We have tested the mobile wallet application and identified a critical vulnerability that exposes it to payment fraud through identity spoofing attacks. This flaw allows an attacker to withdraw or send money from another user’s account by impersonating their identity within the system. Transactions are processed from the victim’s account, and logs are generated under the victim’s name. However, no record of the attacker’s involvement appears in the transaction history, leaving no trace of who initiated the fraudulent withdrawal. This vulnerability could lead to significant financial fraud if large sums are transferred from user accounts to unauthorized recipients.

Skills and deliverables
⦁ Mobile Application Security Testing
⦁ Vulnerability Assessment and Penetration Testing (VAPT)
⦁ Fraud Detection and Prevention
⦁ Identity and Access Management (IAM)
⦁ Bug Reporting and Documentation