Cyber crooks have found a crack to siphon money from high-tech banking app BHIM. The revelation came after a team of Special Task Force (STF) of UP Police arrested two people, including a bank employee, who allegedly duped nine people and illegally withdrew over Rs 45 lakh from their bank accounts by making 240 transactions.

The loophole has left the banking sector worried as it exposes the threat Unified Payments Interface (UPI) based transaction poses. The security flaw may cause a dent to PM Modi's push for digital transaction.

The STF has also written to RBI, National Payments Corporation of India (NPCI) and banks apprising them about the security breach and ways to patch it. UPI was launched last year by NPCI, a not-for-profit organisation owned by a consortium of major banks and regulated by RBI.

It allows users to make transactions over their cellphones including cash transfers to other users, and payments to utilities and some merchants.

Mail Today was first to highlight how crooks are exploiting loophole in the UPI mobile application to loot bank customers. Crackdown by STF reveals that criminals are first compromising and getting the mobile connection of user and then using the leaked banking data they are withdrawing money through the App.

"In the first process, criminals are getting a duplicate SIM by blocking it and getting a fresh SIM card from mobile store or on the pretext of upgrading a particular cellphone account to a 4G connection. Once they have the connection they transferring money by downloading the UPI app," said UP STF's additional superintendent Triveni Singh who cracked the case.

The gang was working in nexus with bank officials who leak the information of their clients by taking a screenshot and pass it on through WhatsApp.

ALSO READ | Cyber criminals go digital, lay bitcoin trap for investors