Category Archives: Indian Startups

The Complete Coverage of Indian Technology Startups.

Capillary acquires MartJack To Boost Customer Engagement Offering

Capillary_Technologies_logoCapillary Technologies, Bangalore based customer engagement management solutions company has raised a loan of INR15 crore to acquire Martjack.

With an aim to personalize the customer engagement through an omni-channel strategy, Capillary had passed a special shareholder resolution in February to borrow up to Rs 9 crore by way of a term loan from SVB India Finance at an annual interest rate of 15.15%, said a recent filing with Ministry of Corporate Affairs.

[source]

Bluegape Secures $200K In Angel Round For Its Content Pivot

Three months since its pivot (due to copyright issues), Bluegape has now raised $200K in an angel round of funding led by Rudy Gopalakrishnan of Fidelity and ah! Ventures.

bluegape

Rudy has invested INR 1 Cr in his personal capacity in this round. Bluegape now provides a platform where any one can make collaborative listicles with visuals, and people can add to the lists, they are visioned to convert world’s knowledge in the form of lists of visuals.

Bluegape claims to be doing over 4 Mn pageviews per day (that’s a lot!) and aims to reach 30 Mn pageviews per day by year’s end. According to the company, over 200 listicles are created everyday on the platform.

Amrita TBI to Invest over $150,000 in Five Indian Startups

Amrita Technology Business Incubator (TBI)The non-profit incubator supported by the Govt together with Amtita University has chosen five Indian startup companies to invest over $150,000 during the third edition of the incubator’s annual event ‘The TBI Pitch Fest 15’.

From over 450 online registrations, Pingbits, StratDecider Analytics Private Ltd, Velnatural Fibers, Shradhanjanl, Discover Dollar Technologies and Velnatural Fibres are the top five startups selected. The five selected startups will receive a total of INR 1 crore in seed funding.

Alibaba To Launch Mobile Startup Incubator in Bangalore

Alibaba_Group_LogoAlibaba Group, the largest e-commerce company and Globals, the Bengaluru based mobile and analytics solutions firm is all geared-up for a startup incubator in the city that will focus on mobile internet and mobile commerce.

“It becomes easier to mentor the startups and find the right set of funders if you have a focused incubator,” says Suhas Gopinath, Founder, Globals.

Interesting to note that Alibaba isn’t going ahead with others like One97 fund / MS ventures or present accelerators.

Alibaba’s financial arm, Alipay has invested in One97 and the two have setup One97 Labs.

[source]-

Mukesh Ambani to invest in Israeli, Silicon Valley Startups [India?]

TMukesh Ambanihe billionaire Mukesh Ambani is all set to invest in Israeli and Silicon Valley high-tech startups as Reliance Industries Ltd is building a $13.6 billion fourth-generation phone network in India.

“GenNext Ventures, owned by Reliance Industries Ltd., is talking to other venture capital firms and private equity investors in those countries and in the U.K. to pick out candidates”, says Vivek Rai Gupta, Managing Partner.

NextBigWhat Asks: Why not focus on India alone? Companies like Reliance can play a HUGE role in becoming a customer to Indian startups – right from hardware to software to enterprise startups.

[source]

Startups : A Quick Note On Your April Fool Prank

Nokia's Microwave Joke
Nokia’s Microwave Joke

Founders : Here is a challenge. Don’t come up with ‘X has been acquired by’ or ‘ X acquires Y’ sort of april fool prank. They are extremely boring and predictable.

Try embedding the joke in your product and see if your users can actually find out (and if it goes viral).

It will serve two purpose:

1. Beyond investor pitch, you will actually find out if your product is used the way you’d like it to. There is no better way to gauge engagement – imagine embedding the joke/prank on your homescreen and well, nobody gets it.

That’s a serious issue (and the joke is on you)!

2. If at all you are coming up with crazy PR ideas, it might force your team (or the ecosystem around your product) to think in random directions and execute on these crazy ideas (after April 1st). Time and again, many of the April fool pranks by Google/Facebook has been brought to reality by geeks. You can use this for hiring pitch :)

Whatever you do, don’t do a PR. It just shows how incapable you and your team is.

Indian Hardware Startups : They Are Happening And Coming of Age.

