APS
Company Details
Linkedin ID:
airpay-india
Website:
Employees number:
632
Number of followers:
23,658
NAICS:
52
Industry Type:
Homepage:
airpay.co.in
IP Addresses:
0
Company ID:
AIR_4497572
Scan Status:
In-progress
airpay payment services Company CyberSecurity Posture
airpay.co.in
With 13+ years of experience, airpay is India's first integrated omnichannel financial services platform. airpay has revolutionised access to financial services in India by empowering a million business owners, extending financial inclusion and last-mile connectivity. airpay's open architecture offers real-time transaction visibility and advanced analytics. It is used globally by consumers, businesses, banks, and financial institutions. airpay is shaping the future of payments from #LocalToGlobal, from India to the Middle East to Africa. Positioned as India's key partner in driving digital financial services adoption with global ambitions, airpay continues to set new standards in the industry.
airpay payment services A.I CyberSecurity Scoring
APS Risk Score (AI oriented)Between 650 and 699
APS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
APS Global Score (TPRM)XXXX
APS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
APS Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Airpay
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Cybercriminals have compromised Airpay, exposing sensitive financial data of thousands of users and businesses. Threat actors claim to have accessed KYC records, bank details, PAN numbers, business data, and contact information. This breach highlights critical vulnerabilities in payment gateway security, emphasizing the need for enhanced security measures.
APS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for APS
Incidents vs Financial Services Industry Average (This Year)
airpay payment services has 33.33% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
airpay payment services has 53.85% more incidents than the average of all companies with at least one recorded incident.
Incident Types APS vs Financial Services Industry Avg (This Year)
airpay payment services reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — APS (X = Date, Y = Severity)
APS cyber incidents detection timeline including parent company and subsidiaries
APS Company Subsidiaries
With 13+ years of experience, airpay is India's first integrated omnichannel financial services platform. airpay has revolutionised access to financial services in India by empowering a million business owners, extending financial inclusion and last-mile connectivity. airpay's open architecture offers real-time transaction visibility and advanced analytics. It is used globally by consumers, businesses, banks, and financial institutions. airpay is shaping the future of payments from #LocalToGlobal, from India to the Middle East to Africa. Positioned as India's key partner in driving digital financial services adoption with global ambitions, airpay continues to set new standards in the industry.
Loading...
APS Similar Companies
Synchrony
At Synchrony, our driving force is to be essential to people's everyday lives by making it easier for the many millions of people who rely on us to access their essential needs and everyday wants with consumer financing that works for them – from their first credit card to a lifetime of flexibility.
Broadridge Financial Solutions (NYSE: BR) is a global technology leader with the trusted expertise and transformative technology to help clients and the financial services industry operate, innovate, and grow. We power investing, governance, and communications for our clients – driving operational r
BlackRock is a global asset manager and technology provider dedicated to helping more and more people experience financial well-being. We help millions of people invest to build savings that serve them throughout their lives. We always start with our clients’ needs and look to offer them more qua
Sicredi
We are born collaborative We believe that change is only possible when everyone works together for the same purpose, after all, cooperativism is in our DNA. Besides this, we know that as important as it is to provide affordable financial solutions it is just as important to value growing together,
NN Group
NN Group is an international financial services company, active in 10 countries, with a strong presence in a number of European countries and Japan. Our roots lie in the Netherlands, with a rich history of more than 175 years. With our 16,000 employees, NN Group provides retirement services, pensio
Wells Fargo Advisors
With financial advisors serving our clients in all 50 states, Wells Fargo Advisors is headquartered in St. Louis. At the end of the day, we help our clients succeed financially. For us – our Financial Advisors and thousands of other team members – it's a commitment. It's about honoring our relation
Manappuram Finance Ltd. is one of India’s largest and most trusted gold loan companies, with 4,199 branches across the length and breadth of the country. It currently has nearly Rs. 157.65 billion worth assets under management (AUM), and 20,185 employees. Promoted by Shri. V.P. Nandakumar, the curr
Northern Trust
As a global leader in innovative wealth management, asset servicing and investment solutions, Northern Trust (Nasdaq: NTRS) is proud to guide the world’s most successful individuals, families and institutions by remaining true to our enduring principles of service, expertise and integrity. A global
Postal Savings Bank of China Co., Ltd.
Postal Savings Bank of China Co., Ltd. also known as PSBC is a commercial retail bank founded in 2007 and headquartered in Beijing. It provides basic financial services, especially to small and medium enterprises, rural[1] and low income customers. As of December 31, 2017, PSBC has 39,798[2] branche
.png)
APS CyberSecurity News
November 25, 2025 11:44 AM
Fintech growth without strategic partnerships is unsustainable
The fintech sector has transformed financial services across the world by making banking, payments, and lending more accessible.
July 28, 2025 07:00 AM
Threat Actors Claim Breach of Airpay Payment Gateway
Cybercriminals have reportedly claimed a successful breach of Airpay, an Indian payment gateway service, raising serious concerns about the security of...
July 28, 2025 07:00 AM
Threat Actors Allegedly Claiming Breach of Airpay Payment Gateway
Cybercriminals have allegedly compromised Airpay, one of India's prominent digital payment gateway providers, exposing sensitive financial...
February 12, 2023 08:00 AM
Top 5 Digital Payment Trends to Watch Out For in 2023
2023 is set to witness an acceleration towards digital payments. Innovation will drive this growth with customer preference and acceptance taking the centre...
