How Subspace Successfully Mitigated Fraudulent Activities and Enhanced User Trust

How Subspace Successfully Mitigated Fraudulent Activities and Enhanced User Trust

About Subspace:

The subscription economy is proliferating, and more businesses are using subscription-based business methods. Subspace has become a way to pay for things that fit how the business is changing. Users often have trouble choosing the right services, making timely payments, and splitting costs. Since credit cards are used so much in India, monthly payments often fail. Subspace has solved these problems by making a payment tool that allows daily payments, makes it easier to find subscriptions, and puts management in one place. Also, Subspace has dealt with fraud, which made it hard for people to trust the site. Subspace has ensured that users get their fair share by stopping them from collecting split payments and running away with the money. This change has dramatically impacted how much users trust the site and how good their overall experience is.

Exploited Features:

1. Splitting feature:

The Split feature on Subspace is a function that allows a user to share the cost of a subscription service with friends or other users on the platform. The user selects the people they want to split the subscription cost with. Subspace handles it along with the rest, including splitting the bill, distributing the cost, and sharing the subscription benefits with all the users who have split the cost. The Split feature is designed to make it easier for users to share subscription services and to save money by splitting the cost.

Problem:  Some users took advantage of this feature by accumulating the split money and running away, leaving others without their share of the subscription/services. The fraudulent activity made people less likely to trust the platform and hurt the user experience.

Solution:  Subspace set up a way for admins to get their share of the split money every day, instead of letting users save up the money and run away with it. This system ensured users received their share of the split payment, and admins could monitor the payment process.

Locked amount: Cannot be withdraw until it goes to unlocked amount on daily basis.

Unlocked amount: Can be withdraw anytime in the bank amount.

Effect:  The daily split payment system in the Subspace app helped to reduce fraudulent activities and improve user trust in the platform. Users could rely on Subspace to provide a secure and reliable platform for managing their finances, thereby increasing the overall user experience.

2. Sharing Third-Party / Trial Subscriptions:

Problem: Subspace faced issues with users sharing third-party or trial plans that worked only for a few days before becoming unusable. Admins had to provide new accounts, which caused trouble for users in the group. The platform only verified plan details provided by the admins without any proof of purchase, which led to this problem.

Solution: To address this, Subspace added a verification process by requiring admins to submit screenshots of purchases. The platform uses artificial intelligence to extract details of plans, prices, and expiration dates from screenshots and compare them to details provided by administrators. If the terms match, the service starts running in the store. If the details do not match, a message is sent to the administrator asking them to recheck the service. If the admin thinks the content is correct, they can contact the customer to offer that service in the marketplace.

Working flow:

Add plan details -> Share it to the public -> Ask the users to upload service proof -> Make it live to marketplace -> Users can join the plans -> Chat group will be created for the people to discuss

Effect: After implementing this solution, subspace reduced fake service-sharing fraud and user troubles. The platform gained more trust from its users due to the extra verification step. Users can be assured that the services they are paying for are genuine and provided by the admins.

Shortcomings in their original design that led to this manipulation

The original design of the service was based on a simple idea of splitting the services along with expenses. The focus was on creating a minimum viable product (MVP) with essential functionalities without considering potential shortcomings.

Now, Subspace aims to simplify group finance management by allowing users to pay, manage, track, and split their recurring expenses, ranging from digital subscriptions to utility services like electricity, rent, and laundry bills.

However, it became apparent during the development and implementation of the services that there was room for improvement in the basic architecture of Subspace that encouraged manipulation. Unintended consequences could occur if design faults are not carefully considered by the team, resulting in system manipulation or exploitation.

Potentially flawed areas could have included failing to consider ethical ramifications, using insufficient security precautions, or failing to foresee how users might abuse the system. The design could have resulted in additional vulnerabilities or weaknesses if it had not fully considered how the system might be scaled or modified over time.

One of the features that some users exploited was the splitting feature. The split feature allowed users to share the cost of a subscription service with friends or other users on the platform. Users could select the people they want to split the subscription cost with. Subspace could handle it along with the rest, including splitting the bill, distributing the cost, and sharing the subscription benefits with all the users who have split the cost. However, some users took advantage of this feature by accumulating the split money and running away, leaving others without their share of the subscription/services. This fraudulent activity made people less likely to trust the platform and hurt the user experience.