Last week there was this news of Teewe raising $1.75 million from Sequoia & IndiaQuotient. So happy to know our Startup ecosystem has started accepting and realizing the potential of Hardware Startups. Now that we are at the cusp of IOT, hope this is the start and many exciting things are around the corner.Teewe-HDMI-Dongle

As many of you know even we have a small connection with hardware products. Our startup took off by building a Hardware Product – an Android based smart TV box way back in 2011-2012. We called it SAGA. We have come a long way since then. I remember there was a time when investors wouldn’t even care to know what the product did when they heard it was a hardware product.

The first reply to most emails were “we don’t fund Hardware Startups”. Many were kind enough to attribute the reasons. It went from Indian markets not being ready, competition from biggies, Notion Ink fiasco, etc the list went on. They were not wrong. India was just gearing up to smartphone revolution (i.e being more tech savvy), unlimited Broadband and decent Internet speeds had lot of catching up to do and Ecommerce was just about to explode on the scenes (important delivery mechanisms).

In absence of all the above, educating the market from scratch and delivery models by cracking deals with retail stores were very capital intensive. Somehow SAGA didn’t work out for us. We still retained the website (http://nityaalabs.com/saga).

Maybe we were too ahead of our times. Maybe we were naive and unprepared. Or maybe it’s too easy to bury your mistake under excuses. But we did learn a lot while building SAGA, and it was fun while it lasted. Product was awesome and we received decent reviews from everyone who saw it. However past is past. Now we are completely focused on AirStream and really excited for some of our new releases this week.

The important thing is that we have come of age and now the market is ripe for disruption in HW space. Maybe someday even SAGA will emerge from the ashes like a Phoenix. I look forward to that day.. till then we have other battles to win.

This is startup smile emoticon ?#?KuchBhiHoSakthaHai? ?#?AnythingCanHappen?

PS:
1. We had pitched to Sequoia in 2012 and did two meetings (they were one of the few investors who took great interest in SAGA). They have been very helpful and it was they who clearly highlighted the challenges we might face with HW and advised us to explore the software route. What they said made sense then.

2. Notion ink fiasco: This was a term used by one investor and not something which we agree with. We looked up to Notion Ink as our inspiration, they had some very original ideas. Their first product Adam started off with much fanfare but didn’t work out as per people’s expectations. Now they are making a decent come back with Cain. I have had several email exchanges with Notion Ink’s founder Rohan Shravan and I admire his perseverance a lot.

3. AirStream was originally a app we developed for SAGA, which we later customized for smartphones. I will be honest here, my first love is still SAGA smile emoticon.

[Guest piece by Jitin Pillai, founder of Airstream]

Decoded: Equity and Cap Table Structure for Startups

While many of us wonder in awe when we hear/ read stories of the startup companies getting funded and VC’s making money out of an exit through Sale/ IPO, individual founders and investors these days constantly struggle to value two important business metrics for a startup on their personal agendas:

  • Valuation
  • Equity

valuation

There are many theoretical models on how one should value a startup but as they say these days

“Valuation is much of an art rather than science and no matter what you do, an accurate valuation is and shall be a certain impossibility for sure”

What we see these days is much of an “Emotions Driven Valuation” rather than an accurate calculative one for many cases.

Let us talk about one such case where series of valuation led to pooling of investors as well as increment in equity at each stage. Then lets will find out how much each party is going to cash out when real time sale/acquisition happens for the company.

There is a concept called Cap Table (or Capitalization table) which lists down elements such as shareholding pattern / value of equity at each stage of a company for its founders, investors and Venture Capitalists.

STAGE 1 : IDEA / INITIAL WORK

In this case, we are talking about 3 guys- Prakash, Vijay and Suresh, fresh out of a college having a cool business idea and a product they named PRAVIJS in 2012. They allocate 40% share each to Prakash and Vijay who are the brains behind the idea and have also worked on the technology and since Suresh joined them a bit late and is responsible only for getting the commercial job(s) done they allocate him 20%. To create a Cap table, we will allocate initial number of shares say 1 Lakhs divided for shareholder in the below pattern ( this is a founder pool also known as Common Shareholder pool):

Shareholder Name Date of Issue Number of Shares % of Total
Prakash 01-03-2012 40,000 40.00%
Vijay 01-03-2012 40,000 40.00%
Suresh 01-03-2012 20,000 20.00%
Total                        1,00,000 100.00%

