Juspay Data Breach

  • Thread starter Thread starter Sushubh
  • Start date Start date
  • Replies Replies 30
  • Views Views 2,509
I just used it yesterday🙁.
 
The leaked payment information has been masked in places to reveal only partial copies of card numbers. While this reduces the possibilities of a financial scam, resourceful hackers could still use the information to launch phishing scams to induce victims to hand over their card information.
Click to expand...
It is worth noting that the standards laid down in PCI DSS (Payment Card Industry Data Security Standard) have been followed by Juspay in storing users’ card information. However, Rajaharia felt that if the hacker can find out the algorithm used to generate the card fingerprint, then he will be able to decrypt the masked card number.
Click to expand...
 
It's the company that fetches OTP and automated payments right? Or I am confusing with something else?

OK it's the same. Payment gateway. Grofers uses it.
 
Now what he`s saying might be true , but no one will reveal it the card details have been hacked as the company`s value will drop. That can only be verified if someone goes into Dark Web and sees if the card details are also up for sale

I wonder when that another gateway called Razorpay will get breached
 
Oh great. Another day Another breach. This is also used by swiggy where I regularly make purchases with a CC
 

Most of the apps out there use their SDK. The OneCard app constantly pings api.juspay.in whenever you use it.

Does anyone know how these payment gateways work exactly? Do the banks transmit personal information like names, phone numbers and email addresses to the likes of juspay and razor pay if we don't voluntarily provide it?

If we make a transaction using only the card number, expiry and cvv, what all information do the gateways get?
 
Do any banks in india support generating virtual one time cards that get destroyed and regenerated after every transaction? That's what I always use on AliExpress
 
OK, so I just had a look at the sample files provided by the seller. There are two tables - one for stored cards and the other apparently the details of merchant accounts and their customer data.

The stored cards table has many vault poviders listed - I see entries for 'JUSPAY' and 'PAYU'. So many entries for 'olauser' as well. Basically if you have a card stored anywhere online in India, it'll likely be there.
 
@manu1991 A virtual debit card is generated by the bank which operate in the country . The third party debit card apps are not much popular and they are usually international . I think the rules do not allow for that here in India . I maybe wrong
Throwaway debit cards are not available I suppose
 
most banks do have gift cards but but last time i bought one... it basically failed on any online store i tried.
 
Yes I meant linked to existing debit card or account only. That seems like the best option. Generate a new one every month and use it. This way even if the info is leaked, no harm done
 
Found this on the hdfc bank site

Facility​


Please note that the NetSafe Virtual Card facility on Credit / Debit Card is temporarily unavailable as we are making technical enhancements. We will launch the new version of NetSafe Virtual Card shortly. Inconvenience caused is deeply regretted.

In the interim, you can continue using your HDFC Bank Credit / Debit Card for transactions at merchant outlets, and for online transactions with Verified By Visa facility for all Visa cards, MasterCard SecureCode facility for MasterCard cards and ProtectBuy facility for Diners cards.
Click to expand...
 

Top