diff --git a/lib/utils/razorpay-utils.js b/lib/utils/razorpay-utils.js
index 6ba6468..f12a440 100644
--- a/lib/utils/razorpay-utils.js
+++ b/lib/utils/razorpay-utils.js
@@ -80,8 +80,6 @@ function validateWebhookSignature (body, signature, secret) {
    * @return {Boolean}
    */
 
-  var crypto = require("crypto");
-
   if (!isDefined(body)      ||
       !isDefined(signature) ||
       !isDefined(secret)      ) {
@@ -98,8 +96,15 @@ function validateWebhookSignature (body, signature, secret) {
   var expectedSignature = crypto.createHmac('sha256', secret)
                                 .update(body)
                                 .digest('hex');
+  
+  const signatureBuffer = Buffer.from(signature);
+  const expectedSignatureBuffer = Buffer.from(expectedSignature);
+
+  if (signatureBuffer.length !== expectedSignatureBuffer.length) {
+    return false;
+  }
 
-  return expectedSignature === signature;
+  return crypto.timingSafeEqual(signatureBuffer, expectedSignatureBuffer);
 }
 
 function validatePaymentVerification(params={}, signature, secret){