Another shortcoming in the original design was related to the sharing of third-party or trial subscriptions. Subspace faced issues with users sharing third-party or trial plans that worked only for a few days before becoming unusable. Admins had to provide new accounts, which caused trouble for users in the group. The platform only verified plan details provided by the admins without any proof of purchase, which led to this problem.

These shortcomings in the original design led to manipulations and fraudulent activities by specific users, which negatively impacted user trust and experience. However, the Subspace team recognized these issues and proactively addressed them by implementing new measures such as the daily split payment system and the purchase proof requirement. These measures helped to reduce fraudulent activities. And improve user trust and experience in the platform.

At the end of the day, it is critical to understand that creating a system is a complex process that calls for careful consideration of various aspects, such as user needs, ethical considerations, security, scalability, and flexibility. A more thorough approach to design might reduce the possibility of manipulating or abusing the system.

In conclusion, while the original design of Subspace was aimed just to split the services along with expenses, it had shortcomings that allowed certain users to manipulate some features. However, the Subspace team recognized these issues and took proactive measures to address them, which resulted in a more secure and reliable platform for managing recurring expenses.

Impact of manipulations - How many such manipulations happened, the loss in subscription, and other challenges they may have faced because of this?

Two instances of manipulation took place on the platform, and as a result, the company suffered a sizable loss in subscriptions. The first manipulation occurred when some users used the platform's splitting function. This occurred when there were fewer than 10,000 users, which was not a sizable number. When the user base reached about 25,000, users began sharing trial or third-party subscriptions, which is when the second manipulation happened. This time, many more users were involved in the manipulation, which significantly affected the business.

Notably, few users intentionally engaged in fraud, and those who did so made up a tiny percentage of all users. About 0.5% of users (𝟓𝟎 𝒖𝒔𝒆𝒓𝒔, 𝟎. 𝟓% 𝒐𝒇 𝟏𝟎, 𝟎𝟎𝟎) exploited the splitting feature in the first instance. Around 3-4 users, on average, about 1.5% - 2% of the total user base, could be negatively impacted by their actions. In the second case, the platform's overall user base had increased, increasing the number of users involved in the manipulation, and it was difficult to pinpoint the users who had initially committed the fraud. This time, approximately 𝟎. 𝟗% (𝟐𝟎𝟎 − 𝟐𝟓𝟎 𝒖𝒔𝒆𝒓𝒔, 𝟎. 𝟗% 𝒐𝒇 𝟐𝟓, 𝟎𝟎𝟎), users were involved in the manipulation.

While these numbers may not seem significant in isolation, they could have a considerable impact on the platform's overall performance in the long run. Such manipulations lead to a loss of trust and dissatisfaction among the users who are not involved in such activities, and they may start spreading negative word of mouth about the platform. This negative publicity can cause a decline in the number of new users signing up for the platform, and it can also result in a loss of subscribers. Additionally, negative feedback from unhappy users can adversely affect the platform's ratings on app stores, making it more challenging to attract new users.

The platform faced several other challenges as well. The first and foremost was to identify the fraudulent activities that were taking place on the platform. The team had to come up with ways to prevent such manipulations from happening in the future. Another challenge was to regain the users' trust affected by these manipulations. The team had to work hard to restore the faith of its users by providing them with a transparent and secure platform.

To overcome these challenges, the team implemented several measures, such as strengthening the verification process, introducing anti-fraud measures, and improving the customer support system. They also communicated with their users and listened to their feedback to better understand their needs and preferences. As a result of these efforts, the platform was able to regain the trust of its users and establish itself as a reliable and trustworthy service provider.

In conclusion, the instances of manipulation on the platform caused a significant loss of subscriptions, and the company needs to take necessary measures to prevent such activities in the future. By building a robust system of checks and balances and ensuring that the platform is secure and reliable, the company can restore the trust of its users and prevent such incidents from happening again.

Negative WOM and its impact - Was there a negative WOM on the web and what was its impact?

Indeed, there was unfavorable word of mouth among users who encountered a negative experience on the platform, resulting in pessimistic ratings and feedback on the app store. This hurt new users who were looking to join the platform.

However, despite the negative feedback, Subspace can limit this WOM's impact on our user base. At the time, Subspace’s user base was still relatively small, and the team could personally reach out to each user who had a bad experience and try to resolve their issue. By doing this, Subspace can demonstrate the commitment to the users and show how severe the team is about addressing problems on the platform. As a result, Subspace maintained the trust of the existing users and continued to grow its user base despite the negative WOM.

