NEW DELHI: Lending apps, which lend small sums between Rs 2,000 and Rs 10,000, targeting low-income and financial unsavvy Indians, are on the rise again despite more than 200 such apps being removed from the Google Play store already. Such apps are dangerous as the harassment by recovery agents have driven many to suicide in the recent past.
In 2021, at least six people committed suicide in Hyderabad alone due to harassment by agents. As many as 50 cases of harassment were reported from Hyderabad, Cyberabad, and Rachakonda police commissionerates. Last week a man in Mumbai ended his life after his morphed images were circulated on Whatsapp by alleged recovery agents of a loan app. In another such incident, 24 year old Anurag Singh fell prey to one such loan app, which accessed his contact list after he installed it on May 1 to enquire about what loan he was eligible for. Without his consent, the app transferred Rs 3,805 to his bank account the same day. On May 6, Singh began receiving SMSes and threat calls demanding he repay the loan along with “interest” of Rs 7,000 for just six days.
In Hyderabad’s Begumput, 27-year-old Suman found his morphed images were doing the rounds on his family’s emails while he was being branded as a paedophile for raping a 5-year-old by representatives of an instant loan app from whom he had borrwed Rs 4,000 in the past. Though he had returned the amount, the app had labeled him as a defaulter, and harrasment started when he refused to give in.
The modus operandi:
These platforms exploit the unmet need for credit and target vulnerable borrowers by offering supposedly no-strings-attached credit. However, they come with huge interest rates and extortionate terms and conditions, to which borrowers have no recourse. And with just one tap, you basically allow them access to everything on your phone- be it your entire contacts list, photos and videos. And the moment you fill in the details such as your Aadhaar, PAN, address, the amount you need and click apply, you will see your account credited with cash. The apps, on the pretext of advancing a loan, accesses all information from the customers’ phones which could later be used by the company to perpetrate some other financial crime.
“The modus operandi seem to be registering fake entities, using whitelabeled software to generate apps, upload and use wallets / UPI for running the operations along with extra-ordinarily high interest (with GST — which is a loot, as these are companies that don’t exist in GST database), social shaming, threatening using data obtained from phone using the app permissions in case of non-payment / delayed repayment,” explains Srikanth L of Cashless Consumer, a consumer awareness collective.
“A quick search on the Google play store reveals many apps that promise funds the same day, within the same day provided you submit a KYC form with the required details. While innovation in lending practices has enabled that to a certain extent, it is prudent to understand if the app/service is from a legitimate company,” said Anil Pinapala, CEO & Founder of Vivifi India Finance.
According to an RBI panel, if a consumer uses such an app or website, it could collect the user’s personally identifiable information (PII), financial data and other sensitive details, which can then be used to compromise the user’s accounts, carry out phishing attacks and identity theft.
To provide a loan, these apps ask for a copy of 3 months bank statement, a photocopy of aadhar card, and a PAN card from the customer. After receiving the documents, they give a loan within minutes. Sometimes loans are given even without such documents. Instant loan companies charge an annual interest of 36%-50% and also charge heavy penalties daily for not repaying the loan on time, which can go up to 50% of the loan amount. Add to that processing fees of around 20-25% and 18% GST. Customers are then harassed and abused by recovery agents to repay the loan amount. Obscene messages, indecent pictures, and abusive texts are sent to the person’s WhatsApp number and others on his or her contact list.
Are such lending apps legal?
Most of these apps are absolutely illegal. As per the prevailing law, a lending company needs to be either a bank or a non-banking financial company (NBFC) and registered with RBI to be able to lend, or otherwise have a license as a money lender under the State Money Lenders Acts.
“These Apps, more often than not, are not registered under any of the above and are operating totally outside the legal framework and are, therefore, illegal. Many of these apps were, in fact, earlier blocked under the Information Technology (Procedure and Safeguards for Blocking for Access of Information for Public) Rules, 2009 under section 69A of Information Technology Act, 2000 but they continue to operate with impunity.