STAGE 2: ANGEL INVESTORS ROPED IN

Common Shareholders Shareholder Name Date of Issue Number of Shares % of Total C.S Value
Prakash 01-03-2012 40,000 32% 40 lakhs
Vijay 01-03-2012 40,000 32% 40 lakhs
Suresh 01-03-2012 20,000 16% 20 lakhs
Total                        1,00,000 80% 1 Crore
Preferred Shareholders Shareholder Name Date of Issue Number of Shares % of Total P.S Value
Mr. Shah 04-05-2013 25,000 20% 25 lakhs
Total                           25,000 20% 25 lakhs
Net Total   1,25,000  100% 1.25 Crore

They had devoted their final year in creating a product and have just approached an angel investor to help them kick start their operations with some investment. Mr. Shah is a hotelier and an angel investor and agrees to fund them for an angel investment of 25 lakhs INR for around 20 % stake in their company.  Now important point to note is that whenever an investor ropes in, he comes in as a Preferred Shareholder which means that he gets paid first in case of sell out / profit sharing and them the remaining goes to common shareholders. Also if the founders give 20% stake to an investor, it does not mean that they reduce their number of shares and sell it to the investor. The number of shares remain fixed (until unless they actually sell it to investor / any other 3rd party). To accommodate for 20% stake for angels, the total shares will be increasing in proportion and the %age equity for founders goes down while number of shares for them remain fixed.

We see that with the investment of 25 lakhs @ 20 %, the Net worth of company is valued at 1.25 Cr at this stage and the value for common shareholder @ 40 lakhs /20 lakhs. Also you can calculate the price of each share as 1.25 Cr / 1.25 Lakhs @ Rs 100.

STAGE 3: THE BALL ROLLS TO ANOTHER SEED FUND

It is already 6 months and the idea gains virility. Appears like their efforts and investment over marketing, SEO and sales have paid off and investors have started valuing the idea. Hence the first investors Premium Ventures have decided to invest in PRAVIJS. They are willing to pool in 5 Cr for 20% dilution. However, they have a condition of 2X liquidation preference. Also at this stage Mr. Shah decides to liquidate his holding by 50 % to PRAVIJS at the current share price.

Now lets talk about the term Liquidation preference. When any investor says he is looking for a liquidation preference of say 2X times his / her investment, it means that anytime during the cash out/ sale, it is guaranteed that he will get the minimum of 2 times his investment. So if PRAVIJS is sold for say 10 Crores or less, as per liquidation preference, Premium guys get 10 Crores (or <10 Cr sale price) and nothing is left for founders. If say it is sold at a much higher value, Premium guys will get either the 20% (or whatever is their pattern during the cash-out) or 10 Crores whichever is higher.

So, CAP table now looks like below:

Common Shareholders Shareholder Name Date of Issue Number of Shares % of Total C.S Value
Prakash 3/1/2012 40,000 26% 6.4 Crore
Vijay 3/1/2012 40,000 26% 6.4 Crore
Suresh 3/1/2012 20,000 13% 3.2 Crore
Total 100,000 ~64% (r.e) 16 Crore
Preferred Shareholders Shareholder Name Date of Issue Number of Shares % of Total P.S Value
Mr. Shah 5/4/2013 25,000 16% 4 Crore
Premium Ventures 11/4/2013 31,250 20% 5 Crore
Total 56,250 ~36% (r.e) 9 Crore
Net Total 156,250 100% 25 Crore

(r.e = rounding errors)

The net worth of the company at this stage is 25 Crores. The share price will be Rs 1600 per share which is 16 times the previous round.

STAGE 4: AN YEAR LATER : SERIES A FUNDING

You can google Series A and Wikipedia covers it beautifully when they say that Series A funding is company’s first significant round of VC investment. Basically till above stage, PRAVIJS was relying on seed funds only used for product creation, initial marketing, hiring best talents, doing sales, cold pitch etc. But now is the time to go big and go live on media with their final offering.

So, Charge Capital comes in at this stage and agrees to invest around 100 Crores on this idea @ another 20 % stake for them. VC’s and Founders evaluate it is not the best proposition to go for and re-negotiate. Final deal is closed in for a 15 % stake for Charge Capital @ 100 Crores with 1X liquidation preference for Charge and the team agrees for it. However Charge Capital has demanded to keep an ESOP of at least 5 % for new employees/ visionary leaders for outside who can join / lead the company.

