PAAY puts an end to its three week data breach

Anti-fraud company PAAY has reportedly experienced a three week data breach which saw around 2.5 million card transaction records exposed to the public.

The company’s database of card transactions, which has now been secured, was left open without the need of a password, enabling anyone to access it, according to a report from TechCrunch.

Security researcher Anurag Sen was the one who found the database.

The database contained daily card transactions dating back to September 2019, including the credit card number, expiry date and the amount spent. However, the data did not include cardholder names or verification values, making it hard for use in card fraud, the article stated.

PAAY is informing between 15 and 20 merchants of the issue and is working with a forensic auditor to recognise the scale of the problem.

PAAY is a payment authentication service which helps to protect merchants from friendly fraud by shifting the chargeback liability to the issuing back, rather than the merchant. The software boasts 3-D Secure authentication technology and verifies the cardholder is who they claim to be.


Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.