Further, on the legal implications, these apps/companies may be liable under the Banking Regulation Act, RBI Act, Companies Act and the State money lending laws, consumer protection laws, amongst others for their acts,” said Bharat Chugh, Former Judge, Advocate Supreme Court of India.
How many such apps exist?
Digital lending has grown over twelvefold in India from 2017 to 2020, according to a November 2021 report by the Reserve Bank of India. Among the 220 million Indians who are eligible for loans from legal financial institutions, only 33% have access to a bank account, while majority are not eligible for loans due to a lack of collateral and a poor understanding of the loan process. While several legal mobile lending apps such as Dhani, PayMe India, and IndiaLends have emerged to meet their needs, India has also witnessed a boom of scam apps. Data from the Reserve Bank of India, 600 illegal lending apps have been found, while the government has already blocked 27 such apps. Google Play store had removed over 205 such apps as of November 2021.
The RBI working group found these illegal apps during a short span of two months, i.e. between January 1, 2021 and February 28, 2021. It also received 2,562 complaints against such digital lending apps between January 1, 2020 and March 31, 2021, of which maximum 572 complaints were received from Maharashtra, followed by Karnataka (394), Delhi (352) and Haryana (314). Others included Telangana (185), Andhra Pradesh (144), Uttar Pradesh (142), West Bengal (138), Tamil Nadu (57), Gujarat (56).
RBI had received complaints about the exorbitant rate of interest charged by some apps and also the extensive process of recovery of loans.
In December 2020, the RBI cautioned the general public not to fall prey to unscrupulous activities of unauthorised digital lending platforms and verify the antecedents of the company or firm offering such loans.
The RBI has also issued advisories to state governments to keep a check on such applications through their respective law enforcement agencies.
In July, 2021, Google also said Indian lending apps will have to fill out a “Personal Loan App Declaration” form, and provide supporting documentation such as a license from the Reserve Bank of India (RBI), or proof that the app is only a platform serving as a middle-man for registered non-banking financial companies (NBFCs) or banks. Google had even pulled the plug on more than 500 instant-credit apps that had their roots in China and were not compliant with central bank norms.
Has any action been taken by the RBI against these fake lending websites?
The suggestions of the RBI working group on digital lending included a new law to ban unauthorised lending and a self-regulatory organisation to evolve a principle-based regulation. Last week, the Reserve Bank cancelled the Certificate of Registration (CoR) issued to P C Financial Services Pvt,, which was engaged in mobile app-based lending operations through an app called ‘Cashbean’. The company was found to be “charging usurious rate of interest and other charges to its borrowers in an opaque manner apart from indulging in unauthorized use of logos of the RBI and Central Bureau of Investigation for recovery from the borrowers in gross violation of the Fair Practices Code”.
” It is also pertinent to note that there has not been any regulatory action till date against the regulated entities which provided a platform for the consumer abuse to happen. It is important to note that not all complaints of rogue practices were against unregulated operators, and some regulated entities were also playing sheet anchor roles in providing a platform to rogue apps. While the volume of complaints is noted, there is no documentation of response of RBI to these complaints in the report. The role of RBI was restricted to issuing advisories and forming the committee. The regulator’s failure to take moral responsibility for the supervisory lapses is to be noted, for it to be prevented in the future and improve regulatory trust amongst consumers. The overarching principle that seems to echo in the working group report is to solely focus on being industry friendly and growth of market while leaving aspects of regulation, including consumer protection to self-regulatory organisations (SROs). It is worrying to see the regulator absolving of its responsibilities and moving towards a self-regulatory model compromising on consumer protection,” said Srikanth.
But are they any RBI guidelines one can follow?
In terms of future regulation in the digital lending space, the RBI recently came out with certain recommendations in order to safeguard the interests of the consumer from these apps. The RBI listed down numerous suggestions ranging from subjecting the digital lending apps to a verification process by a nodal agency to be setup in consultation with stakeholders to each digital lender to provide a key fact statement in a standardised format including the Annual Percentage Rate, etc.
