in

Scams, terror, and national security: Problems with Chinese microloan apps in India

Technology has become a great enabler but it can also be a killer. In this case, it has literally proven so for India’s lower-income residents, thanks to unscrupulous Chinese operators who have used spurious loan apps and hired Indian underlings to bilk the most vulnerable.

In just 10 months since the pandemic began, at least $3 billion worth of scam microloan transactions have taken place with a bulk of that siphoned off. 

The targets of these scams are people who are largely marginalised by the banking sector. Factoring in pandemic-induced joblessness and pay cuts that have led to an urgent need for cash, the dire situation of these people exacerbated in 2020, making them ripe for exploitation.

Yet, this appears to be only the tip of the iceberg. The other problem arising from the actions of these relatively few bad actors is that it has threatened the dynamic Chinese tech ecosystem within India. The top smartphone sellers in the country like Xiaomi, Oppo, Vivo, RealMe, OnePlus all have significant investments in the country.

Countless startups, many that have now grown up, like Paytm and Ola, have been nourished by significant chunks of Chinese money — $4 billion worth — from companies like Tencent and Alibaba’s Ant Financial.

THE UNDERSERVED

Within the great revolution that the internet has ushered in, there have been big strides in areas such as transportation (Ola), e-commerce (Flipkart), and food-tech (Zomato), along with the advancement of a whole host of automation, logistics, and cloud services outfits that have begun to empower businesses and consumers.

One area that has held much promise is the booming fintech market, which provides solutions in the form of consumer credit, supply chain finance, digital payment, wealth management, and insurance.

In India, specifically, the poor in smaller towns and in the countryside have always been starved of banking avenues. Private sector banks, which took off in the early 2000s, had made the calculation long ago that it would not be profitable on a per account basis to expand to the hinterland.

The Indian digital payments revolution tried to alleviate this problem experienced by unbanked, but poor internet infrastructure has made it difficult for financial inclusion to become commonplace and smartphones are not yet ubiquitous in these parts.

As a result, moneylenders who have always held sway in rural and semi-urban parts have continued to ply their trade. Even scores of unbanked urban Indians in big cities have to resort to borrowing money from these unsavoury sources. Many of these moneylenders charge upwards of 300% interest, which is why, when marginalised Indians got wind of easy-and instant-loan approvals from an array of fintech apps, borrowing from them was a no-brainer. 

They just didn’t realise, however, that they were being taken for a painful if not devastating ride.

DATA AS COLLATERAL

This is how the scam essentially works for the majority of borrowers. For example, a lady takes a loan — mostly a small one, say Rs 3,500 ($1) from a digital lending app, such as My Bank. But within a few days, she notices something odd; Rs 26,000 is deposited into her account from 14 or so different lending apps that had never been downloaded onto her phone.

Before she is able to make sense of what is going on, the borrower has been suddenly assailed by collection agents from all of these apps for the repayment of Rs 44,000 — 10 times the amount they borrowed.

When this already severely cash-strapped person is unable to repay her loans, they are threatened by collection agents who then morph her face onto naked bodies to create pornographic images of her.

The images are then sent to all of her contacts which the loan app had already accessed as part of the loan agreement, as well as the person’s WhatsApp groups. Personal data, which the lending app made sure it collected, was essentially used as collateral.

This kind of public humiliation and shame has resulted in six suicides in the state of Telangana so far.

THE PHANTOM MENACE

When an Indian consumer collective, Cashless Consumer, decided to investigate these occurrences, it discovered the scale and the horror of what was going on.

All of the user data is apparently stored in China and out of the 1,050 instant loan apps it checked — Loan Gram, Cash Train, Cash Bus, AAA Cash, Super Cash, Mint Cash, Happy Cash, Loan Card, Repay One, Money Box, Monkey box, Rupee Day, Cash Goo, among many, many others — only 300 apps had websites, albeit with scant information. Meanwhile, only 90 had physical addresses. According to Cashless Consumer, many of these apps breach Indian rules on lending.

Traditionally, banks and other non-banking financial companies that hand out loans have a whole host of documents that have to be provided before a loan is issued. Making the cut is not easy.

Enter digital lending apps who more or less are not required to follow such requirements and can issue microloans with a much shorter repayment window and brutally high interest rates, most often 1% a day, which compounds every two weeks. It’s difficult to see how a person with a modest income, let alone a pandemic induced cashflow crisis, would be able to pay this back.

When SaveIndia Foundation, a team of cybersecurity professionals, investigated instant loan apps operating in India, they discovered that hundreds of these accounts operated abroad and usernames and passwords were in Mandarin.

Further probing revealed that Chinese nationals were using Indian proxies as directors and used local chartered accountants to set up companies. In one instance, one such accountant helped Chinese investors float 40 companies, 12 of which were loan apps that now have criminal cases booked against them.

Police from four different states in India finally arrested seven Chinese nationals earlier this month for running the show with 35 Indian deputies, some of whom travelled to China for “training”. Several of these Indians were directors of multiple companies that have since been implicated in microloan scams based out of Bengaluru, Pune, Hyderabad, and Gurugram.

Payment gateways providing online wallets to these companies such as PayTM, Razorpay, and Cashfree have also contributed to the fiasco, say critics, and have been accused of being shoddy in their due diligence. A simple scrutiny of the appropriate identification documents, known in India as Know Your Customer, would have stopped many of these companies, according to critics.

THE FIX?

Without a firm government decree that requires stringent checks on money-related apps, more monumental digitally-enabled disasters are a certainty.

Moreover, app purveyors like Google should be forced to authenticate every loan app in their store. While the Google store has shut down a few dozen operators, the scale of the problem is immense. Hundreds of loan apps whose origins are dubious at best are still abound.

Another equally dire consequence is that details of individuals given for the 14 million transactions all include copies of the Aadhaar, or the national identity card, which is part of the pan-India database. That information, along with Indian citizens’ facial images, now sit comfortably on Chinese servers and many are calling it a national security issue.

It is ironic that just 15 years ago, a microfinance revolution had built a dynamic industry in the same exact spot that many of the loan scams have popped up — the state of Telangana, which was once part of Andhra Pradesh.

The industry ultimately collapsed because borrowers were strongly encouraged to take multiple loans which became simply unpayable. Many committed suicide and the industry collapsed.

It seems that history is destined to repeat itself if checks and balances are not urgently established.

Related Coverage


Source: Information Technologies - zdnet.com

OAIC asks Home Affairs to create 'information champ' role for overseeing FOI requests

Google bans another misbehaving CA from Chrome