![]() Paytm doesn’t appear to be doing that (I’m not registered as a merchant). Note that Mobikwik is doing KYC (Know Your Customer) verification before merchants accept wallet payments. Mobikwik said that they haven’t received any notice from the RBI prior to the changes. Note that Mobikwik has also updated its application post launch, and made changes. The new update addresses this keylogging issue, and does something similar to what Mobikwik is doing with its Mobikwik Lite app. Vijay Shekhar Sharma, when we had asked him about the Muthian’s blog post, had then said that “This news is false.” The keylogging issue, though, had been validated by an independent technology expert we spoke with, and thus, the question was important. Oddly enough, even though this is a major security issue, the Paytm team it appears (as per a screenshot posted by Muthian) said this was removed because of “business risks”, and not because of security issues. Why? Because Abhishek Muthian of Timebender Technologies had filed a bug bounty submission with Paytm earlier, highlighting that a keylogger can be used to steal user card details in a merchant phone. Sharma is also yet to respond to an email we sent yesterday, asking about whether the planned update addresses security concerns raised when it had launched its application earlier, and specifically requesting information on what Paytm is planning to do to address keylogging. ![]() Security issues with its earlier approach The screen for UPI says it is “coming soon”. We updated the Paytm app earlier today, and tried the service: the “Accept Payments” option now ensures that merchants have to type in a mobile number for the recipient, who is sent an SMS, who has to click on a link, be taken to a website, and then has the option of paying via credit/debit card, or netbanking. Our analysis of the ill fated App PoS is here. We’ve also not heard back from them on whether changes have been made following an intervention from the Reserve Bank of India. Hat tip: A Paytm executive has confirmed this to us, though its founder Vijay Shekhar Sharma and its corporate communications team have not responded to calls or text messages seeking clarifications. Alibaba backed payments company Paytm seems to have updated its mobile application to allow merchants to accept payments.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |