Fallible.co, a security firm, passionate in improving the security of tech startups has revealed possible theft of credit card detail for customers who use some of the popular Indian startups.
The security firm found vulnerabilities in payment gateways in Voonik Mobikwik, Snapdeal, Makemytrip, Swiggy, Foodpanda, Redbus, Freecharge, Uber Ola, Rupay, Yatra, and BookmyShow.
Fallible made it clear that these startups are not insecure or hacked, but the payment gateways they use are vulnerable to hacking. It further noted that if any customer has used a credit card in any of these startups, then they are probably stolen.
Fallible did not show any proof of the claim, but the revelation should serve as a big warning to the startups and credit card holders. The security firm gave an example of one of the traditional payment gateway that is certified by PCI DSS level 1 as being hacked. They noted that the startup that uses this payment gateway had around 15 million transactions being processed on a monthly basis.
The security firm also named another popular payment gateway that can be hacked using ‘commodity grade gaming PC’ in only one week. Every detail about the credit card could easily be stolen.
Following these discoveries, Fallible advised customers using credit cards in some of these startups always to monitor their usage and report any suspicious activity. According to them, hackers will not use stolen credit card details on an immediate basis but will use them gradually in a phased manner. Fallible also notes that using debit cards over credit cards it safer. This is because they require PIN and OTP.
Abhishek Anand, the co-founder of Fallible last year noted that 70% of the tech startups they had investigated were vulnerable to hacking. Some of them included Ola, HomeShop18, Peppertap, and Zomato. According to Anand, of the 17 startups, they contacted to share hacking vulnerabilities details only two offered bug bounty benefits and was under $100.