Daybreak - How the Pahalgam attack sent banks scrambling to clean up digital payments
Episode Date: May 15, 2025Just two days after the Pahalgam terror attack, alarm bells went off inside India’s financial system. A stern message from an HDFC Bank executive summed up the mood: “They may come for us... now.”The national security tragedy triggered a sudden and sweeping crackdown on India’s digital payments ecosystem. Behind closed doors in Delhi, top officials from the Finance Ministry, Home Affairs, and the Reserve Bank of India launched a coordinated push to track suspicious merchant activity online like gambling, betting, drug trafficking. The idea was to follow the money all the way to its possible links with terror funding.The fallout? Payment aggregators are scrambling, banks are under intense pressure, and merchant screening firms are suddenly flooded with work. Everyone’s rechecking everything. But who's the collateral damage?Tune in. If you have any thoughts or questions about this episode, send them to us as texts or voice notes on Daybreak’s WhatsApp at +918971108379. Daybreak is produced from the newsroom of The Ken, India’s first subscriber-only business news platform. Subscribe for more exclusive, deeply-reported, and analytical business stories.
Transcript
Discussion (0)
Hi, this is Rohan Dharma Kumar.
If you've heard any of the Ken's podcasts, you've probably heard me, my interruptions, my analogies,
and my contrarian takes on most topics.
And you might rightly be wondering why am I interrupting this episode too.
It's for a special announcement.
For the last few months, I and Sita Raman Ganeshan, my colleague and the Ken's deputy editor,
have been working on an ambitious new podcast.
It's called Intermission.
We want to tell the secret sauce stories of India's greatest companies.
Stories of how they were born, how they fought to survive, how they build their organizations and culture,
how they manage to innovate and thrive over decades, and most importantly, how they're poised today.
To do that, Sita and I have been reading books, poring over reports, going through financial statements,
digging up archives, and talking to dozens of people.
And if that wasn't enough, we also decided to throw in video into the mix.
Yes, you heard that right.
Intermission has also had to find its footing in the world of multi-camera shoots in professional studios, laborious editing, and extensive post-production.
Sita and I are still reeling from the intensity of our first studio recording.
Intermission launches on March 23rd.
To get alert, as soon as we release our first video.
episode, please follow intermission on Spotify and Apple Podcast or subscribe to the Ken's
YouTube channel. You can find all of the links at the ken.com slash I am. With that, back to your
episode. Two days after terrorists scaled at least 26 civilians in Phehelgam, a senior Hsri-FC executive
sent a cryptic message to a colleague. They may come for us now, the message read. And by
they, he meant the regulators.
What followed was not just a normal routine check.
It was a full-blown financial inspection from the top echelons of the government,
home affairs, finance and corporate affairs.
Add to that, the Reserve Bank of India or RBI.
Why?
Because in the digital world, terror is often hidden in plain sight.
Sometimes it's just a payment to a merchant that nobody really looked into.
So they started looking with a magnifying glass.
In a matter of days, panic gripped the payments industry.
FinTech firms scrambled, big banks started holding internal audits at breakneck speed.
Meanwhile, a quiet group of usually ignored tech companies that help banks wet online merchants
suddenly found themselves at the center of the national crackdown.
And the government's message was clear.
Go after shady digital payments.
Gambling, betting, even drug deals.
And the idea was simple.
Follow the money because sometimes it ends up in the hands of terrorists.
For example, if a meth deal was taking place through UPI, somebody had to be held accountable.
But that somebody is probably not going to be the meth dealer themselves.
You see, when you make a payment online, say to a site that sells cheap Chinese electronics,
the money passes through what's called a payment aggregator.
These are companies like Razor Pay, Pay You or Paytm,
and they rely on acquiring banks to approve merchants.
But when things go wrong and it is discovered
that this online site was actually a front for some illegal operation,
the regulator is not going to call the folks running the website in question.
They will call the bank.
And lately, the RBI has been calling a lot.