The RBI is likely to come out with a comprehensive regulatory framework for digital lending soon. The working group has also recommended a separate legislation to prevent illegal digital lending activities as well as setting up of a Self-Regulatory Organisation (SRO) covering the participants in the digital lending ecosystem.
What can one do to safeguard themselves from such scams?
The only recourse is to borrow from legitimate and approved lenders, platforms, and intermediaries and to watch out for the following red flags:
“Either approach the bank or a non-banking financial corporation directly or use reputed, genuine, and secure platforms to apply for credit. Make sure of the credentials of the business the site or app you are using represents. Check if they have physical offices and if their website is secure. Do not borrow if any app or service that does not ask you for your credit history and pressurise you to close the deal immediately. You do not need to pay any money for loan approval to any entity. The processing fee is usually billed to you as part of your loan or to be paid directly to the bank on NBFC offering you the loan. If you are being asked to pay a part of the loan upfront for processing or required to pay cash or transfer money to any personal account, it is a red flag,” said Adhil Shetty, CEO, Bankbazaar.
Beware of fraudulent apps: There are many illegitimate apps on the App Store and Play Store. Fortunately, they can be identified through multiple negative reviews, a low number of downloads, and the lack of a ‘verified’ badge.
And do these recovery agents go scot free?
As far as actions of these so called recovery agents are concerned, these may amount to serious offences under the law, including but not limited to hacking/unauthorised access to the phone, violation of privacy, cyber obscenity, criminal intimidation, extortion, forgery, cheating, criminal breach of trust, and potentially, in some of these cases, abetment to suicide as well, said Chugh.
If you are being harassed by the bank or the recovery agent, then you can file a complaint with the police as a primary move. In the absence of any relief despite the police complaint, one can move the civil court and can plead for relief.
According to Saransh Chaturvedi, Associate with Khurana & Khurana Advocates, one can also file a complaint with the RBI, which has strictly laid down specific considerations which the bank and the loan recovery agent must follow. The Reserve Bank may consider imposing a ban on a bank from engaging recovery agents in a particular area, either jurisdictional or functional, for a limited period. In case of persistent breach of guidelines, Reserve Bank may extend the period of ban or the area of ban. Similar supervisory action could be attracted when the High Courts or the Supreme Court pass strictures or impose penalties against any bank or its Directors/ Officers/ agents.
How does one differentiate between a legitimate company and a lending app scam?
Companies that are registered with the RBI follow regulatory guidelines and abide by the rules to run the business legally. These lenders usually follow a strict set of guidelines, and a code of conduct, in working with borrowers and ensuring the best possible experience for everyone. “Legal RBI licensed lenders also house all the data in India. They perform a KYC – Know Your Customer on every application they receive. Borrowers must Know their Lender before applying for a loan. If a lender is not RBI Approved or doesn’t have an Indian Incorporation, it most likely is unauthorized and is not bound by privacy rules,” said Pinapala.
Most illegal lending apps won’t have listed their website even. It is a big red flag and something for the customers to be cautious about. Ensure not to download the app of a lending company if their website is not listed with RBI.
“Always make sure that you download apps from the Google play store and avoid downloading from the unregistered entity’s website. If the digital lending apps do not offer transparency about the charges or the loan offer or offer loans for short durations without implementing KYC or providing fees details or legitimate addresses, all the above-mentioned call for caution and the customers must be wary of it,” added Pinapala.
Is there any insurance policy that safeguards against this form of fraud?
A retail cyber insurance policy is designed to cover any losses due to Cyber Extortion, Privacy Breach and Data Breach by Third Party, Phishing, Malware, Cyber Stalking, Identity Theft, Social Media, etc.
“Any individual can buy a specific cyber insurance cover with specific risks in mind. Retail cyber insurance also offers coverage for IT Consultant Services to assess losses and Counselling Services for any amount spent on psychological counselling. Some ways to avoid such threats are encrypting sensitive data to safeguard your credit/debit card details on any retail network, and the other is the use of multi-factor authentication that adds an extra layer of security to your devices,” said, Evaa Saiwal – Practice Leader – Liability & Financial Risk, Policybazaar.
With inputs from PTI