Database of Bajaj Finserv EMI cards hacked; 21 customers duped of Rs 5.70 lakh

Source: The Hitavada      Date: 06 May 2018 08:27:16


By Dheeraj Fartode,

Cyber Complaint Cell asks Bajaj Finserv officials to secure its database

A GROUP of on-line fraudsters has hacked into customer database of Bajaj Finserv EMI Cards and duped 21 customers to the tune of Rs 5.70 lakh in last four months, officials of Cyber Complaint Cell (C3) of Nagpur Police said.
The fraudsters accessed the customer database, posed as representatives of the company to extract OTP (One Time Password) from gullible card holders and used it for on-line purchases, Assistant Police Inspector (API) Vishal Mane informed The Hitavada.

Bajaj Finserv EMI Card is a payment instrument which works like credit cards with a pre-approved loan amount. It enables customers to pay for all types of purchases.
Explaining the modus operandi, API Mane said, “They (fraudsters) first make shopping on Flipkart site and enter hacked details of the EMI card in the Payment gateway. When the payment gateway page asks for OTP, which Bajaj Finserv system sends to customers’ cell phones, they call the customer posing as company representative and extract the OTP in the name of card verification.”

The fraudsters gain confidence of the customer by sharing all details of the card holder hacked from the database before asking for OTP. “With such authentic information coming from the representative many gullible card holders readily share their OTP with the conmen,” said a police official. Once the OTP is extracted the financial transaction
is completed.

The trick job gets easier as the victim only gets to know about the transaction after two days. Bajaj Finserv takes two days to inform the card holders about the financial transaction. “When the victim approaches police, it becomes difficult to track or refund the money as the fraudsters receive their order from Flipkart within two days,” the police official added.

Following growing number of complaints the C3 officials conducted a meeting with officials of Bajaj Finserv and asked them to alert their customers about the cyber fraud. The company has been asked to secure its database and call every customer once OTP is generated. The company was approving transactions without verifying the details.
“Directives have been issued to Bajaj Finserv officials to secure its customer database. I also appeal to the citizens not to share their OTP or card details without verification,” said Commissioner of Police Dr. K Venkatesham.

“Though the company officials looked reluctant to verify every purchase by calling the customer, police have directed them to follow the practice to check further frauds,” a top official said.