OneCard has reported a cyber fraud case to the Delhi Police, where five fraudsters duped the startup after procuring products worth INR 21.32 Lakh via credit cards
The issue came to light when OneCard’s system received an alert that several onboarding attempts had been made from a single device
Abhishek Bachchan, Shilpa Shetty, Madhuri Dixit, Emraan Hashmi and Mahendra Singh Dhoni are some of the celebrities and cricket players, whose details have been used by fraudsters
Fintech unicorn OneCard has reported a cyber fraud case to the Delhi Police, where five fraudsters duped the startup after procuring products worth INR 21.32 Lakh via credit cards. The fraudsters used PAN details and names of Bollywood actors and celebrities to get OneCard credit cards.
The issue came to light when OneCard’s system received an alert that several onboarding attempts had been made from a single device. The five accused tried to onboard the OneCard app using 83 forged PAN details via seven devices, according to a PTI report.
This is not all. The startup also delivered some physical credit cards to the addresses of the accused cyber criminals.
OneCard did not share comments on the issue when reached out citing the ongoing investigation sensitivity.
“The approved credit limit was exhausted or withdrawn by the accused within a span of a week and nothing has been repaid to us (OneCard),” the FIR said.
Abhishek Bachchan, Shilpa Shetty, Madhuri Dixit, Emraan Hashmi and Mahendra Singh Dhoni are some of the celebrities and cricket players, whose details were used by the fraudsters. These details were taken from GST Identification Numbers available online.
“Since the investigation into the matter is underway, we cannot comment further on it,” said, Rohit Meena, deputy commissioner of police (DCP), Shahdara, Delhi.
The five impeached fraudsters have been identified as Puneet, Mohd Asif, Sunil Kumar, Pankaj Mishar and Vishwa Bhaskar Sharma, who acted jointly to defraud OneCard in an unusual manner.
To create the duplicate PAN cards, they used PAN card number and date of birth (DOB) details of these celebrities, which were easily accessible from Google. Following this, they put their pictures on the PAN card so that during the video verification, they could exactly match the picture updated on the PAN. In a similar fashion, they forged details to create Aadhar Cards.
Essentially, video verification, also called video-based KYC, is a method that fintech companies use to authenticate a user’s identity before issuing them a credit card.
“After arrest, when the fraudsters were interrogated, they disclosed their unique modus operandi. They used to get GST details of these celebrities from Google. They were very well aware that the first two digits of GSTIN are state code and the next 10 digits are PAN number,” a source said to PTI.
Sources also informed that the fraudsters were aware that the said celebrities have good CIBIL scores, which will increase their chances of getting credit cards. They also passed OneCard’s video verification process by answering questions related to their financial activities aptly, since they accessed celebrities’ financial info from CIBIL.
The Delhi Police is probing the case and also, suspecting that fraudsters would have used a similar modus operandi to get credit cards from other fintech companies and banks.
It was further informed that the police has been doing online research for months to ascertain loopholes in the video KYC verification and issuance process of credit cards.
Founded in 2018 by Anurag Sinha, Rupesh Kumar and Vaibhav Hathi, OneCard offers Visa credit cards in association with banks including IDFC Bank, South Indian Bank, Federal Bank, Bank of Baroda Financial, and SMB Bank.
Besides this, it also operates a digital credit score platform called OneScore, which provides free credit score checks.
In 2022, it joined the unicorn club after raising about $100 Mn (about INR 802 Cr) in a Series D round led by Singapore’s sovereign fund Temasek, which invested INR 375 Cr.
Sequoia Capital, Ocean View Investment, QED Holdings, Matrix Partners, Hummingbird, among others also participated in the funding round.
Of late, multiple reports have surfaced about companies and government institutions suffering cyber attacks. The latest addition to the list is crypto exchange platform Bitbns, whose founder Gaurav Dahake recently admitted the startup faced a $7.5 Mn cyber attack, which occurred in 2022.
Late 2022, AIIMS Delhi’s five physical servers were infiltrated by Chinese hackers, demanding INR 200 Cr ransom in cryptocurrencies. However, the information was retrieved later by the Centre.
In 2022, the country witnessed 13.91 Lakh cyber security incidents as compared to 14.02 Lakhs cyber attacks reported in 2021, MoS Rajeev Chandrasekhar informed the Parliament.