PayTM


swatkats

Well-Known Member
Veteran
Jul 16, 2011
3,893
1,666
201
Hyderabad
This thread is for discussions related to PayTM

--------------------



Recently one of the shops which i often visit got fooled by a person when he accepted a paytm payment.
The Shop owner due to rush, Couldn't verify in the app and just the message.

Message came from DM-MMS .. Saying this 9887XXXXXX has added 502 rupees & the transaction ID: XXXXXXX at time:ss

The retailer believed it to be authentic confirmation and let the buyer go.. Now when i visit his shop, he shares me his concern and i realised he got duped..

Can anyone brief me what could have happened//
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,512
1,696
303
Ghatkopar, Mumbai
plus.google.com
This thread is for discussions related to PayTM

--------------------



Recently one of the shops which i often visit got fooled by a person when he accepted a paytm payment.
The Shop owner due to rush, Couldn't verify in the app and just the message.

Message came from DM-MMS .. Saying this 9887XXXXXX has added 502 rupees & the transaction ID: XXXXXXX at time:ss

The retailer believed it to be authentic confirmation and let the buyer go.. Now when i visit his shop, he shares me his concern and i realised he got duped..

Can anyone brief me what could have happened//
In my opinion, at first glance, it's the same as that OLX scam.

He should never trust the SMS, he should check the passbook on the app. It is possible, that this scam can be avoided if you do not share the number, but only the QR code for scanning, and register as a merchant - which only shows the name, not the number of the merchant.
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,512
1,696
303
Ghatkopar, Mumbai
plus.google.com
This looks like paytm can be hacked.

I find it weird that the initial response is

Code:
{“RESPCODE”:”01",”RESPMSG”:”Txn+Successfull”,”STATUS”:”TXN_SUCCESS”,”MID”:”Happyh28347223960294",”TXNAMOUNT”:”3280.00",”ORDERID”:”10004454",”TXNID”:”7105052255",”CHECKSUMHASH”:”fXCIluPE1xcoVwPAE5KkI+UX0YacwXw/YsohAA/O6bWlXqQ41t03h11CueoN9IbMdf6o0f5+cZUawjJL4ty+sp99MCRzLloFApkCb02Cr30=”}
While later it changes to

Code:
’14111'

’Looks

’TXN_FAILURE’

’Happyh28347223960294'

’3280.00'

’10004454'

’7105052255'

’fXCIluPE1xcoVwPAE5KkI+UX0YacwXw/YsohAA/O6bWlXqQ41t03h11CueoN9IbMdf6o0f5+cZUawjJL4ty+sp99MCRzLloFApkCb02Cr30=’
Additionally, there is a spelling mistake - sucessfull - someone needs to see if the paytm API send that or not.

Now, if we could match the checksums, and both are correct, then someone could have very well hacked the paytm API.[DOUBLEPOST=1503731506][/DOUBLEPOST]http://paywithpaytm.com/developer/paytm_api_doc?target=interpreting-response-sent-by-paytm

More details in that.

Plus, the 3K might have been sent from that staging account?
 
Last edited:

smnrock

Well-Known Member
Veteran
Apr 9, 2009
1,232
231
153
How's the experience using virtual debit card of theirs..
- Where did you do your E-KYC?
I've not used any of their banking services so far. I just created the bank account and nothing else.

Regarding kyc, it was done long before when I wanted to remove the wallet restriction of 10K per month or so. They came to my place for doing that. i don't remember whether they took finger print authorization or not, but they collected aadhar copy.
 

swatkats

Well-Known Member
Veteran
Jul 16, 2011
3,893
1,666
201
Hyderabad
Now they want Aadhar card to enjoy full benefits due to RBI recent guidelines..

KYC Norms:
The RBI said that Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) guidelines will apply to wallets. Provisions of Prevention of Money Laundering Act, 2002 and Rules will be applicable to all wallet issuers.

    • For semiclosed PPIs such as Paytm, MobiKwik, FreeCharge, PayU Money etc, any new wallets opened will have 12 months to upgrade to full KYC norms. The minimum details for KYC shall include OTP verified mobile number and self-declaration of name, address, gender, date of birth and unique identification number of any of the ‘officially valid document’.
    • For existing wallets, companies need to ensure that they will have full KYC by the end of the December 31. Following which, these wallets will cease to exist.
    • Will wallet users need to link Aadhaar to their wallets? MediaNama reader Srikanth points out that the RBI is using a hack not using Aadhaar directly on regulation instead offloading into Prevention of Money Laundering Act (PMLA) regulations which may be “amended from time to time”. Currently, the PMLA regulations mandate that all citizens should link Aadhaar to their bank accounts and this will follow for wallets as well. Bottom line, we may have to link Aadhaar to all wallets now.
The amount that can be held in wallets:
  • For semi-closed wallets with minimum KYC, the RBI has reduced the amount that can be held to Rs 10,000 from the earlier Rs 20,000. The RBI had raised the limits on wallets following the demonetization of Rs 500 and Rs 1000 notes. In January, the RBI said that the enhanced limits would continue till it came out with the revised guidelines.
  • Wallets with full KYC can hold up to Rs 1,00,000.
https://www.medianama.com/2017/10/223-wallet-guidelines-revised/

 
Last edited:

Julian

om nom nom
Veteran
Jul 31, 2008
1,842
742
201
38
Navi Mumbai
Why is it that suddenly all the previously acceptable KYC documents won't do and only aadhaar?

People need to see through this nonsense and oppose it instead of being blind sheep and accepting every lie they're told.

Once you're stuck in it and it's too late, there's no going back or undoing it. Passwords etc. can be changed, your biometrics are for life.
 
  • Like
Reactions: vaalkai

Spacescreamer

Well-Known Member
Section Mod
Jan 23, 2006
4,314
916
203
  • For existing wallets, companies need to ensure that they will have full KYC by the end of the December 31. Following which, these wallets will cease to exist.
Shouldn't it be 'failing'


I think this is the death knell for the e-wallets. Nobody in their correct minds will provide them with aadhar details.

Expect them to raise a hue n cry abt this Aadhaar requirement and issue ridiculous statements.
 

indy1811

Well-Known Member
Veteran
Dec 24, 2006
2,157
299
172
Why is it that suddenly all the previously acceptable KYC documents won't do and only aadhaar?

People need to see through this nonsense and oppose it instead of being blind sheep and accepting every lie they're told.

Once you're stuck in it and it's too late, there's no going back or undoing it. Passwords etc. can be changed, your biometrics are for life.
Lock your biometrics?
 

adventureguy

Well-Known Member
Veteran
Nov 16, 2015
1,234
560
126
Hyderabad
Shouldn't it be 'failing'


I think this is the death knell for the e-wallets. Nobody in their correct minds will provide them with aadhar details.

Expect them to raise a hue n cry abt this Aadhaar requirement and issue ridiculous statements.
you have no idea how ill informed general population is.

Almost all my friends happily called paytm agents to their house to give adhaar details
 
  • Like
Reactions: 6pack and Julian

adventureguy

Well-Known Member
Veteran
Nov 16, 2015
1,234
560
126
Hyderabad
I mean can you blame people like my 65 year pre internet age father to know about the adhaar and its privacy hell?
 

nimod

Well-Known Member
Adept
Jan 7, 2013
634
419
102
I was actually talking about aadhaar itself and giving your bio to a govt. which has no idea what they're doing or just don't care.
That's the real problem.

But; only the Indians have created this problem. They must take back the fruits of their mindlessness.