Chandigarh firm loses Rs 19.34 lakh in gift voucher code leak

The Chandigarh Cyber Crime Cell has registered an FIR in connection with a large-scale digital fraud allegedly involving theft, leak and unauthorised redemption of Amazon Pay gift voucher codes, resulting in a financial loss of over Rs 19.34 lakh and affecting at least 271 beneficiaries.

On a complaint by the team manager at Corporate Incentive Solutions Pvt Ltd (CISPL), a company engaged in managing incentive and reward programmes for corporate clients across India, a case was lodged under Sections 319(2), 318(4), 336(3), 338, 340(2) and 61(2) of the Bharatiya Nyaya Sanhita (BNS) against unidentified persons on Tuesday.

The complainant stated that she had been associated with the organisation for the past six years and operated from the company’s office in NAC, Manimajra.

As per the complaint, the CISPL procures Amazon Pay gift vouchers through authorised procurement channels and distributes the digital codes to beneficiaries strictly as per clients’ instructions.

The vouchers involved in the present case were purchased against multiple invoices issued by CPASS, a comprehensive digital finance platform, and SelfServe Portal, with the total documented procurement value exceeding Rs 1.01 crore. The vouchers were meant for distribution under various ITC projects and were shared with beneficiaries via approved communication modes such as email and mobile messaging.

The problem came to light on November 29 last year when beneficiaries from different parts of the country began reporting that the voucher codes provided to them had already been redeemed. Despite being unused by the intended recipients, the codes were found to have been credited to unknown Amazon accounts. The number of complaints continued to rise, and by December 16, a total of 271 complaints had been received, with the loss assessed at Rs 19,34,973, a figure that is expected to increase as reconciliation is still underway.

CISPL’s internal verification suggested that the voucher codes were compromised at some stage of storage, handling, processing or transmission and were fraudulently redeemed before reaching the genuine beneficiaries. The company approached Amazon for technical assistance but was advised to seek intervention through cybercrime authorities for lawful access to redemption logs, account details and IP data.

The complainant has provided detailed technical information to aid the investigation, including server IP addresses, MAC addresses, hosting details and operating system specifications. A formal request has been made for preservation of server logs, firewall records, database logs and remote access activity to prevent any tampering with digital evidence.

Police sources said the case was at an initial stage and efforts were underway to trace the unauthorised redemptions, identify the Amazon accounts used in the fraud, map IP addresses and establish the chain through which the voucher codes were leaked.