Scenario 1: Charge Offering

Common Shareholders Shareholder Name Date of Issue Number of Shares % of Total C.S Value
Prakash 3/1/2012 40,000 20.5% 102.4 Crore
Vijay 3/1/2012 40,000 20.5% 102.4 Crore
Suresh 3/1/2012 20,000 10.2% 51.2 Crore
Total   100,000 ~51% 256 Crore
Preferred Shareholders Shareholder Name Date of Issue Number of Shares % of Total P.S Value
Mr. Shah (pref A) 5/4/2013 25,000 12.8% 64 Crore
Premium Ventures (pref B) 11/4/2013 31,250 16% 80 Crore
Charge Capital (pref C) 11/24/2014 39,062 20% 100 Crore
Total   95,313 ~49% 244 Crore
Net Total 195,313 100% 500 Crore

The price per share at this stage is 25,600 INR and the individual share is shown above.

Scenario 2: Negotiated Deal

Common Shareholders Shareholder Name Date of Issue Number of Shares % of Total C.S Value
Prakash 3/1/2012 40,000 20.5% 136.7 Crore
Vijay 3/1/2012 40,000 20.5% 136.7 Crore
Suresh 3/1/2012 20,000 10.2% 68 Crore
ESOP Pool 11/24/2014 9,615.38 5% 33.3 Crore
Total   109,615 56% 374.7 Crore
Preferred Shareholders Shareholder Name Date of Issue Number of Shares % of Total P.S Value
Mr. Shah (pref A) 5/4/2013 25,000 13% 85.3 Crore
Premium Ventures (pref B) 11/4/2013 31,250 16% 106.7 Crore
Charge Capital (pref C) 11/24/2014 29,296.88 15% 100 Crore
Total   85,547 44% 2,920,000,000
Net Total 195,162 100% 6666666667

 

In this case, price per share is 34,159 INR and the individual share is as above. Definitely a better deal than the one offered initially but comes with a liquidation preference.

However as it happens, Mr. Shah strikes out a deal as he desperately looks out for an immediate liquidity at this stage. Mr. Shah who is sitting on >300 times his initial investment is undeterred much by accurate numbers and he is willing to sell half of his portfolio for even a handsome discount of 50 % to the investors. Charge strikes out a deal and his stocks are liquidated at a share price of 17,000 flat per share and Mr Shah pockets out 21 Crores at this stage and remaining still as part of his preferred shareholder pool.

The Cap table looks as per below :

Common Shareholders Shareholder Name Date of Issue Number of Shares % of Total C.S Value
Prakash 3/1/2012 40,000 20.5% 136.6 Crore
Vijay 3/1/2012 40,000 20.5% 136.6 Crore
Suresh 3/1/2012 20,000 10.2% 68.3 Crore
ESOP Pool 11/24/2014 9,615.38 5% 32.8 Crore
Total   109,615 56% 374.4 Crore
Preferred Shareholders Shareholder Name Date of Issue Number of Shares % of Total P.S Value
Mr. Shah (pref A) 5/4/2013 12,500 6.4% 42.7 Crore
Premium Ventures (pref B) 11/4/2013 31,250 16.0% 106.7 Crore
Charge Capital (pref C) 11/24/2014 41,796.88 21.4% 142.8 Crore
Total 85,547 44% 292.2 Crore
Net Total                       195,162 100% 666.6 Crore

STAGE 5: CASHING OUT AN YEAR LATER

The company has really gained superior momentum but definitely faces challenges w.r.t competition and ever changing consumer demands. They struggle for an year to ensure they create better equity for all stakeholder but there is a limit at this stage they can do as market is flooded with offerings. Their growth rate is an audacious 20 % with the hard work and also kudos to the new COO joined under the ESOP bucket of 5 % (along with few directors).

