Skip Menu |

This queue is for tickets about the Finance-Bank-HDFC CPAN distribution.

Report information
The Basics
Id: 123129
Status: rejected
Priority: 0/
Queue: Finance-Bank-HDFC
People
Owner: Nobody in particular
Requestors: kumaratul190 [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Sep 26 03:51:45 2017 kumaratul190 [...] gmail.com - Ticket created
Subject: Bug in Transaction Through HDFC Debit Card
Date: Tue, 26 Sep 2017 13:21:12 +0530
To: support [...] hdfcbank.com, bug-Finance-Bank-HDFC [...] rt.cpan.org
From: Atul Kumar <kumaratul190 [...] gmail.com>
Dear Development Team, Yesterday while doing a transaction, I came across a bug related to online payment using HDFC debit card. I think it may interest you guys and could prove to be a security breach for HDFC bank. Please find below the bug details: *Background* I found this bug while doing a payment on MyAirtel app through HDFC MaterCard. *Issue* It is possible to make successful payment with a wrong (Random) CVV number. *Pre-Condition* 1. MyAirtel app should be installed on your phone 2. Add a HDFC Debit Card to that MyAirtel account. You can do this by adding some amount (may be 1 rupee) to your Airtel Wallet, because this app automatically saves you card details unless you yourself don't choose not to save the card details. You can delete the saved cards details anytime in future. *Steps To Reproduce the Issue* 1. Login to MyAirtel App. 2. Click the Recharge link under Quick Actions. Recharge page should open. 3. Enter any phone number you wish to recharge and click Recharge Now button. Enter Amount page should open. 4. Enter any amount and click on the Tick Button. Select Payment Option page should open. 5. Select Saved Card option under My Cards field. It should asked to enter CVV. 6. Enter any CVV (eg. 123). As soon as you enter the CVV, it processes the payment and ask to Enter the OTP send to your mobile. 7. Either you enter the OPT manually or if the application has enough permission it automatically reads the OPT and processes the transaction. 8. The transaction successfully gets processed and recharge successful. *How is it HDFC bug?* To verify this I executed the same steps using AXIS bank debit card and the transaction got failed stating "Wrong CVV". Hence I assume Airtel simply forwards all the details to whatever vendor (Bank) you choose and it is the vendor who verifies the validity of those details and process the transaction. If this is the case, definitely it is a bug on HDFC side. *Note* 1. It doesn't happen when you add money to Airtel Payment bank Wallet. What I mean is if you repeat the same steps for adding money to your Airtel Wallet (Not for Recharge), the transaction will be failed stating some error. I faced this issue on MyAirtel app, but you guys can test it for any other application where this scenario (Directly paying using saved card and not transferring amount to e-wallet) could be created. Kindly revert if you need any other information from my end or you wanna give me some update. I am also reachable through phone or Whatsapp on 9599840036. Reagrds Atul Kumar 9599840036
  Mon Nov 09 15:56:15 2020 ether [...] cpan.org - Correspondence added
Subject: rejected: bug report for Finance-Bank-HDFC
This is the bug queue for a defunct Perl module, and NOT the right place to report issues with the bank itself. Please consult the bank's website for how to report issues.
  Mon Nov 09 15:56:15 2020 The RT System itself - Status changed from 'new' to 'open'
  Mon Nov 09 15:56:15 2020 ether [...] cpan.org - Status changed from 'open' to 'rejected'