information was exploited to acquire small default loans.
Fintech startups, on the other hand, have been targeted by hackers. MobiKwik and Juspay, in addition to Razorpay, have been engaged in data breaches/leaks affecting approximately 21 million users.
As a result, India’s cybersecurity organization, Computer Emergency Response India (CERT-In), published new orders last month stating that in the case of a cybercrime crisis, response efforts and contingencies should be ignored. According to the new requirements, all businesses must disclose all cybercrime events within six hours of their discovery and retain security logs for 180 days within India.
How to protect your enterprise data?
Disaster recovery refers to the establishment of two or more sets of IT systems with the same function in remote places, which can monitor the health status and switch functions. When one system stops working due to accidents (such as fire, earthquake, etc.), the whole application system can switch to another place, so that the system functions can continue to work normally. The ultimate goal of disaster recovery and backup products is to help enterprises deal with human misoperation, software error, virus invasion, hardware failure, natural disasters and so on.
By using Vinchin Backup & Recovery, you can instantly recover the entire VM and all its data from any restore point (no matter if it’s a full backup, incremental backup, or differential backup) without any effect on the original backup data. Any deduplicated or compressed backups can be recovered. It is an excellent solution to ensure enterprise business continuity and minimize the loss of crucial business interruptions caused by disaster or system failure.You can also quickly verify the backup data availability by instantly recovering the target VM to an isolated area in a matter of minutes. Make sure when a real disaster occurs, all the VMs can be recovered and the data inside is not lost or damaged. Vinchin supports the world’s most mainstream virtual environments and provides solutions such as VMware backup, XenServer backup, Hyper-V backup, RHV/oVirt backup, etc.