The subspace team recognizes the importance of building and maintaining trust with the users, and the team continues to take steps to ensure that the platform remains a safe and enjoyable place for everyone. The subspace team has implemented new measures to prevent fraud and abuse on the platform and regularly monitors user feedback to identify any issues that need to be addressed. Additionally, the team always looks for ways to improve the user experience and make the platform more user-friendly and intuitive.

In conclusion, while there was negative WOM on the web due to the manipulations that occurred on our platform, the Subspace team could limit its impact by reaching out to affected users and working to resolve their issues. The team remains committed to building a safe, enjoyable, and trustworthy platform for all users. It continues to take steps to ensure that the platform remains a positive and rewarding experience for everyone.

Speed with which Subspace responded?

When responding to the problems faced by users on the platform, the team at Subspace was quick to act. Being well-versed in the technical side, the team identified the issues early on and began implementing solutions as soon as possible. This involved immediately banning users in fraudulent activities and exploring ways to prevent similar issues from arising.

However, as with any software development project, there were several constraints that the team had to contend with, including other priorities that needed to be addressed simultaneously. As a result, it took a few days for the team to publish the updated version of the platform that would address the issues and prevent future occurrences.

Despite these challenges, the Subspace team remained committed to providing their customers with the best possible user experience. We understood the importance of responding quickly and effectively to any problems faced by their users and worked tirelessly to ensure that the platform was always secure and reliable.

Overall, the speed with which Subspace responded to the challenges faced by its users is a testament to the team's commitment to providing a high-quality product and excellent customer service. Despite the constraints faced, Subspace was able to identify and address the issues promptly, which is a testament to our technical expertise and dedication to their users.

Initial solution design and iterations

In response to the exploitation of the splitting feature, the team at the company quickly took action to address the issue. They began by banning users involved in such activities, either through receiving customer feedback or negative reviews on the Play Store. However, this solution was only a temporary fix as it required manual effort from the team. After much brainstorming, they came up with a solution where they would pay the admins at the end of each month instead of upfront, effectively ending the exploitation of the splitting feature.

While this solution was effective, it caused new issues with the admins, who now had to wait until the end of the month to receive their share of the subscription fees. In response, the team brainstormed a new solution and came up with the idea of a locked and unlocked wallet. This allowed users to see their entire subscription fee in their wallet, with the money being transferred from a locked wallet to an unlocked wallet daily. While this solution worked, it required a lot of effort to convey the message to users and ensure they understood why their money was flowing in a particular way.

In the case of users sharing third-party or trial subscriptions, the team had already dealt with similar fraud on the platform. They began by banning users engaged in fraudulent activities and then came up with the idea of asking users to provide a screenshot of the purchase as proof. While this solution resolved the issue for users, it also increased the manual workload for the team, as they had to validate each screenshot manually. As the user base grew, it became increasingly difficult to manage this process manually.

To solve this issue, the team brainstormed a new solution that would not affect the current flow for users but would remove the manual workload from the team. They designed an ML algorithm that automatically verifies shared subscriptions by comparing them to the attached proof. This solution was highly effective, and it not only reduced manual workload but also increased efficiency in managing fraudulent activities.

In conclusion, the team believes that coming up with solutions is critical in ensuring that most users are satisfied. While it is impossible to consider everyone's requests and come up with a solution that solves every issue, it is essential to solve issues for most users. The team's approach to addressing fraudulent activities and ensuring a fair distribution of subscription fees shows their commitment to creating a safe and fair platform for their users.

Precautions taken and critical elements introduced in the revised design to prevent other possible manipulations in the future

After addressing the initial manipulation, the team already understood the importance of taking preventive measures to avoid any possible manipulations in the future. The team realized that it was crucial to focus on all the other features, not just the ones that had been manipulated previously. As the user base has grown to approximately one lakh users, it has become vital to create features that handle all the edge cases and mitigate potential fraud.

The subspace team has revamped the flow of the features to reduce the possibility of fraud. Before rolling out new features, the team started conducting internal beta testing to ensure that all the features were secure and met the standards. This allows for identifying any vulnerabilities or flaws in the features and addressing them before they are released to the general users.

One of the key measures the team has taken is to give control to the admins and the platform members to have transparency on the shared resources. This helps to ensure that any suspicious activity can be flagged immediately, and corrective actions can be taken promptly. Subspace has also established clear policy guidelines for using the group before paying for the services and even after availing them.

