Flipkart co-founder Sachin Bansalthe fintech startup of Navi Technologies was the victim of a payment gateway fraudresulting in losses of ₹14.26 crore over a two-week period in December 2024.
THE Whitefield Cybercrime Police in Bengaluru have launched an investigation after filing a complaint against unidentified fraudsters.
According to a report in The Hindu, the fraudsters exploited a critical vulnerability in the company’s operating system. third-party payment gateway system, allowing them to manipulate transaction amounts after payment has been initiated. The fraud was discovered when the company’s vigilance team detected unusual patterns in transaction records.
The scam took advantage of a technical flaw that allowed users to change payment amounts through the Third-Party Application Provider Gateway (TPAP) after initiating transactions on the Navi app.
Fraudsters would initially enter larger amounts for services like mobile recharges and EMI payments and then change the payable amount to just ₹1 once the payment was processed. Although the system recorded these transactions as successful for a minimal amount, Navi Technologies was charged the initial full payment.
Srinivas Gowdaa vigilance officer at Navi Technologies, revealed that the fraudulent activities occurred between December 10 and 24, 2024. The company’s complaint states that several perpetrators, posing as legitimate customers, repeatedly exploited this vulnerability to defraud the Bengaluru-based financial technology company.