I find it hard to accept.

That Indian companies can play with you and your money.

But when it happened to me, I knew how it feels.

Disgusting, really.

And what you are about to read in this article will open your eyes to something new. Because here, I show you the dirty little secrets of Mobikwik.

How they allowed someone to use my money. And how that dude (it’s always a dude, right?) used my money to order pizzas through Dominos.

And it’s not just about my money — but the system that is flawed. We all know that security is important — you don’t mess with that.

Mobikwik messed with that. And they don’t want to admit it.

And if this can happen to me — I believe it can happen to anyone.

How It All Started (Background)

So I use online wallets for shopping online — and Mobikwik is one of those wallets. Easy to use, and gets the job done. Since a month or two, whenever I initiated a transaction using my smartphone with my primary email ID…

Mobikwik redirected me to its checkout page…

And I used to pay through the wallet balance I had.

But sometimes…

It redirected me to someone else’s ID that goes by “Kalani.Rahul@gmail.com.”

And instead of showing my wallet details, it showed his details..

His wallet balance…

And even exposed the first / last digits of his credit card…

Which Was The Weirdest Thing Ever

Because I was using my phone — my email ID — my phone number (unchanged since 7 years) — and yet during checkout it showed me someone else’s email ID and his wallet balance (money)…

And his credit card?

It’s absolutely shocking to even think that I can access those details…

So here’s what I did: I hit the back button from my phone and used another payment service — like PayUMoney & PayTM.

This went on for weeks and I finally decided to talk to Mobikwik.

And prior to this, I have been receiving SMSes of transactions carried out on various shopping sites via Mobikwik — which I never did. My wallet money wasn’t deducted, so I thought it probably was a mistake…

But clearly, someone was wrong.

Given the way Mobikwik works, one phone number can have only ONE account — but can there be two accounts for one phone number?

For that reason:

I Talked To Mobikwik Support

Over the phone, I explained the situation how I am able to access someone else’s account using MY phone number and MY email ID.

And I would prefer using my own account which had a balance of Rs. 1000 or so.

As I called from my primary number, they knew I was the account holder. My primary email was verified — and we were good.

Plus, in the interest of accessing my account, I asked them to do what’s best and they decided to block the other account.

After which, I carried out a Grofers transaction and everything was smooth…

My account was back. :)

Not for long…

As Someone Ordered Pizzas Last Night

At 8:49 PM, I received an SMS saying:

You paid Dominos for Order ID DMBK3923520787 Rs. 914.0 used from your wallet.

My initial reaction was: “Not again.”

Must be a mistake, right?

It wasn’t.

For real, the wallet balance from my account was deducted.

Which means someone ordered through Dominos using my account.

How is this even possible?

Transaction was successful… and the pizzas were ordered… leaving me with no option but to get in touch with Mobikwik.

Again.

Talked to them on Twitter, then 20 minutes on phone…

They said I should email the “Frauds Alert” team…

Email sent to Mobikwik’s Fraud Alert team…

If they took immediate action — we could stop that order and find out what was actually going on.

Instead — they delayed.

Plus, their support team works in shifts — so the guy you are talking to in the evening is different than in the morning.

We’ve got your back… they say

And today they are asking me the same thing again…

Already confirmed the number… YET

None of this was reassuring.

At this point, I knew the pizzas were gulped down and the guy must be loving Mobikwik for such a hopeless system they have.

None of this conversation answered the most important question: Why or how did this happen?

I had to see if I was the only unlucky one…

Sure — there are instances of people using weak password and so on.

But this is some scary stuff right here.

How do you even explain the fact that I could access someone else’s account on my phone?

If I could — don’t you think someone else could access my account?

And it is ridiculous to even think that we have no control over this.

Today, after 15 hours, Nagendra Gupta from Mobikwik’s Fraud Alert team responds with yet another generic message:

So it was my fault?

I trusted you as a wallet company — and you leave this issue uninvestigated.

I contacted you immediately to see what’s wrong — and you delay the whole process, then blame it on us?

Simply unacceptable.

Oh, BTW, in 2010 — you asked me to review Mobikwik on Blogote — and I ignored that message.

Even in 2011– 4 times you requested — and I ignored.

Then, in 2014, you said “let us know what kind of engagement you would prefer” bribe — and I ignored that too.

But today? I am finally writing my first review about Mobikwik.

And this one deserves to be read.

Edit: This post has 2600+ views, and it is now on Reddit. Discussion is worth reading. And also feel free to share on Twitter & Facebook.

Update 28th July, 7 AM: Thanks everyone stepping forward to help and suggest ways to tackle this issue. I appreciate that.

Someone showed me this letter written to The Commissioner of Police:

It was posted on Twitter — and the bottom half part was surprising.

Update 10:00 AM: Mobikwik executive called me 20 minutes ago — but I was in the shower. Brother picked up the call. And now, I received a private message from Mobikwik:

Mobikwik on Twitter

I also received two SMSes that Rs. 500 and Rs. 414 were added to my account. So, before I could even think, this issue has been resolved.

The money has been refunded.

No explanation.

No email response.

And this drama comes to an end.

But please understand that this post was written to address the flaws — flaws that should be fixed immediately.

And the fact is…

“You never play with your customer’s money. Never.”

Update 10:10 AM: Just when I thought deactivating the account should be my next move —deathbearer on Reddit posted this response he received from Mobikwik:

“Namaste! We understand that you want to deactivate your account. Unfortunately you cannot delete the registered Email ID with MobiKwik. However, what you can do is you can create a new account with the same or different Primary Number if you wish to stop using the old account. Please note MobiKwik prohibits creation of more than one account per user. Thank you for being a valued MobiKwik customer. Regards MobiKwik Team”

And I received the call from Mobikwik executive just now. My wallet is locked. Can’t access it anymore. This was done for safety reasons, they say.

And the money will be refunded in 3 to 15 days. Guess my account is deactivated now. ;)

Goodbye, Mobikwik!