To strengthen our security measures, Subspace has partnered with a company called "BugBase Security." They focus solely on the security aspect of our application, and their team of experts helps us to identify and mitigate potential security risks. Additionally, as part of the AppScale Academy program (by Google Play), Subspace is receiving support from Google Play's team to improve the design and security aspect of our application.

Regarding payment infrastructure, Subspace has partnered with companies like InstantPay to ensure the validation of accounts and payouts. This helps to prevent any fraudulent transactions and ensures the safety and security of the user's financial information.

In conclusion, after tackling the previous manipulations, Subspace made significant efforts to ensure that our platform was safe from any possible manipulations in the future. The team also continued to invest in the technology and infrastructure to ensure the security and stability of the platform. Subspace focused on creating features that could handle all edge cases and integrated AI and machine learning algorithms to monitor user behavior proactively. Subspace also introduced strict rules and guidelines for the admins to follow when dealing with users. It increased the customer support team's capacity to respond quickly to any queries or concerns raised by the users.

Lessons learned for - designing secure platforms; understanding the human psyche, testing, and iterations for designing secure systems

Designing a secure platform is a complex task that requires a deep understanding of human psychology and an iterative testing approach. At the very beginning, it is essential to establish a strong foundation for security. One of our most important lessons is that it is crucial to anticipate all possible scenarios and edge cases when designing a platform. It is not enough to create and roll out features to the users.

The team has learned that testing and iterations are critical to designing secure systems. One must constantly test the platform after rolling out new features or updates. By doing so, the team can identify and address any potential security risks.

Subspace team also understood the importance of educating users about security best practices. This involved creating clear guidelines for using the platform securely and providing helpful tips to avoid common security pitfalls. Subspace ensured that users knew the potential risks of sharing sensitive information and how to protect themselves.

To further enhance security, we implemented several vital features. For example, Subspace created policies requiring all transactions to be confirmed by the admin and the platform's members. This helped to ensure transparency and accountability on the platform.

Subspace also took a proactive approach to identifying and addressing potential vulnerabilities in our platform. This involved conducting regular internal beta testing to identify and fix any issues before attackers could exploit them. Subpace partnered with a reputable security company, BugBase Security, to conduct regular security audits and ensure the platform was always up-to-date with the latest security patches.

Another vital lesson the team learned was the importance of iteration in the design process. The team realized they needed to constantly iterate and improve the platform to stay ahead of evolving threats. This involved regularly soliciting user feedback and incorporating it into our design process. Subspace also ensured the team was always on the lookout for new security best practices and technologies that could help us further enhance the platform's security.

The team has learned that understanding the human psyche is crucial to designing a secure platform. People are not always rational and may engage in fraudulent behavior even when they know it's wrong. As such, we must design our platform with this in mind and create features resistant to manipulation.

Designing a secure platform requires a holistic approach considering technical and human factors. It involves building a solid foundation for security, educating users about security best practices, implementing key security features, proactively identifying, and addressing potential vulnerabilities, and constantly iterating and improving the platform to stay ahead of evolving threats. By following these principles, we were able to create a secure and user-friendly platform that could adapt to the ever-changing landscape of cybersecurity threats.

In conclusion, the discussion goes about the importance of designing secure platforms and the steps that can be taken to prevent possible manipulations in the future. We talked about the key elements introduced in the revised design, such as giving control to admins and platform members, having clear policy guidelines, doing internal beta testing, partnering with security companies, and ensuring validation of accounts and pay-outs.

Talked about the importance of understanding human psychology in designing secure systems, such as the need for transparency and building trust with users. Furthermore, we discussed the importance of testing and iterations in the design process to ensure all possible edge cases are considered and addressed.

Overall, designing secure platforms requires a comprehensive approach considering various factors such as user experience, security, transparency, and trust. By implementing the steps discussed, we can create platforms that are not only secure but also user-friendly and trustworthy. Subspace’s proactive approach to addressing these features helped to improve user trust and provide a more secure and reliable platform for managing recurring expenses. By implementing measures such as the daily split payment system and purchase proof requirement, Subspace demonstrated its commitment to user-centricity and trust, which are essential values for any application, especially for finance management apps where more is involved.

What Methods Do Fraudsters Use to Target Your Subscription Businesses?

Subscription businesses have proven resilient during the pandemic, but how can fraud teams keep ahead of the game as fraudsters continue to target them?

More than ever, subscription businesses are vulnerable to online payment fraud.

Since the outbreak, subscription frugality has exploded. Digital news and media subscribers have increased by 300 percent; one in every five US guests has bought a subscription box, and it is anticipated that by 2023, over 75 percent of consumer businesses will have a subscription-grounded immolation.

