Skip to main content

Indian Bank Loses Rs 25Cr Due To A Bug In UPI Payments App – Is BHIM Safe?


bank of maharashtra fraud
It has been reported that the India-based Bank of Maharashtra has incurred financial losses amounting INR 25Cr (roughly $4 million). It happened due to a technical flaw in the bank’s UPI Payments app designed by the Mumbai-based company. The bank has lodged FIR against 50 suspects, and they are trying to recover the funds from other banks.

The state-owned Bank Of Maharashtra (BoM) has reported a loss of INR 25Cr roughly $4 million) due to what is being called as one of the biggest financial frauds in India. This is another big blow on a financial body after almost five months. Earlier, a data breach compromised the details of around 3.2 million debit cards.
According to the reports, the fraud happened due to a bug present in the bank’s payments app based on the Unified Payments Interface (UPI). The payments app was developed by a Mumbai-based company Infrasoft Tech.
The financial fraud was first reported on February 22. It has been known that the said bug was discovered by around 50 people – with no known inter-connection – in the city of Aurangabad by trial-and-error. They were able to pull funds from their bank accounts with insufficient balance and transfer them to accounts belonging to other banks.
A government body known as NPCI (National Payments Corporation of India) validates all the transactions made using the UPI on the basis of a confirmation send by the payments app. According to BoM, the transactions were declined by the bank in the first place due to insufficient balance. However, because of the bug, the app sent two consequent messages to NPCI. The first message reading “success” and the second one as “error: insufficient funds”.
NPCI’s systems are configured to validate transactions on the basis of the first message. This cleared the way for the uninterrupted transfer of funds. The exploit was used to transfer funds 672 times in a period of 48 days starting on December 1, 2016.
In regards to such technical malfunction reports, NPCI issued a statement on March 20. The corporation stated that there exists “no vulnerability or loophole reported in Bharat Interface for Money (BHIM) application or UPI system.”
“NPCI has done intensive testing, robust design of security controls and continuous monitoring of its UPI infrastructure. The environment in which BHIM or UPI is run by NPCI is highly secure and certified with best global practices like PCI DSS ISO 27001.”
Infrasoft first notified the bug on January 18, 2017. The company also provides UPI-based payments solutions to two other Indian banks which haven’t reported any incident of financial fraud. Infrasoft is working with BoM to find the cause of the bug. The company also declined the possibility of any internal person being involved in the financial fraud.
The bank has lodged an FIR against 50 people. They have received little success while trying to recover funds which were illegally transferred to 19 other banks.
If you have something to add, drop your thoughts.

Comments

  1. Hi, I was very surprised with this post, the writer really impressed me and helped me understand many things needed, I need to acquire it and change to be able to succeed in life, thanks a lot. I suggest some article also please visit :

    Live Current Affairs
    Live Sarkari Naukri
    How to get a Government Job easily
    Facebook Video Download Online
    Essay on Various Topics
    HTML, CSS, Wordpress and More Tutorials

    ReplyDelete

Post a Comment

Follow Us

WHAT'S HOT

Best Gaming Linux Distros You Need To Try In 2017

Gaming on Linux scene is improving each year with better hardware support and increasing support from game developers. Apart from established distros like Ubuntu and Arch Linux, gamers are using gaming Linux distros like Steam OS to get a better experience. The other It’s gaming operating systems are Sparky Linux – Gameover

111 Popular And Most Useful Webpages On The Internet

With the sheer myriad of websites available on it, the internet can often prove to be a pretty overwhelming place. As such it becomes really difficult to single out the useful websites from the needless ones. So today we bring to you a list of some of the most interesting and useful

Google’s Open Source DIY Kit Turns Your Raspberry Pi Into An AI Assistant

The latest edition of the MagPi magazine includes a DIY kit created by Google that can be used to create a custom Google Home device powered by Raspberry Pi. A user can take advantage of the Google Assistant SDK and Google Cloud Speech API to enable voice control in their projects.

Russian Hackers Used Kaspersky Software To Steal NSA Secrets And Code

According to a  report from WSJ , NSA’s classified data, which wasn’t supposed to leave the facility’s perimeter where a contractor worked, was stolen by Russian hackers. This incident