A billion dollar company based out of US decides to invest in India and acquire PRAVIJS as part of their expansion strategy. Financials are evaluated and they are willing to acquire PRAVIJS at a total of 800 Crores

Now for 800 Crores, the price per share will be 40,897 which is approximately 20 % higher than the Series A valuation.  Since it is sold at a higher price than CHARGE CAPITAL’s valuated price, the SERIES A investor will be paid as per the Share price of 40,897 and the cash out matrix is as below :

Common Shareholders Shareholder Name Number of Shares % of Total Cash Out
Prakash 40,000 20.5% 163.59
Vijay 40,000 20.5% 163.59
Suresh 20,000 10.2% 81.79
ESOP Pool 9,615.38 5% 39.32
Total 109,615 56% 448.29
Preferred Shareholders Shareholder Name Number of Shares % of Total
Mr. Shah (pref A) 12,500 6.4% 51.12
Premium Ventures (pref B) 31,250 16.0% 127.80
Charge Capital (pref C) 41,796.88 21.4% 170.94
Total 85,547 44% 349.86
Net Total 195,162 100% 800 Cr

 

So, three years down the line, each founder is paid up 160 Crores / 80 Crore / 40 Cr(employee pool. Mr. Shah pockets out total of 51+21=72 Crores out of 25 lakhs he invested (288 times his investment – yes that’s why everyone should invest in real estate so that few smarter ones like him can earn more!!!)

Premium pockets 130 Cr which is 26 times their investment and Charge gets 170 Cr which is still 40 % return on their investment in one year. As you see the multiplication factor and ROI decreases as you move from being an angel investor to a Series A VC in this kind of a deal.

Now suppose PRAVIJS did a bad job once they were incorporated and ran into loss of business / no traction from consumers and bad reviews all around. It wont have pocketed them a sale first of all and might have forced them in extreme cases to go either bankrupt or sell atleast to make their investors happy. One such scenario where we say the sale happens for suppose 200 Crores (way less than they expected).

Now since Charge Capital is a preferred stakeholder, they are paid up 100 Crores as a priority in this deal and remaining stocks they had bought from Mr. Shah will get the valuation per the price.

At 200 Crore, the share price is INR 10,247. However for the 29,300 shares Charge owns they will be paid up @ Share price of 34,159 , the rate at which they initially invested and remaining 12,500 at the share price of INR 10,247. So cash out scenario for the remaining share will be as below :

Common Shareholders Shareholder Name Number of Shares % of Total Cash Out
Prakash 40,000 24.1% 24.1 Cr
Vijay 40,000 24.1% 24.1 Cr
Suresh 20,000 12.1% 12 Cr
ESOP Pool 9,615.38 6% 5.7 Cr
Total 109,615 56% ~66 Cr
Preferred Shareholders Shareholder Name Number of Shares % of Total
Mr. Shah (pref A) 12,500 7.5% 7.5 Cr
Premium Ventures (pref B) 31,250 18.8% 18.8 Cr
Charge Capital (pref C) 12,500.00 7.5% 7.5 Cr
Total 56,250 44% ~34 Cr
Net Total         165,865 100%   100 Cr 

Not bad for founders and angels for sure . Founders still get 24 Cr/12 Cr / 5 Cr each and Mr. Shah pockets a total of 21+7.5=28.5 Crore in this case (110 times only this time eh!). Premium guys cash out at 18.8 Crore (~3 times their portfolio in 3 years !) and Charge loses overall this time as they get a total of 107.5 Cr (out of 121 Crore they invested) – So you can imagine the pressure from Charge Capital on the Board of Directors during this kind of scenario. But hey- if the company is going to pits, better cash out now than ever !
Thanks for reading this. Love to hear your comments and suggestions on the article !

[About the author: Anand Arora has been working in the field of Product/ Business Innovation in organizations  such as anand-aroraIndian Oil, Unilever and PepsiCo. He is an IIT alum with 10 years industry experience and is passionate about new technology, startups and books.

Currently he is working in the area of Internet of things and is excited to be part of the next big thing that will transform many industries in future. ]

[Note: If you are an early stage startup looking to raise funding, do connect with Pluggd.in team: startups@pluggd.in]

[Image credit:shutterstock]

Housing Acquires Real Estate Forum IREF For 8 crores

The online real estate portal, Housing.com, has acquired the Indian Real Estate Forum (IREF) for Rs. 8 crore with an aim to deliver the most up-to-date and helpful content to its customers on its real estate platform.

With a base of about 1.5 lakh active users, IREF claims to provide unbiased and clear information on new projects, developers, localities, brokers and plots.housing-acquisition

Housing is currently raising $500mn to take on rival.

