After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments

After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments

SUMMARY

The RBI has reportedly reached out to key stakeholders, including the Payments Council of India, to inquire about the enforcement of new payment aggregator licensing norms

RBI is expected to soon launch a full-scale investigation to determine vulnerabilities in the IT infrastructure of the country’s burgeoning digital payments ecosystem.

Sources told Inc42 that RBI has also sent letters to all banks and prepaid payment instruments (PPI) providers about potential data breaches

Following the data leak of 10 Cr digital transactions from the server of Indian payments processor Juspay, the Reserve Bank of India (RBI) has reportedly reached out to key stakeholders, including the Payments Council of India (PCI), to inquire about the enforcement of new payment aggregator licensing norms that mandate storage of card data only by licensed payment aggregators and gateways. 

It is expected that RBI will soon launch a full-scale investigation to determine vulnerabilities in the tech security infrastructure of the country’s burgeoning digital payments ecosystem players. According to ET, which first reported the development, PCI will soon send a representation to RBI on steps that can be taken to remove the vulnerabilities associated with India’s digital payments infrastructure. 

Meanwhile, sources privy to the development told Inc42 that RBI has also sent letters to all banks and prepaid payment instruments (PPI), instructing them to immediately notify the central bank if they notice a data breach on their servers.

Earlier this week, the attack on Juspay’s servers left confidential data of a number of users exposed. Juspay later confirmed that for at least 2 Cr users out of the total 10 Cr affected users, 16 fields of data relating to their payment cards, such as their card brand (VISA/Mastercard), card expiry date, the last four digits of the card, the masked card number, the type of card (credit/debit), the name on the card, card fingerprint, card ISIN, customer ID and merchant account ID, had been leaked on the dark web, where it was available for sale for around 6,000 Bitcoins. 

Another subset of the leaked database, which was in the form of a data dump, contained users’ phone numbers and email addresses. 

The leaked payment information was masked in places to reveal only partial copies of card numbers. While this reduces the possibilities of a financial scam, resourceful hackers could still use the information to launch phishing scams to induce victims to hand over their card information. 

Juspay offers a software development kit (SDK) for app makers to integrate its services. It counts major Indian and international tech companies such as Amazon, Airtel, Swiggy, Vodafone, Uber, Cred, Ola and Flipkart among its clients. Its solution powers the payment gateways for these companies and Juspay claims that it processes over 2 Mn transactions per day.

The Juspay data leak is one of the biggest in India in terms of the number of users affected. It has been reported that the hacker behind the attack on Juspay also holds 80 Lakh user records for Indian classifieds website Clickindia and 10 Lakh user records for fintech startup Chqbook. 

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments-Inc42 Media
After Juspay Data Leak, RBI Sets Out To Check State Of Cybersecurity In Digital Payments-Inc42 Media
You’re in Good company