A bug in the payment gateway costs Navi Technologies ₹14.26 Cr!

Navi Technologies reportedly lost ₹14.26 Cr after a payment gateway bug allowed users to alter the payable amount to ₹1 post-transaction initiation, while the full original amount was charged to Navi.

This raises important questions:

1. From a technical standpoint, how could such a bug exist? Most payment gateways (e.g., Razorpay, Paytm) have a process to fix the amount during order creation. Could this be due to poor implementation or a misconfigured integration?

2. Legally and ethically, does exploiting such a bug count as "fraud"? Should the exploiters face punishment, or is this purely a failure on Navi and the third-party gateway's part?

What are your thoughts on this and does anyone have some insider news?

Link to the Mint article: https://www.livemint.com/technology/tech-news/navi-technologies-hit-by-rs-14-26-crore-cyber-fraud-heres-what-happened-11737457141061.html