IREF To Remain Independent

IREF will stay independent of Housing and will be a separate and neutral enterprise, the forum claims to be. Housing will not have any influence on IREF .

The current administrators of the forum will stay to ensure the independence of the forum.

NextBigWhat’s take: One has to wait and watch. When you acquire a community, you will eventually end up ‘influencing’ decisions.

What will change for IREF users?

IREF users will get easy access to lots of additional data to help their decision-making. The availability, accessibility, timeliness and transparency of the information they need to make informed decisions will dramatically increase.

A mobile app will be launched that will empower the users and members to access IREF anyplace, anywhere, anytime. Extra functionalities and an improved user interface will empower homebuyers to find information, share questions and experiences faster and easier – via web as well as mobile.

Recommended Read: Housing – Are They Brokers Or A Real Estate Portal? [A Broker’s Take On New New Thing]

US-based Peesh Venture Capital launches its $50million fund For India

Peesh Venture Capital (PVC), a US-based venture capital firm has launched PVCII of $ 50 million (301 crore) for early-stage investments in India. pvc

PVC aims to build India technology ventures in the IoT and Mobile space to break through into a competitive global market and in doing so, be part of India’s transformation into an economic superpower.

Apart from the funding capital, the PVC portfolio companies will be able to leverage its operating experience, thought leadership, and deep global network of relationships across this range of high-value sectors.

The start-ups working with the PVC Accelerator will be able to avail financial, strategic, technical and operational mentorship, located in Bangalore and Gurgaon. PVC typically invests from $100,000 to $5,000,000 from PVC II in exchange for equity in growth stage companies that fit PVC’s investment criterion and PVC Accelerators invest $5,000-$100,000 in exchange for equity in start-ups that fit PVC’s investment criterion.

Accel Launches $305mn Indian Fund To Back Early Stage Startups

Accel is launching Accel India IV, a $305 million fund that like prior funds will invest in very early stage companies.accel

The fund will also continue to (selectively) pursue growth equity opportunities. The investment focus area will cover consumer, enterprise software, mobile and healthcare businesses – i.e. the entire gamut.

Accel is an investor in several companies like Flipkart, BookMyShow, CommonFloor, Forus, FreshDesk, Mitra Biotech, MuSigma, Myntra, Power2SME, Proptiger and TaxiForSure etc.

Disclosure: NextBigWhat also runs Pluggd.in, a startup funding platform.

Super acquires Crunch Commerce To Disrupt Jobs On Mobile.

Super acquires Crunch (CrunchCommerce.com) to disrupt jobs on mobile. This brings together two versatile mobile-led teams with everything it takes to accelerate Super – Tinder for Jobs in India, to the next level.

Crunch has been reimagining shopping on mobile and the two teams have been ideating over the past few months. We saw great synergies in the team, the technology and our passion for reimagining jobs on mobile.

Dayson will be joining in as Co-Founder, with the entire team. Super earlier acquired Mobile SAAS Startup Viraltrics.

Of Indian Startups, Compromised Security And Competition : What’s The Priority?

[Editorial notes : An insightful piece by Shivani Maheshwari – she played with a few services and found out how vulnerable they are.]

Recent Ola’s wallet security lapse, left me in shock. It leaves a bleak picture about the state of security of country’s leading cab service provider. Some of the players have landed big financing rounds with determined founders and are in business for sufficiently long time now. To realize the state of security of some startups services I use, I did some tests by just using Wireshark and Postman. One website I would make mention of is zopnow.com.

Before I start putting down my thoughts, by no way I mean to condemn any organization or anyone associated with it.

Remembered that I made an order for a chocolate on 18–03–15 morning to be delivered on 19th and I haven’t paid yet. Tadaaa, let’s pay for order and capture packets! Filtered “http” packets on wireshark. Ok, all cool, lets see the flow. zopnow.com redirects to payments.zopnow.com which shows me the screen to choose between mode of payments like Credit/Debit/Netbanking/Payu. I chose PayU gateway for payments. After successful payment, there was a http packet to /payudone.php then to /paymentResponse.php and this was the hero. Let’s monitor the packet.

Image-1

Cookies and POST data was all I needed to try luck.