Multiple senior banking insiders told my colleague,
Ronak Kumar Gunjan, that this.
scrutiny has reached unprecedented levels.
One risk officer from HDFC said that I have never seen anything like this before.
Two others from ICICI and SBI backed him up.
Now, to be fair, this is not coming out of nowhere.
Just last year, the RBI had put major aggregators in the penalty box,
banning them from onboarding new merchants because they were not checking hard enough.
One aggregator even admitted that there was gambling, betting and even money laundering
happening through their systems.
And now, after the fair play betting scandal exploded in April, where $4,000 crore rupees was
siphoned out of the country through fake firms and shady payment routes, and then the
Pheelgam attack, regulators are not just reacting.
They are in full offensive mode.
And what is happening as a result is a massive spike in demand for companies that
review and scan merchant websites, ones like Orthbridge, Bank IQ and Chargeback Zero.
Before all of this happened, these firms used to check around 1,000 merchant websites a month.
That number has doubled within two weeks of the Pheelgam attack.
One such company's CEO put it quite simply.
Volumes have gone up four to five times.
But here's the twist.
The merchants who are the ones actually selling something, legit or not, are now in the
cross hairs. Because this is not just a tech story or a payment story. It is about how national
security is reshaping digital commerce in India. And this is just the beginning. So to understand how
all of this is playing out, I spoke to my colleague Rona. Welcome to Daybreak, a business podcast from
the Ken. I'm your host, Nick Das Sharma, and I don't chase the news cycle. Instead, every day of the week,
my colleague Rahal Philippos and I will come to you with one business story that is worth understanding.
and worth your time.
Today is Friday, the 16th of May.
So, Ronan, you know these third-party service providers like Orthbridge and Bank IQ
and Chargebacks Zero that you mentioned in your story that are vetting merchants for these banks?
They told you how they used to review approximately 1-lack merchant websites each month,
but now because of what is happening, acquiring banks are pushing them to vet more than 2-Lack.
and this is just in the last two or three weeks, right?
Can you explain to us to start with what exactly is the job of these service providers?
Like, how do they exactly vet these merchants?
So these service providers are called onboarding and monitoring technology service providers
because during the time of merchant onboarding,
they help acquiring banks or fintech or any kind of a lender
to make sure that the documents of these merchants are in place, the KYC is done properly,
the identities, etc., are matched, and then there are a host of other responsibilities that they take up.
For instance, they make sure that the merchant is not exposed to any politically exposed person
because that can be used for sort of different influencing mechanisms, etc.
So during onboarding they come very handy and then the second stage is monitoring.
So for instance a merchant has provided XYZ documents at the time of onboarding.
The TSP now has to make sure that during monitoring those documents are still in place
are still matching with the originally provided documents.
And then they also need to make sure that there are no, say, broken pages, no broken contact
us pages or their other important pages are in orders just to make sure that this this merchant
is not fake or did not fake the documents during the onboarding process to make sure that they get
through so basically onboarding and maintenance slash monitoring is is their job right and what are
the filters run up that they use that have become so much more stricter now so in the past 15 days
or 20 days
some of the
filters that have been made tighter
or newer filters that have been included
include open source
Intel. It basically means
that not just merchant
websites but social media
pages like Facebook, Instagram
LinkedIn, all of that is also being
tracked now and tracked very closely
by the way. For instance
the timings of the post
or the tone of the
comments or in case
there is a sudden shift in content strategy all of these things are being tracked very closely
and even if there is a slight change in any of these then they're being flagged by these technology
service providers in the past couple of weeks some of the service providers have also repurposed
their automated web scrapers and bots to ensure that there is more stringent scrutiny
some of the new red flags now include even minor shifts in a merchant's business so previously only a
full pivot for instance if an e-commerce site suddenly selling software would have
been flagged but now even say a garment store which is now completely pivoted
suddenly in the past two three days into say selling shoes even that would be
flagged by the TSP initially and then there would be further scrutiny for the
investigation on that apart from that there are also Google reviews and
reviews on other platforms say
there is a sudden drop in Google reviews in the number of people who are commenting or in the
number of people who are giving testimonials, etc. Then that would be flagged as well because it is
supposed to be believed that there needs to be, say, a staggered drop or a rise in Google reviews
or any other review for that matter. Sudden fall and rise in that will also be flagged. Or say the
comments are being made, the reviews are being made by bots with weird names.
say blip-blop, etc. That would also be flagged.
Right. Okay. So next, can you tell us a little bit about the different categories of
suspicious merchants that these service providers are looking at?
So there are two, three different types of suspicious merchants. One of them easily are
the fly-by-night operators who come in with the intention of fraud. They invest heavily in
advertisement and they have a good looking website the prices of those products usually
electronic products are at an unbelievable price for instance they will be selling a
phone for say 10,000 bucks which is available for 15,000 16,000 outside heavy
discounting heavy investment in advertisements etc so in a very short time they
will be reaching out to a lot of people and then before the monitored
is done by the TSP, post-onboarding and before the monitoring is done, they would sell their
products and completely get out of the system by providing nothing to the users.
They would collect all of that money and disappear.
So that's one.
Second, there is another form of suspicious merchants who deal with things like betting or online
gambling, fantasy sports, etc.
They usually are able to draw a lot of money very quickly because people,
you know move into these traps with the lure of earning more and then they keep sinking deeper
so people so merchants of this sort actually make a lot of money and then disappear from the system
there is a third category which is suspicious category but which does not come in with the
intent of fraud these merchants basically have very very bad say delivery or logistics
and they do not have great products and the quality of their product is always
you know, not up to the standards.
So when people order, usually they're not very satisfied with the quality of the product and
there is a lot of chargeback that happens.
But because they run on very thin margins, these people usually end up abandoning the entire
chargeback or the refund and all of those things and then are forced to move out of the business.
So they don't come in with the intent of fraud, but because their product quality is low and
there is a huge charge back.
They are forced to abandon the business and sort of run away.
And they also end up in customers losing a lot of money.
Right.
So who are the ones who are, you know, kind of getting caught in the crossfire?
Merchants which are being caught in the crossfire and are sort of resulting in collateral damage
are the ones who do not have the intent of fraud.
but because things are being scrutinized so closely at this moment,
it's very difficult for them to continue
because even a slight shift in content strategy
or a slight shift in product strategy, etc.,
is being monitored very closely.
So, for instance, say,
a merchant started off business with a number of Chinese products
which do not have great quality,
and after selling most of those products,
they realize that there is a huge charge pack that happens.
They would want to shift to some other quality of product
or some other category of product in order to continue business.
But because the chargeback slash refund is so high,
it sort of triggers the alarms for technology service providers
because the bots and the web scrapers, etc. are of the opinion that if a company is,
you know, the percentage of chargeback for that company is very high,
the chances of them frauding the entire system also becomes high.
So while they may not actually come in with the intent of fraud,
because the web scrapers are very, very stringent at the moment,
they result in flagging these merchants, sometimes blacklisting them,
and also sometimes sort of debauding them from the entire system.
That is all for today.
I hope you like this episode.
Please do be careful when you buy stuff online.
Always good to double check,
especially if it is a brand that you've not heard about.
Go to their social media accounts, read the comments.
And if you have any thoughts or questions about this episode,
send them to us as texts or voice notes on Daybreak's WhatsApp number at 89711-08379.
I'll repeat that again, 89711-08379.
Have a great weekend and catch you again on Monday.
Daybreak is produced from the newsroom of the Ken, India's first subscriber-focused business news platform.
What you're listening to is just a small sample of our subscriber-only offerings.
A full subscription unlocks daily long-form feature stories, newsletters and podcast extras.
To subscribe, head to the ken.com and click on the red subscribe button on top of the Ken website.
Today's episode was hosted by Snigda Sharma and edited by Rajiv Sien.