New Delhi, Nov. 6 -- Imagine a cybercrime gang plotting their next big heist. Would they attack Mint Street or target thousands of individuals who operate bank accounts on unsecured mobile devices? The answer is obvious. Attack enough of these vulnerable endpoints, and the effect is the same as raiding Mint Street itself.

The recent Bengaluru fintech heist that lost Rs.47 crore should not be mistaken as a 'fintech-only' mishap. The anatomy of most digital heists in India follows a depressingly familiar pattern: start with identity fraud, exploit gaps in permission escalation and authentication created by weak processes across intermediaries, and then launder the transactions through mule accounts in banks. Each step exploits an instituti...