Digital payments company One Mobikwik Systems has encountered two separate incidents: a significant security breach resulting in the theft of ₹40 crore, and a technical glitch in Haryana leading to the freezing of 2,000 merchant accounts.

₹40 Crore Security Breach

The security breach, which occurred on September 11-12, exploited a technical vulnerability following a software update. This allowed users to:

• Process transactions exceeding their wallet balances
• Bypass authentication with incorrect UPI PINs

The vulnerability facilitated over five lakh fraudulent transfers across 2,500 bank accounts before being detected during a routine audit on September 13.

Financial Impact and Recovery Efforts

The breach has had substantial financial repercussions for MobiKwik:

MobiKwik is actively collaborating with banks and law enforcement agencies to recover the remaining funds.

Investigation and Arrests

The scale and sophistication of the operation have led authorities to suspect insider involvement. Six individuals have been arrested in connection with the fraud, and investigations are ongoing.

Technical Glitch in Haryana

In a separate incident, MobiKwik experienced a technical glitch in Haryana, prompting the company to freeze 2,000 merchant accounts. The company has since resolved the technical issue and confirmed that there was no user loss or cybersecurity breach related to this particular incident.

Historical Context

This is not the first time MobiKwik has faced such challenges. In 2017, the company experienced a similar fraud incident, resulting in a loss of ₹19 crore.

Market Response

Despite these incidents, MobiKwik Systems' shares showed resilience in the market:

The company's ability to maintain investor confidence in the face of these security incidents will be crucial as it works to strengthen its cybersecurity measures and recover the stolen funds.

MobiKwik's management is expected to provide further updates on both incidents and outline steps to prevent similar vulnerabilities in the future.

One Mobikwik Systems Limited, a leading digital payment platform in India, has reported a significant fraud incident involving unauthorized settlements in Haryana. The company estimates the financial impact of this fraud at ₹26.00 crores, according to a recent disclosure to the stock exchanges.

Fraud Details

The incident involved some registered merchants and users colluding from limited locations in Haryana to claim unauthorized settlements from the company. One MobiKwik stated that the fraudulent activities were carried out with a clear intent to gain unfair monetary advantage. The company emphasized that none of its employees, Key Managerial Personnel (KMPs), or insiders were involved in this incident.

Timeline and Discovery

According to the company's preliminary assessment, the fraudulent activities occurred between September 11 and 12. However, as the investigation is still ongoing, the exact time period is yet to be determined conclusively.

Financial Impact and Recovery Efforts

One MobiKwik initially lodged a First Information Report (FIR) for an amount of ₹40.00 crores as a risk mitigation measure. The company has already recovered approximately ₹14.00 crores, leaving a net estimated impact of ₹26.00 crores.

Legal and Preventive Measures

The company has taken several steps to address the situation:

1. An FIR has been filed with the relevant police station in Gurugram, and arrests have been made in connection with the case.
2. Legal Enforcement Agencies (LEA) have taken proactive steps to freeze and place liens on the bank accounts where unauthorized settlements were credited.
3. One MobiKwik is actively working to recover the unauthorized settled amounts from the affected customers.

Company's Response

In its statement to the stock exchanges, One MobiKwik assured that it is undertaking all possible and necessary efforts to recover the full amount over time. The company is cooperating with the ongoing police investigation and has committed to providing any necessary assistance to law enforcement agencies.

One MobiKwik also stated that it would promptly inform the stock exchanges of any material developments in the case as the investigation progresses.

This incident highlights the ongoing challenges in the digital payment ecosystem and underscores the importance of robust security measures to prevent financial fraud.