Juspay appoints PwC, Verizon to audit its systems post breach
The Bengaluru-based payments firm had suffered a massive breach back in August, when 3.5 crore masked card details were exposed in a hack and have been made public on the dark web. The incident came to light recently and has pushed the payments firm to undertake a proper forensic audit to ensure its systems are safe from future attacks.
January 07, 2021 / 08:11 PM IST
Rank 5 | Visa | Company: Payments | Brand value: $1,86,809 million | Brank value change: 5 percent (Image: Reuters)
Digital payments player Juspay has appointed consultancy firm PwC and Verizon Business to conduct an internal audit into its systems and processes, the company said in a blog post on January 7.
While Verizon Business will conduct a PCI Forensic Investigation (PFI), PwC will audit the company’s policies, protocols, and technologies.
PCI Forensic Investigators (PFIs) are organisations qualified to conduct investigations related to data infringement and data compromise in the Payment Card Industry (PCI) networks.
Moneycontrol wrote on January 5 that as per standard protocol laid out by PCI, there is need for a forensic audit to be conducted by a forensic investigator after an incident of a data breach.
“These would help enhance resilience and preparedness to mitigate threats from unlawful cyber-attacks,” said Juspay in its blog post.
The Bengaluru-based payment processor works with large firms like Swiggy, Amazon, Big Basket and others. It said that while they had managed to contain the threat by timely and swift action, working with large organisations like these will help them make their systems better prepared against future attacks.
“We want to combine their (Verizon and PwC) global expertise with our experience to ensure that we are more cyber resilient and better prepared to face and defeat similar threats in the future,” the company wrote in the post.
Juspay was the victim of a cyber attack back in August last year, which only came to light recently. The company faced a lot of flak for not having made the issue public and not even informing its banking partners and card networks. Juspay said since the financial data of customers was not compromised, it only informed its merchant partners and issued fresh API keys to prevent further misuse of the data.
In the process, 3.5 crore customers had certain details like names, email IDs and masked card numbers revealed on the dark web.