With over 21 million registered users and over 8000 merchant partners, the company is one of the fastest growing financial technology companies in the country. Among other creative solutions, the company is known for delivering one-tap payment gateway services to its consumers.
The organization's services include transferring money to anybody, at any time, to any bank account, as well as allowing clients to track their spending habits and view all their previous transactions.
Prevent unauthorized access to and changes to financial and user information in merchant subscription accounts.
Safeguard over 8000 merchant transaction records.
Vulnerabilities in the company's mobile application and IT infrastructure.
Assuring a secure and seamless connection between the merchant's system and the payment gateway.
21 million registered users
8000 Plus Merchants
One Mobile Application
Fastest growing Industry
14 million transactions per month
The organization approached Kratikal's security testing department to uncover technical and logical vulnerabilities in their application, as well as to get recommendations on how to mitigate the dangers that could emerge from exploiting those vulnerabilities.
The test was conducted in a simulated environment.
The test was done in a black box environment.
Several hacking attempts were made to test the application's infrastructure.
The tests were carried out in compliance with industry best practices, such as the Open Web Application Security Project (OWASP).
Attackers can acquire access to the app's database and modify the users' mobile phone numbers.
The attackers can transfer any amount to their digital wallet with only Rs 1 being deducted from their bank accounts.
Attackers have been discovered to be able to place (and receive) meal orders without having to pay for them.
If the attackers had been successful in exploiting the program, they could have easily transferred any amount to their accounts, causing the organization to suffer significant losses.
If the attackers continued to place random food orders without paying for them, the company would have suffered significant losses.
Because attackers might acquire access to consumers' personal information, legitimate users could lose control of their accounts, jeopardizing the security, availability, and validity of their data.
Because the company has such a big client base (over 21 million users), any breach of the application would put all the customers' personal information at risk.
Our team projected a potential economic loss of USD 4.5 million every month.
The corporation might face significant financial losses, legal lawsuits, and brand image abuse
Several serious weaknesses in the authentication and method application architecture were fixed.
We advised them to use web application firewalls, check input fields, and filter out spam.
We requested that they adopt advanced encryption systems and adhere to rigorous access controls.
Detailed documentation of the web application vulnerabilities was provided, outlining the problem, its cause, and how to fix it.