Nevertheless, as with any other aspect of success and popularity, deception is more likely.

Subscription merchants face unique fraud concerns, even though each business views fraud differently.

Let us take a closer look at the most significant hazards and how to mitigate them.

What distinguishes subscription businesses?

Subscription businesses come in different forms and sizes. Still, the two most common types are internet access subscriptions like Netflix, Spotify, or online newspapers, and physical product subscriptions that include monthly box deliveries of everything from beauty to wine to Harry Potter items.

While these two subscription models have different perspectives on fraud, they have the following characteristics that set them piecemeal from other online merchandisers:

Subscription businesses frequently:

• Rely on recurring credit card payments, which are frequently deducted from a customer's account every month.

• To make the most of their recurring payment model, they prioritize client acquisition and retention, and they frequently use social media marketing and offer promotions.

• Offer a reduction on the popular brands and products.

These unique characteristics benefit businesses and make subscriptions more appealing to customers, but they also attract scammers.

How can subscription-based businesses be targeted by fraudsters?

While subscription merchandisers face fraud in the same ways as other merchandisers, here are some of their specific fraud troubles:

1. High-value subscription accounts are targeted for account takeover

• Account takeovers are on the rise, with three major attacks per month on average for online merchants.

• Because certain firms allow credit to accrue over time, subscription accounts can be incredibly profitable targets.

• A consumer may pay $30 monthly for BoxOfMakeup, but they must first register and select products to receive a shipment.

• After three months of forgetting to order a box, they will have $90 in their account.

• On the dark web, fraudsters target valued accounts to order or resell things or sell account information.

Fraudsters know they are less likely to be caught in these situations because the client with credit is not likely to check their account frequently and hence will not detect a takeover.

2. Customers who share passwords reduce profits and increase the risk of fraud

• Guests frequently alter passwords for online access subscriptions because they perceive no risk and the repercussions negligible.

• According to new data, 80% of 13–24-year-olds have given up their internet TV service account information.

• Even though many retailers tolerate account sharing as a cost of doing business, the costs can quickly accumulate.

• Netflix is expected to lose over $135 million as a result of password sharing.

• Customers are also susceptible to account sabotage if they share their passwords or provide fake account information, which is a constant source of frustration for fraud squads.

• Thousands of passwords were sold or given out for free on the dark web within a week after Disney+ started in November 2019.

• In phishing assaults, fraudsters seek to imitate online subscription organizations, such as the current Netflix phishing email, which gets victims to enter their card information and request a refund.

3. Charge backs are more common in recurring payment structures

• Intermittent deals are available because they are entirely agreeable, but visitors can "set it and forget it," resulting in avoidable chargebacks for subscription services.

• Customers can easily forget they signed up for a service or neglect to cancel it, only to be astonished when funds are deducted from their account.

• More friendly fraud charge backs may result from this buyer's remorse.

• If a customer's claim is approved, they can fraudulently claim funds from all past subscription transactions.

4. Due to third-party freight suppliers, subscription box delivery fraud is more difficult to detect

• To control demand, subscription enterprises constantly limit delivery to a single country or region. However, social media communities, similar to Lustrous Box UK and its global' Glossies,' can attract guests worldwide.

• Customers have used third-party freight providers to circumvent limited delivery capabilities.

• When a fraud team sees an order from an Australian consumer seeking delivery to a London freight warehouse, it immediately looks fishy.

• Fraudsters who employ the same third- party delivery services hide behind this genuine exertion.

5. The use of organized promotion and reselling schemes is on the rise.

• Merchants sometimes miss legitimate customers abusing promotions, but increasingly planned scams are growing and should not be overlooked.

• By subscribing on their behalf to free trials, some con artists offer visitors lower prices for online access subscriptions.

• Similar to subscription boxes, fraudsters can create multiple accounts to take advantage of "get the first box free" offers and accumulate merchandise for resale.

• Numerous subscription businesses offer limited-time discounts and host pop-up events, attracting fraudsters who take advantage of the increased business and speedy purchases.

• Nonetheless, resale schemes are a grey area in terms of deception.

6. Graph networks are an excellent method for preventing subscription merchant fraud.

• Every subscription business encounters various types of fraud, but one can mitigate these issues by monitoring fraud indicators that align with the business goals and enforcing graph networks.

• When it comes to subscription businesses, distinct fraud indicators are more crucial than they are for other types of companies.

