EVENTSTESTIMONIALSvCISO
Picture of the author
Kratikal's Logo
Contact Us

Fintech
Case Study

Industry

Fintech

Client Backgorund

With over 21 million registered users and over 8000 merchant partners, the company is one of the fastest growing financial technology companies in the country. Among other creative solutions, the company is known for delivering one-tap payment gateway services to its consumers.
The organization's services include transferring money to anybody, at any time, to any bank account, as well as allowing clients to track their spending habits and view all their previous transactions.

Business Challenges

  • Prevent unauthorized access to and changes to financial and user information in merchant subscription accounts.

  • Safeguard over 8000 merchant transaction records.

  • Vulnerabilities in the company's mobile application and IT infrastructure.

  • Assuring a secure and seamless connection between the merchant's system and the payment gateway.

Environment

  • 21 million registered users

  • 8000 Plus Merchants

  • One Mobile Application

  • Fastest growing Industry

  • 14 million transactions per month

Solution

The organization approached Kratikal's security testing department to uncover technical and logical vulnerabilities in their application, as well as to get recommendations on how to mitigate the dangers that could emerge from exploiting those vulnerabilities.

Approach

  • The test was conducted in a simulated environment.

  • The test was done in a black box environment.

  • Several hacking attempts were made to test the application's infrastructure.

  • The tests were carried out in compliance with industry best practices, such as the Open Web Application Security Project (OWASP).

Major Findings

  • Attackers can acquire access to the app's database and modify the users' mobile phone numbers.

  • The attackers can transfer any amount to their digital wallet with only Rs 1 being deducted from their bank accounts.

  • Attackers have been discovered to be able to place (and receive) meal orders without having to pay for them.

Risks

  • If the attackers had been successful in exploiting the program, they could have easily transferred any amount to their accounts, causing the organization to suffer significant losses.

  • If the attackers continued to place random food orders without paying for them, the company would have suffered significant losses.

  • Because attackers might acquire access to consumers' personal information, legitimate users could lose control of their accounts, jeopardizing the security, availability, and validity of their data.

Impact

  • Because the company has such a big client base (over 21 million users), any breach of the application would put all the customers' personal information at risk.

  • Our team projected a potential economic loss of USD 4.5 million every month.

  • The corporation might face significant financial losses, legal lawsuits, and brand image abuse

Recommendations

  • Several serious weaknesses in the authentication and method application architecture were fixed.

  • We advised them to use web application firewalls, check input fields, and filter out spam.

  • We requested that they adopt advanced encryption systems and adhere to rigorous access controls.

  • Detailed documentation of the web application vulnerabilities was provided, outlining the problem, its cause, and how to fix it.

“Kratikal helped us in finding and fixing some high impact vulnerability that had potential business losses up to $ 1 Million per day. We were happy to learn that a third-party vendor could be better in taking care of security needs as compared to in-house. Kratikal also found and remediated a few threats that were up to three years old. Moving forward, we are going to trust our security to kratikal.” – IT Manager Financial Company

Kratikal Privacy Commitment

Kratikal is dedicated to safeguarding your company from advanced threats, such as data leakage. For this reason, we do not reveal the names of our case study participants.

Loading...