The RBI has ordered a forensic audit of the fintech company MobiKwik for failing to protect the data of 11 crore customers from hackers.
“The RBI has given MobiKwik an ultimatum and ordered them to retain an external auditor to conduct a forensic audit,” a report said.
The company is likely to be fined if the forensic audit reveals the lapses of the company. The fine could amount to a minimum of 500,000 rupees in such cases.
The RBI was unhappy with MobiKwik’s initial response and has asked it to act immediately.
A hacker by name Jordan Daven had stolen over 8 terabytes of personal-user information from MobiKwik’s main server, but the company has denied the breach and tried to discredit researchers and customers.
Mobikwik Founder Bipin Preet Singh, earlier this week, had tweeted: “While we are investigating this, it is entirely possible that the user could have uploaded his/her information on multiple platforms.”
To check any lapses on data leakage front, the RBI has asked the licensed payment system operators to submit detailed compliance certificates to it twice a year.
These certificates must confirm that the company has complied with all RBI rules pertaining to the storage and security of payments data, it said.