Wednesday, Jan 11, 2023

UT cyber cell to urge RBI to toughen norms for financial service companies

Reserve Bank of India (RBI)
THE UT cyber cell Wednesday said it has decided to rope in the Reserve Bank of India (RBI) to issue an advisory to all digital payment gateways and financial service companies to make their apps foolproof to prevent being hacked, something that recently happened to the financial firm Paul Merchants Private Limited. The decision was taken after finding that the app PaulpayV2.0 was not foolproof and was easily exploited through an old conventional hacking toolkit Burp Suite Pro.

The investigation revealed that the hackers had taken merely nine days to create around 1,443 fake identities through which 3,114 transactions amounting to around Rs 1.95 crore were made.

The investigation revealed that the hackers gave heavy discounted offers to users for recharging cell phones, purchasing Amazon and Flipkart coupons, etc., attracting more than 3,000 people.

“We have decided to take up the matter of vulnerability in payment modes with the RBI. We will update the RBI about the loopholes exploited by the hackers for bypassing payment gateways being used by many companies. Indeed, there was a loophole in the system of Paul Merchants, which was exploited by hackers through ‘Burp Suite Pro’, which is a conventional to hack payment modes,” SP (Cyber) Ketan Bansal said.

Five accused including the mastermind and BSc graduate, Rohtash Kumar (27) of Adampur in Hisar, Pankaj Kumar (29) of Sirsa, Vikram (29), Mukesh Kumar (29), and Rajender Parsad alias Raju (38), of Hisar, were remanded in judicial custody on Wednesday. The UT Police rewarded a whistleblower, who noticed huge offers and heavy discounts being offered to customers on PaulpayV2.0 and alerted Paul Merchants and the cyber investigation cell. “It was the alertness of that civilian which led the busting of this racket. We kept his identity confidential but rewarded him suitably,” SP (Cyber) Ketan Bansal said. He said efforts are on to arrest more accused involved in the racket. Meanwhile, cyber expert Gurcharan Singh said, “It is the primary duty of financial service companies to make their system foolproof so hackers are unable to insert bugs into the system.

First published on: 12-01-2023 at 01:27 IST
