A large percentage of instant loan apps have the same software backend, but different front-end branding. Chinese investors then bring these applications to India with proxy administrators.
Bhumana Prasad, a resident of Hyderabad, took a loan of Rs 3,500 from “My Bank” – a digital lending app – in November 2019. Within a week, he repaid the amount with interest, and soon, took another micro loan, of Rs 4,400, from the same application. Within days, however, Bhumana noticed something strange. There were 26,000 rupees deposited in his SBI bank account from various sources – namely 14 different loan apps which he had never downloaded – and soon all of them started harassing him, demanding repayment totaling 44,000. rupees.
How did these apps ‘lent’ money to Bhumana? And why? Police believe ‘My Bank’ shared his details with other apps run by the same company – Jhia Liang Technology in Pune. As to why investigators and experts say this is part of the modus operandi adopted by scam instant loan apps. They collect your personal data, use this personal data as collateral to manipulate and harass you, and use other predatory methods to collect high interest rates – sometimes even up to 200 or 500%.
And just like many other things – like phones, plastic toys and clothes – this product, a FinTech scam, was made in China.
How Fraud Works
The COVID-19 pandemic has led to job losses and wage cuts, starting in March 2020, and the need for credit among people has increased dramatically. It has also become an opportune time for instant loan apps to take hold and attract customers in India.
These companies give everyone a large number of loans of smaller amounts at a very high interest rate. In this way, even if there is a defect, it does not cause much loss to the company.
The reason why these apps have become so popular is also because they provide loans to everyone regardless of creditworthiness and without KYC documents, definitive loan agreement, etc.
“For example, at Moneytap, we reject 95% of people. These apps are trusted by 95% of people. By lending, you are supposed to reject more than approve because you are not supposed to give money to those who do not have the means, the capacity or the intention to repay,” says Anuj Kacker, Secretary and Chairman of the Digital Lenders Association of India and COO of MoneyTap.
But once people like Bhumana are framed, debt collectors adopt coercive means for loan recovery, accessing phone contacts, pictures, location and more. Data from the phones of these defaulting lenders was used to make threatening calls, made from call centers run by the lending apps. Cases have emerged where photos of defaulting women have been taken from a phone gallery, transformed with pornographic material and shared with the defaulter’s contacts and via WhatsApp groups.
Made in China…
Several of these tactics were used in China by instant loan apps, from 2012 until a government crackdown in 2016 on predatory clawback tactics by instant loan apps in China that issued loans of a worth $100 billion. The move nearly killed the sector.
While China even set up a special work leadership team office to rectify financial risks on the Internet and gave instant loan applications, also known as Peer-2-Peer (P2P), 2 years for clearing outstanding loans and exiting the industry, it seems many of these lenders have turned their attention to India.
The police crackdown on Chinese-owned apps has so far resulted in the arrest of 7 Chinese nationals and more than 35 Indians by three police forces in southern India. Police said they are still investigating the business network and the Law Enforcement Branch has also launched an investigation.
…imported in India
Balaji Vijayaraghavan, a Chennai-based criminology student had installed the Snapit app (later removed by Google) in October 2020 but soon observed that his bank account was being used for transactions that were unrelated to him, “He there was a death in the family and i needed some more money so i identified a few places to get a loan i didn’t even log into the app but they still I was able to access my bank account. I had Rs 90,000 in my bank account, but I noticed that transactions worth Rs 8.49 lakh were being made in my account,” says Balaji, who now assists the Telangana and Maharashtra Police in their investigation of the apps.
Balaji is a member of SaveIndia Foundation, a team of cybersecurity professionals investigating instant loan apps operating in India. The researcher claims that instant loan apps have entered India through fintech expos held annually in Indonesia, Malaysia and Singapore.
“While the event is running in a positive spirit, a few Chinese exhibitors are showcasing their instant loan applications there and a few Indian businessmen are being attracted to the business model. The Software Development Kits (SDKs) are then either sold to a nominal rate, or with equity for the Chinese who invest in the Indian company,” explains Balaji.
“About 85% of these apps were deployed using the same SDKs. So it’s a company that white-labels an app and then individual companies brand it. The technology backend remains the same. We’ve seen three to four white-label companies that these apps are based on,” says Srikanth L of Cashless Consumer, a consumer collective working to raise awareness of digital payments. The collective reviewed 1,050 loan apps snapshot and found a series of irregularities in their operation. About 750 of these applications are still available on Google Play Store; among them, only 300 have websites – with very little information; and only 90 have a physical address. .
Chinese nationals looking to set up these instant loan app companies would use proxies as administrators and then take the help of chartered accountants to set up the company.
A data war?
In 2020, a surge in the registration of instant loan applications has been seen in India, says Cashless Consumer. All the apps were found to store user information, such as facial recognition data and personal data, on Chinese servers. The exact number of instant loan applications is not yet fully known.
In one observed pattern, individuals came to set up a business with the help of a few Indians. “It would be set up as a micro finance company with loan amounts as low as Rs 2,000 and transactions are done through digital payment gateways like Google Pay, Paytm and others,” says Srikanth L of Cashless Consumer.
Srikanth in a webinar, KillerApps – Detecting Predatory FinTech apps – said that about 600 of the 1,050 apps analyzed were found using some form of “liveness detection” – to authenticate the user in the form of a selfie.
Cashless Consumer found that the selfie supported by these apps is performed through artificial intelligence (AI) software with servers in China. “It may seem significant, but has a national security problem,” explains the researcher.
“It collects facial recognition worthy images (FR) as well as personal details of the individual, so it practically has the potential to mirror the Aadhaar database if the person also provided Aadhaar when applying for the loan. These entities then collect other credentials. They can build a parallel Aadhaar system. This needs to be thoroughly investigated as to what type of data they store and process,” he adds.
Why India is ripe for fraud
Anuj Kacker says payday lending is a hugely profitable business and has therefore attracted many as a way to make some quick cash. If it has shown over the years and throughout the world that it is profitable, it has led to all kinds of debt traps and is therefore banned in most countries. This has happened in the UK, many African countries, China and Indonesia.
India, experts say, was ripe for this activity because we are not new to unorganized loans at high interest rates – they are rampant among local unorganized lenders. What has happened now, according to Anuj, is that instead of doing it in a physical market, people have created apps for it.
He adds that although Indian regulators are stricter than most countries, for those looking to make a quick buck, it’s a risk worth taking.
“They are very opportunistic and are not in it for the long haul. They are here as long as they can make money and then move on,” adds Anuj.
RBI’s action so far and what can be done further
The Reserve Bank of India (RBI) in December became aware of the practices of these instant loan companies and issued a warning, asking the public to stay away from unauthorized digital loan applications.
He also urged people to never share KYC documents with unidentified people, unverified/unauthorized apps and asked people to report such fraudulent activities to law enforcement or RBI’s Sachet portal.
RBI has also mandated digital lending platforms used on behalf of banks and NBFCs to disclose the name of the bank(s) or NBFCs in advance to customers.
While there are also reports that RBI is looking into the source of funds for these loan applications, no further action has been taken by the banking regulator.
The Digital Lenders Association of India (DLAI) suggests that there should be a law in place prohibiting short term loans of less than 60 days and that interest rates should be advertised in advance before process the loan.
“When you start doing a minimum of 60, 90 or 120 days, it’s not easy to turn the money around and companies will have to raise a lot of capital, do proper collections and so on. You also cannot charge very high interest rates, which makes the business less profitable and margins are reduced,” says Anuj.
(With contributions from Haripriya Suresh)
Read Part Two – Investigation: Chinese Landlords, Indian Proxies, and Ghost Addresses
Did you like this story?