Popular Indian fintech company Navi Technologies has been defrauded of 14.26 crores (142.6 million) by scammers pretending to be customers. The scammers exploited a system bug enabling them to make payments for services, including mobile recharges and EMIs, through the app via a third-party payment gateway.
The bug abused lies between the final amount Navi thought it was paying compared to what it was actually charged. A case has been filed in Bengaluru by the Whitefield cybercrime police on January 18, but the scammers are yet to be identified. The police are currently looking into the fraudulent transactions to uncover more details.
Srinivas Gowda, a vigilance officer at Navi, stated in the police report that between December 10 and 24, the company allowed customers to enter a sum of money they’d be using for a service. However, the company’s third-party payment gateway (TPAP) also allowed a user to edit the final payable amount.

This meant that the scammers were able to enter a sum of money on Navi before proceeding with the payment, and then reduced the payable amount to ₹1 on the payment gateway. The system recorded the transaction as successful for ₹1 while charging Navi the original full amount.
The incident comes on the back of the RBI finally lifting restrictions it placed on the company in October. Navi was in hot water with the top Indian bank after it was found that it was charging excessive interest rates when sanctioning and disbursing new loans.
Navi Technologies was founded in December 2018 by Sachin Bansal along with IIT-Delhi batch mate Ankit Agarwal, after Bansal left his former company Flipkart following its Walmart acquisition. Since, Navi operates in the space of operates in the space of quick digital loans, home loans, mutual funds, health insurance, digital gold, and UPI.
In the News: Experts find security flaws in Mercedes-Benz infotainment systems