(Updated to include statement from PayU India)

The credit card details of TRAI Chief and many other users of the PayUMoney Payment Gateway were found to be easily accessible according to Twitter user Srikanth (@logic). Srikanth claims to have been able to access Sharma’s credit card details just by entering his email address in the PayUMoney payment gateway.

This is a privacy risk because any users saved credit card details on the payment gateway can easily be accessed if their mobile numbers or email addresses are known. While the credit card number itself is masked, the CVV field is left open. If a user enters the wrong CVV a few times the card will get blocked.

Blocking a user’s credit card could be exploited as a new way of cyber-bullying or cyber crime. Accessing the card itself opens it up to potential misuse.