Suspicious payout exposes scam bigger than Nirav Modi and PNB

It was one innocuous transaction among lakhs conducted daily, which was detected by a digital payments company, and which finally helped blow the lid off a web of fraudulent transactions worth over Rs 16,180 crore — bigger than the Punjab National Bank scam of January 2018 involving Nirav Modi — which stumped Thane Police until recently.

The mega scam was officially revealed on 9 October by Thane’s Shrinagar police station, which had lodged an FIR based on a complaint filed by Safexpay Technology Pvt. Ltd, Thane.

Police investigators said Safexpay’s payout platform was allegedly hacked by unknown entities, and the subsequent probe has shown that at least Rs 16,180 crore has been siphoned off, including some monies transferred abroad.

Thane-based Safexpay founder-CEO Ravi Gupta said the scam came to light around April when four merchants from Delhi, Tamil Nadu, Madhya Pradesh, and Uttar Pradesh reported "suspicious" discrepancies between bank balances and system balances.

A meticulous internal probe by Safexpay’s financial operations teams found that of these four, one merchant’s login was compromised, but that the dubious transaction had not been conducted by them.

Safexpay, which is said to handle over 100,000 transactions daily, immediately reported the matter to the beneficiaries and banks concerned, plus initiated the process to halt further illegal transfers of the funds, in the so-called ‘golden period’, which is typically within 24 hours of a discrepancy being detected.

This single transaction resulted in a loss of Rs 25 crore, and shocked by the revelations, Safexpay promptly lodged a complaint with Thane Police's cyber crime investigation cell and also the National Cyber Crime portal on 20 April, Gupta said, following up with a detailed FIR at Shrinagar police station on 16 June 2023, along with detailed evidence and other material.

Taking remedial measures during the ‘golden period’ helped Safexpay save around Rs 7 crore from the detected fraud of Rs 25 crore from its payout platform, Gupta claimed.

The company roped in cyber experts, forensic auditors and others to conduct a comprehensive system analysis, how the hackers entered the system and siphoned off the money, their modus operandi, and an analysis of the beneficiary accounts, and detailed reports were handed over to Thane Police.

As it emerged, this was just the proverbial tip of the iceberg as police investigations unravelled the deceptive transactions amounting to at least Rs 16,180 crore, orchestrated by distinct entities utilising various fake bank accounts and totally unrelated to Safexpay.

Police said the amount of Rs 25 crore found its way into the HDFC Bank account of a Thane-based company, Riyal Enterprises, which has five branches in Thane and Navi Mumbai. Investigations into Riyal Enterprises revealed that around 260 accounts in different names with various banks were allegedly used to pull off financial fraud.

"A detailed perusal of the bank statements of these 260 accounts pointed to an estimated misappropriation of a massive Rs 16,180 crore, a part of which has been transferred to foreign accounts," Thane Police said.

The police have so far arrested two persons, Amol Andhale alias Aman and Sameer alias Kedar Dinghe, and teams are on the lookout for others, including Sanjay Singh and Jitendra Pandey, reportedly the kingpin of this mega fraud who boasts a banking track record of over a decade.

Police suspect the involvement of many more persons in the huge racket of opening bank accounts with fake documents, and floating entities with bogus papers intended to cheat the banks and the government.

Shaken by the fraud, Safexpay has now tightened its systems with "more monitoring by different teams, extra alerts (four per hour instead of one per hour earlier) enabled for any suspicious transactions on the platform, vigil at the system levels, real-time monitoring, plus the forensic probe, said an official.