• even though order content is the most crucial fraud indicator in utmost retail diligence, subscription merchandisers typically disregard it because products are frequently identical month-to-month and between guests.

• On the other side, keeping track of order timeframes is crucial, as fraudsters frequently speed up checkout times and opt for next-day delivery with subscription boxes.

• It is critical to evaluate specific business needs and modify fraud detection strategy accordingly.

• Subscription merchants can use graph networks to identify dubious networks of stolen cards or bias and expose large resale frauds.

• Customer networks that are large, fast-growing, or high-risk become evident, allowing teams to act against them.

Indian companies in the fintech, subscription-based, and wallet sectors have faced design loopholes and related incidents.

→ Fintech Companies:

• Paytm: In 2016, Paytm, a mobile payments company, experienced difficulties with transactions as users reported that money was deducted from their bank accounts but failed to reach their Paytm wallets. Users faced challenges viewing their wallet balance and encountered issues when transferring funds back to their bank accounts.

• Mobi Kwik: In 2021, digital payment platform Mobi Kwik faced allegations of a data security breach. Reports surfaced claiming that the personal information of approximately 110 million users, including KYC documents and credit card details, was being sold on the dark web. The incident sparked concerns regarding data privacy and emphasized the need for robust regulations to effectively address and penalize data breaches.

• Axis Bank: In 2016, Axis Bank, India's third-largest private sector lender, experienced a cyber security breach where an offshore hacker gained unauthorized access to the bank's servers. Although there were no reported fund transfers at the time, the bank worked with EY to assess the extent of the breach, including any potential data loss and lingering malware.

• HDFC Bank: In 2020, HDFC Bank, the country's largest private sector lender, experienced intermittent problems with its digital banking infrastructure, limiting customers' access to Net Banking and the Mobile Banking App. Users had trouble logging into their accounts and undertaking transactions. In addition to acknowledging the issue, the bank prioritized fixing the errors to restore uninterrupted banking services at the time.

→ Subscription-Based Companies:

• Zomato:  Zomato, an online food delivery platform, encountered a design loophole that allowed unauthorized access to its customer data in 2015. Hackers were able to breach the system and gain access to sensitive information such as email addresses, phone numbers, and hashed passwords of over 17 million users.

• Hotstar: During the ICC World Cup cricket tournament 2019, Hotstar disabled support for Apple's Safari web browser due to a security flaw that allowed unauthorized usage of its platform. Users experienced difficulties accessing Hotstar on Safari, prompting the company's official support account to attribute the issue to technical limitations on Apple's part. However, it was later revealed that Hotstar's engineers had identified a security hole being exploited by unauthorized users, resulting in the temporary suspension of Safari support.

• Netflix: In 2022, Jason Chan, the former VP of Information Security at Netflix, reflected on the security challenges that streaming services faced in the past. These challenges included IP protection, actor privacy, regulatory compliance, and regional bureaucracy.

• Amazon Prime: In 2021, Amazon addressed a high-severity vulnerability in the Amazon Photos Android app that could allow attackers to steal a user's Amazon access token. This token could grant unauthorized access to personal data and files stored within Amazon's ecosystem. The issue was identified by researchers at Checkmarx, who promptly reported it to Amazon for resolution.

→ Wallet Companies:

• FreeCharge: From June to August 2016, nearly 100 FreeCharge clients lost money due to a phishing attack in which fraudsters obtained sensitive information and made unauthorized transactions. FreeCharge acknowledged the phishing attack and reversed transactions as a "goodwill gesture," highlighting the need for enhanced security measures and expeditious customer service in the e-wallet industry.

• BhartPay: In a significant data breach incident in 2022, personal data and transaction details of approximately 37,000 users of BharatPay were leaked online. The compromised data included user names, hashed passwords, mobile phone numbers, and UPI IDs. Additionally, official email IDs of employees from Indian insurance and banking firms were also exposed.

• LazyPay: In 2016, Lazy Pay, the digital credit platform by PayU, was discovered to have a security flaw that could have exposed user data to hackers. A security researcher, Ehraz Ahmed, found that the flaw allowed attackers to obtain sensitive information using registered phone numbers. PayU promptly resolved the issue and confirmed that no user data was leaked.

By considering these examples from various sectors, it becomes evident that design loopholes can have significant consequences for businesses, customers, and overall trust in digital services. It highlights the importance of robust design and security measures to safeguard user data and provide a seamless user experience.