In a significant cybercrime case, Bengaluru police arrested four individuals from Gujarat for orchestrating a Rs 12.5 crore fraud against the credit card payment platform, CRED. The group exploited vulnerabilities in the company’s corporate accounts, forging documents and impersonating high-level executives to conduct unauthorized transactions. The mastermind, Vaibhav Pitadiya, a bank relationship manager, used his insider knowledge to execute the fraud. Police have recovered Rs 1.28 crore and are continuing efforts to trace the remaining funds.
Introduction to CRED
The platform incentivizes users to pay their credit card bills on time by offering rewards and exclusive perks. CRED has rapidly grown into one of India’s most popular financial apps, boasting over 9 million users. With a business model rooted in transparency and trust, CRED generates revenue through partnerships, financial services, and curated marketing campaigns.
The startup has raised significant funding, with prominent investors such as Sequoia Capital, DST Global, and Tiger Global backing the venture. CRED secures a valuation of over $4 billion in its latest funding round, reinforcing its position as a fintech leader in India. This Fraud casein Bengaluru
How the Fraud Unfolded
Exploiting Loopholes in CRED’s Corporate Accounts
The fraud was masterminded by Vaibhav Pitadiya, a 33-year-old relationship manager at Axis Bank in Gujarat. Using his insider knowledge, Pitadiya identified dormant corporate accounts linked to CRED’s nodal account, which processes daily transactions exceeding Rs 2 crore. Recognizing a vulnerability, he devised a scheme to exploit these inactive accounts.
Forgery and Impersonation
Pitadiya recruited Neha Ben, an Instagram acquaintance, to impersonate CRED’s managing director (MD). He forged board resolutions and letterhead documents to portray Neha as the MD, enabling her to submit fraudulent Corporate Internet Banking (CIB) forms. These forms were submitted at Axis Bank’s Ankleshwar branch in Bharuch, Gujarat, requesting updated credentials and contact details for the accounts.
Unauthorized Transactions
With the updated credentials, the group initiated 17 unauthorized transactions between October 29 and November 11, transferring Rs 12.5 crore to 17 mule accounts in Gujarat and Rajasthan. The Fraud transactions remained unnoticed until a routine bank reconciliation by CRED on November 13.
Investigation and Arrests
Initial Discovery and Complaint
The fraud case was uncovered during a routine reconciliation exercise by CRED . Discrepancies totaling Rs 12.5 crore were flagged, prompting the company to file a complaint with Axis Bank and the East CEN Crime Police Station in Bengaluru on November 15.
Arrests and Recoveries
Police investigations traced the fraudulent activities to Axis Bank’s Ankleshwar branch. Neha Ben was apprehended on December 21, and her interrogation revealed critical details that resulted in the arrest of Pitadiya and two accomplices, Shailesh and Shubham. Together, they had fabricated additional forged documents and opened mule accounts to channel the stolen funds. Authorities recovered Rs 1.28 crore in cash, two mobile phones, and counterfeit documents.
Background of the Accused
- Vaibhav Pitadiya: A relationship manager at Axis Bank, Pitadiya used his professional expertise to identify and exploit loopholes in CRED’s banking processes.
- Neha Ben: An Instagram acquaintance of Pitadiya, she impersonated the MD of CRED and submitted forged documents.
- Shailesh and Shubham: Aided in creating counterfeit documents and opening mule accounts.
Implications for Fintech Security
This case underscores the importance of robust cybersecurity measures and regular audits in fintech operations. For startups like CRED, the incident serves as a reminder to:
- Implement multi-layered authentication for account modifications.
- Conduct regular employee training to identify potential insider threats.
- Strengthen partnerships with financial institutions to prevent fraud.
Learning for Startups and Entrepreneurs
- Strengthen Cybersecurity: Adopt advanced encryption and monitoring tools to protect sensitive data.
- Regular Audits: Conduct periodic reconciliations to identify discrepancies early.
- Employee Vetting: Implement stringent hiring and background checks for roles with access to sensitive information.
- Incident Response Plan: Develop a robust plan to handle security breaches effectively.
About The Startups News
At The Startups News, we provide insightful coverage of fintech, technology, and startup ecosystems. From breakthrough innovations to challenges like cybersecurity, we aim to inform and inspire entrepreneurs. Stay connected for industry insights and strategies to navigate the dynamic business landscape.
