By Sankalp Phartiyal and Euan Rocha
NEW DELHI, April 1 (Reuters) - India's central bank has ordered digital payments firm MobiKwik to probe allegations that data of its 110 million users was breached, and warned that the company will face fines if lapses are found, a source with direct knowledge of the situation told Reuters on Thursday.
MobiKwik, which is backed by Sequoia Capital and India's Bajaj Finance BJFN.NS , has faced growing criticism this week for denying a leak many customers and digital rights activists say is linked to the company's database.
The Reserve Bank of India (RBI) was "not happy" with the company's initial response and has asked it to act immediately, said the source, who declined to be named as the discussion between the RBI and the company was private.
The payments firm has also faced backlash for threatening legal action against a security researcher who first flagged the breach. users said this week they had found information such as their credit card details on a leaked online database that allegedly belonged to MobiKwik, a claim the company has denied.
"The RBI has given MobiKwik an ultimatum and ordered them to retain an external auditor to conduct a forensic audit," said the person, adding the RBI could also impose fines if the breach is proven.
The RBI did not respond to a request for comment.
The central bank has the power to fine a payment systems provider a minimum of 500,000 rupees ($6,811) in such cases.
MobiKwik did not respond to a request for comment and messages sent to its founders went unanswered.
It has previously said users could have uploaded their data on several platforms and it was incorrect to say the leaked information was accessed from the payments company, adding it takes privacy and security very seriously.
With 120 million users, MobiKwik competes in India with firms like Alibaba-backed Paytm and Google (NASDAQ: GOOGL )'s payments service, which have witnessed a rapid surge in usage. But data breaches and leaks have also become common in the country.
On Wednesday, New Delhi-based digital rights group the Internet Freedom Foundation (IFF) asked India's country's cyber security agency to probe the alleged data breach. The federal agency did not respond to Reuters queries.
Add Chart to Comment
We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:
- Enrich the conversation
- Stay focused and on track. Only post material that’s relevant to the topic being discussed.
- Be respectful. Even negative opinions can be framed positively and diplomatically.
- Use standard writing style. Include punctuation and upper and lower cases.
- NOTE: Spam and/or promotional messages and links within a comment will be removed
- Avoid profanity, slander or personal attacks directed at an author or another user.
- Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
- Only English comments will be allowed.
Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.