Cookie: zopper=*; amplifyUid=*-; _ampNV=*; _ampUVC=*; _ampVT=*; PHPSESSID=*; AWSELB=*; remember=*; lastterm=*; _gat=*; carttime=*; _ga=*; z=*;

Data: transaction_status=SUCCESS&transaction_amount=90.00&transaction_id=*&zoppay_reference=*&udf1=*

Transaction_id, zoppay_reference and udfi were 3 unknowns. Breathe, take a step back. Capture the packet from zopnow.com to payments.zopnow.com. Voila, post data looks like:

direction=outgoing&reference_number=*&txtTranID=*&txtMarketCode=*&txtTxnAmount=90&transaction_id=*&transaction_hmac=*&transaction_amount=90&access_key=*&udf1=*

Rubbed my hands, leaning closer to laptop pulled out Postman, let’s draft a request. zoppay_reference was the thing that was not known, so I decided to increment that number by 1 and use it in my new request. I placed a fresh order on zopnow worth Rs. 10/- (didn’t want to exploit in any case), fetched all cookies and data and framed a HTTP call.

Image-2

On hitting send , I got an email titled “[ZopNow] Payment Success for order XYZ”. Bingo! Arrow hits the bulls’ eye. Drawback: There was no verification of status from payment gateway, hence no server side validation of request to paymentResponse page.

Zopnow: The bigger picturesque

I wrote an email to cs@zopnow.com.

In all honest opinion, I was playing around with Zopnow.com tonight, and I found a bug via which I was able to place an order(worth Rs. 10/-, which you are free to charge me for), and pay for it online, without actually paying via any card/netbanking.

To my surprise they were very prompt(within 4 hours) in forwarding the concern.

We appreciate you bringing this our notice, this issue is forwarded to technical support team and one of the Zoppers will get in touch with you, to discuss about this issue.

After another 4 hours I got an email from member of technical team.

We acknowledge the bug you mentioned. In one of the recent releases, we regressed and started storing the payment information without verifying the status from the payment gateway. So, you could potentially add a payment just by making a direct post request to /paymentResponse.php. Can you please confirm that the bug was indeed what we thought it was? We have deployed a fix. Can you still replicate it?As a token of appreciation from our team, please accept the 10,000 Zoppies we have credited to your account.

I was humbled by kind, swift and sensible response I received from Zopnow. The issue got fixed within 8 hours, but on first part should we leave that vulnerability?

Least we can do to prevent such mishaps is to follow OWASP guidelines, have good backend analytics, apply defensive control mechanisms and have encrypted connections. Sometimes while scaling from MVP to a full-fleged product we tend to neglect the basics of security. In the longer runs, business suffers on account of these loopholes.

Competition isn’t worth if it isn’t secure!!

[Reproduced from Shivani Maheshwari‘s blog]

Stayzilla Trolls OYO Rooms Over Trademark Issues [#OYOMama]

Infringing on trademarks and IP rights can often lead to heated court battles, which almost always results in someone paying someone a lot of money, even if it’s just the companies paying their  lawyers.OyoMama-Troll

However, when OYO Rooms, a branded network of budget hotels, infringed on its rival Stayzilla’s trademark, rather than the exchange of a bunch of boring legal documents, something unexpected (and totally fun) happened.

It started off with Oyo Rooms using ‘Stayzilla’ in a Google AdWord copy, in the hope to drive more traffic onto its site and also seem smug. As Suhasini Kandaswami, an IP Lawyer and author of the original post, puts it – it wasn’t just a trademark violation, it was also a huge breach of Google’s advertising policy.

Oyo Vs StayZilla

Rather than getting into legal intricacies, Stayzilla made use of the popular Yo Mama joke to troll Oyo Rooms into stop infringing on its trademark. The events (obviously) unfolded on Twitter for the world to see.

Here’s a few of the best ones:

#OYoMama so fat her weighing scale is always stuck at 999! @oyorooms pic.twitter.com/PZ3Xym5zT9

What happened between Stayzilla and Oyo Rooms only went on to prove how confident Stayzilla was with their marketing and social media, executing a campaign which could have backfired easily so beautifully.

Trolling rivals to grab eyes and the customer’s mind is the new game Indian startups are playing, and all we can say is keep it coming :D

Roundup of latest trolls: