Using a credit card in India reveals the risk that information will almost certainly be stolen

ByFotero

A vulnerability was found in the system of net payment adopted by some companies in India and it became clear that the possibility that the card information was stolen and the transaction history of the user was stolen. A blog aimed to discover and disclose bugs in software and systems, to help bug repair of companies and to disclose its contentsFallible BlogIt has released its contents.

It's probably stolen · Fallible Blog
https://fallible.co/blog//2016/03/30/payment-gateway-hacked-credit-card-leaked/

Fallible Blog revealed the following in a survey over several months.

1:Complete credit card information is leaked from the payment gateway guaranteed at level 1 of "PCI DSS" which is the data security standard for the international credit industry. This gateway handles more than 15 million deals per month.
2:Partial credit card information that is supplementary to various hacking from other famous gateways other than the above and user's personal information are leaked.
3:Yet another gateway implements a data protection system that cracks within a week by simply using a general grade gaming PC. As a result, the transaction history of users in India is virtually sold free under illegal conditions.

Fallible Blog notified each gateway corresponding to 1 to 3 of the survey result, and companies that received the notification have already started to repair the bug. Regarding the third, however, India has no personal information notification and protection law like the United States. Therefore, even if an Indian company using the corresponding gateway in this survey is causing data leakage, it is highly likely that no obligation to notify the end user exists and that no one is informed And that.

Fallible Blog tells people using credit cards in India "Hackers do not use all of the acquired credit card information at the same time, and as long as the company does not guarantee whether it is safe to use credit cards, It is necessary to keep checking whether suspicious transactions and invoices do not arrive, it is best to avoid invalidating the cards used by Indian companies if possible. " It's safe to have three or four digitsCVV numberIt is said that it is only a debit card limited to domestic use which sets security code (security code) and one - time password.

ByRitesh Nayak

The companies using the gateway for which the vulnerability was confirmed are as follows.

BookmyShow
Foodpanda
Freecharge
Mobikwik
Uber
Ola
Snapdeal
Rupay
Makemytrip
Yatra
Swiggy
Redbus
Voonik