August 05, 2015 07:00 AM
AirPay Enables Secure and Frictionless Mobile Experience for Garena Using CyberSource Solutions
AirPay partners with CyberSource to heighten payment security and enable frictionless mobile checkout experience for Garena users.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
APS CyberSecurity History Information
Official Website of airpay payment services
The official website of airpay payment services is http://www.airpay.co.in.
airpay payment services’s AI-Generated Cybersecurity Score
According to Rankiteo, airpay payment services’s AI-generated cybersecurity score is 695, reflecting their Weak security posture.
How many security badges does airpay payment services’ have ?
According to Rankiteo, airpay payment services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does airpay payment services have SOC 2 Type 1 certification ?
According to Rankiteo, airpay payment services is not certified under SOC 2 Type 1.
Does airpay payment services have SOC 2 Type 2 certification ?
According to Rankiteo, airpay payment services does not hold a SOC 2 Type 2 certification.
Does airpay payment services comply with GDPR ?
According to Rankiteo, airpay payment services is not listed as GDPR compliant.
Does airpay payment services have PCI DSS certification ?
According to Rankiteo, airpay payment services does not currently maintain PCI DSS compliance.
Does airpay payment services comply with HIPAA ?
According to Rankiteo, airpay payment services is not compliant with HIPAA regulations.
Does airpay payment services have ISO 27001 certification ?
According to Rankiteo,airpay payment services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of airpay payment services
airpay payment services operates primarily in the Financial Services industry.
Number of Employees at airpay payment services
airpay payment services employs approximately 632 people worldwide.
Subsidiaries Owned by airpay payment services
airpay payment services presently has no subsidiaries across any sectors.
airpay payment services’s LinkedIn Followers
airpay payment services’s official LinkedIn profile has approximately 23,658 followers.
NAICS Classification of airpay payment services
airpay payment services is classified under the NAICS code 52, which corresponds to Finance and Insurance.
airpay payment services’s Presence on Crunchbase
No, airpay payment services does not have a profile on Crunchbase.
airpay payment services’s Presence on LinkedIn
Yes, airpay payment services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/airpay-india.
Cybersecurity Incidents Involving airpay payment services
As of December 10, 2025, Rankiteo reports that airpay payment services has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
airpay payment services has an estimated 30,253 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at airpay payment services ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Airpay Data Breach
Description: Cybercriminals have allegedly compromised Airpay, one of India’s prominent digital payment gateway providers, exposing sensitive financial data of thousands of users and businesses.
Type: Data Breach
Attack Vector: Credential Injection Attack
Vulnerability Exploited: Authentication Mechanisms
Motivation: Financial GainData Exfiltration
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Credential Injection Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AIR753072825
Data Compromised: Kyc records, Bank details, Pan numbers, Business data, Contact information
Systems Affected: Payment Infrastructure
Brand Reputation Impact: Significant
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Kyc Records, Bank Details, Pan Numbers, Business Data, Contact Information and .
Which entities were affected by each incident ?
Incident : Data Breach AIR753072825
Entity Name: Airpay
Entity Type: Payment Gateway Provider
Industry: Fintech
Location: India
Customers Affected: Thousands
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AIR753072825
Type of Data Compromised: Kyc records, Bank details, Pan numbers, Business data, Contact information
Sensitivity of Data: High
Data Exfiltration: Extensive
Personally Identifiable Information: Full legal namesDates of birthPANResidential addressesMobile numbersEmail addresses
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach AIR753072825
Lessons Learned: Enhanced multi-factor authentication, API security protocols, and continuous security monitoring systems are needed in India’s digital payments infrastructure.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Enhanced multi-factor authentication, API security protocols, and continuous security monitoring systems are needed in India’s digital payments infrastructure.
References
Where can I find more information about each incident ?
Incident : Data Breach AIR753072825
Source: Daily Dark Web reports
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Daily Dark Web reports.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach AIR753072825
Entry Point: Credential Injection Attack
Backdoors Established: Persistent Backdoors
High Value Targets: Kyc Records, Bank Details, Business Data,
Data Sold on Dark Web: Kyc Records, Bank Details, Business Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach AIR753072825
Root Causes: Credential Injection Attack
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were KYC records, Bank details, PAN numbers, Business data, Contact information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were KYC records, Contact information, Business data, Bank details and PAN numbers.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Enhanced multi-factor authentication, API security protocols, and continuous security monitoring systems are needed in India’s digital payments infrastructure.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Daily Dark Web reports.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Credential Injection Attack.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f2xv-x3g6-4j9p
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4
- https://tuleap.net/plugins/tracker/?aid=45618
Description
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526
- https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526
- https://tuleap.net/plugins/tracker/?aid=45592
Description
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/993316dd6a291bb3937cb7a4571eaab0e7d55370
- https://github.com/Enalean/tuleap/security/advisories/GHSA-vxfh-h8p6-p5rg
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=993316dd6a291bb3937cb7a4571eaab0e7d55370
- https://tuleap.net/plugins/tracker/?aid=45593
Description
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
- https://github.com/Enalean/tuleap/commit/403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://github.com/Enalean/tuleap/security/advisories/GHSA-v6vm-6rxf-7p2v
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://tuleap.net/plugins/tracker/?aid=45583
Description
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=airpay-india' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
