Online payments have revolutionized the way we conduct financial transactions, offering unparalleled convenience and connectivity. Peer-to-Peer (P2P) payment apps, such as Zelle, PayPal, Venmo, and Cash App, have emerged as game-changers, allowing individuals to transfer money seamlessly to friends, family, or merchants. However, with the convenience comes a new set of challenges, as cybercriminals have found new targets for their illicit activities.
One notorious case of fraudulent activities is related to Mobikwik, where individuals fell victim to fraudulent tactics, resulting in substantial financial losses. In Bengaluru, two residents reported losing over Rs 50,000 each through phone calls. The victims received Interactive Voice Response (IVR) calls claiming unauthorized access to their mobile wallet accounts and were coerced into providing One-Time Passwords (OTP) to block their accounts. However, they later discovered that money had been debited from their accounts.
Similar incidents have been reported with the popular payment app Cash App. Hackers have been gaining unauthorized access to users’ accounts, transferring money without their knowledge or consent. Many users have lost hundreds of dollars, causing widespread concern about the safety of digital payment platforms.
One victim, Liz Shelby, shared her heart-wrenching experience after her son’s savings disappeared from his Cash App account. Another victim, Marvis Herring, narrowly escaped an attempted theft of $1,400. These incidents highlight the urgent need for tighter security measures on payment apps like Cash App and Venmo.
One vulnerability of Cash App is its absence of a traditional password. Users can create accounts using only an email address or phone number, and login codes are sent to either upon registration. This system has become an easy entry point for hackers, who have been selling login details of Cash App accounts on dark web marketplaces and fraud websites.
Stolen accounts provide fraudsters with login credentials and additional information, such as email addresses and cookie files, enabling them to pose as legitimate users and make unauthorized transactions without raising suspicion. Hackers have also been using compromised accounts for money laundering purposes, offering newly created and verified accounts on the dark web for illegal activities.
India, with its large user base of online payment apps, is particularly targeted by hackers. While most payment apps in India have multi-factor authentication and other security protocols, there have been significant issues leading to disruptions in services and discomfort for millions of users.
One of the biggest data breaches in India’s payment app security occurred with MobiKwik. Attackers gained access to 8.2 terabytes of user data, including phone numbers, email addresses, transaction logs, payment card numbers, passwords, and personal identification documents. This data was available for sale on the dark web, posing a significant threat to the privacy and security of millions of users.
Unfortunately, the MobiKwik breach is not an isolated incident. Numerous payment platforms and online stores in India have experienced data breaches and cyberattacks, putting sensitive user information at risk. India has seen a surge in cyber attacks, with organizations defending against an average of 2,108 attacks per week in the first quarter of 2023.
The Indian government’s push for cashless transactions and the Aadhaar digital ID system has further increased the risks. The Aadhaar database, despite containing sensitive information, remains largely unregulated and unsecured, adding to the potential risks for over 1 billion Indians whose data is linked to it.
India must prioritize cybersecurity to safeguard user data and protect its digital ecosystem. Users also need to exercise caution while making transactions, avoid sharing sensitive information, and double-check the authenticity of offers or requests received. While online payment apps have simplified our lives, it is crucial to remain vigilant and take necessary precautions to avoid falling victim to scams and fraudulent schemes.