A large percentage of instant loan apps have the same software backend – but different frontend branding. Chinese investors then bring these apps to India with proxy directors.

The exact number of Chinese national owned instant loan apps are not known
Delve Crime Tuesday, January 12, 2021 - 15:49

Bhumana Prasad, a resident of Hyderabad, took a loan of Rs 3,500 from ‘My Bank’ – a digital lending app – in November 2019. Within a week, he repaid the amount along with interest, and soon, took another micro-loan, of Rs 4,400, from the same app. Within a few days, however, Bhumana noticed something strange. There was Rs 26,000 deposited in his SBI bank account from various sources – namely, 14 different lending apps that he had never downloaded – and very soon, all of them started harassing him, demanding a repayment totalling Rs 44,000.

How did these apps ‘lend’ money to Bhumana? And why? Police believe that ‘My Bank’ shared his details with other apps run by the same company – Jhia Liang Technology in Pune. As for the why investigators and experts say that this is part of the modus operandi adopted by fraudulent instant loan apps. They collect your personal data, use that personal data as collateral to manipulate and harass you, and use other predatory methods to collect high-interest rates – sometimes going up to even 200 or 500%.

And just like many other things – like phones, plastic toys, and clothes – this product, a FinTech scam, was Made in China.

How the fraud works

The COVID-19 pandemic led to job losses and pay cuts, starting in March 2020, and the need for credit among people increased significantly. It also became an opportune time for instant loan apps to set up shop and garner customers in India.

These companies give out a huge number of loans in smaller amounts at a very high-interest rate to everyone. This way, even if there is a default, it doesn’t cause much of a loss to the company.

The reason why these apps became so popular, is also because they give loans to everyone, irrespective of their creditworthiness and without KYC documents, a definite loan agreement, etc.

“For example, at Moneytap we reject 95% of people. These apps approve 95% of people. In lending you are supposed to reject more than approve because you are not supposed to give money to those who don't have the means, ability or intent to pay back,” says Anuj Kacker, the Secretary and Chair of the Digital Lenders Association of India and COO of MoneyTap.

But once people like Bhumana are trapped, recovery agents adopt coercive means for loan recovery, accessing phone contacts, images, location and much more. Data from the phones of these loan defaulters were used to make threatening calls, made from call centres operated by the loan apps. Instances emerged where pictures of women defaulters were taken from phone gallery, morphed with pornographic material and shared with the contacts of the defaulter and through WhatsApp groups.

Made in China...

Several of these tactics were used in China by instant loan apps, as early as 2012 until a government clampdown in 2016 over predatory recovery tactics by the instant loan apps in China had issued loans worth 100 billion dollars. The move nearly killed the sector.

As China even set up an Internet Financial Risk Special Rectification Work Leadership Team Office and gave instant loan apps, also referred to as Peer-2-Peer (P2P), 2 years time to clear outstanding loans and exit the industry, it seems many of these lenders have turned their attention to India.

The police crackdown on the Chinese-owned apps has, so far, resulted in the arrest of 7 Chinese nationals and over 35 Indians by three police forces in south India. Police say they are still investigating the web of companies, and the Enforcement Directorate too has started a probe.

...imported to India

Balaji Vijayaraghavan, a student of criminology based in Chennai had installed the app Snapit (later taken down by Google) in October 2020 but soon observed his bank account being used for transactions that were not linked to him, “There was a death in the family and I needed a little more money so I identified a few places where to get a loan. I didn't even log into the app but they were still able to gain access to my bank account. I had Rs 90,000 in my bank account but noticed transactions worth Rs 8.49 lakh being carried out in my account,” says Balaji who is now assisting the Telangana and Maharashtra police with their investigation into the apps.

Balaji is a member of SaveIndia Foundation, a team of cybersecurity professionals investigating instant loan apps operating in India. The researcher says instant loan apps gained entry to India through Fintech expos held annually in Indonesia, Malaysia and Singapore.

“While the event is held in a positive spirit, a few exhibitors from China demonstrate their instant loan apps there and a few Indian businessmen get attracted to the business model. The Software Development Kits (SDKs) are then either sold at a nominal rate or with equity for the Chinese that invest in the Indian firm,” says Balaji.

“About 85% of these apps were deployed using the same Software Development Kits, so it’s one company that makes a white label app – and then individual companies put their brand name on it. The technology backend remains the same. We saw three to four white label companies that these apps are based on,” says Srikanth L of Cashless Consumer, a consumer collective working on increasing awareness around digital payments. The collective has looked into 1,050 instant loan apps and found a range of irregularities in their functioning. About 750 of those apps are still available on Google Play Store; of them, just 300 have websites – with very little information; and only 90 have a physical address.

Chinese nationals looking to set up these instant loan app companies are said to be using proxies as directors and then take the help of Chartered Accountants to set up the company.

A data war?

In 2020, a large uptake in the registration of instant loan apps was observed in India, says Cashless Consumer. All the apps were found to be storing user information, such as Facial Recognition data and personal data, on Chinese servers. The exact number of instant loan apps is yet to be fully known.

In one model that was observed, individuals came and set up a company with the help of a few Indians. “It would be set up as a micro-financing company with loan amounts as low as Rs 2,000 and the transactions are done through digital payment gateways such as Google Pay, Paytm and others,” says Srikanth L of Cashless Consumer.

Srikanth while speaking at a webinar, KillerApps - Detecting Predatory FinTech apps -  said that about 600 of the 1,050 apps analysed were found using some form of ‘liveness detection’ – to authenticate the user in the form of a selfie.

Cashless Consumer found that the selfie taken over these apps is run through Artificial Intelligence (AI) software with servers in China. “It may seem non-trivial, but has a national security concern,” the researcher says.

“It collects Facial Recognition (FR) worthy images along with personal details of the individual, so practically it has the potential to mirror the Aadhaar database if the person also provided Aadhaar while applying for the loan. These entities then collect other ID proofs. They can build a parallel Aadhaar system. This needs to be studied in-depth as to what kind of data they are storing and processing,” he adds.

Why India is ripe for the fraud

Anuj Kacker says that payday lending is an extremely profitable business, and hence has attracted many as a way of making a quick buck. While it has shown over the years and across the globe that it is profitable, it has led to all kinds of debt traps and therefore banned in most countries. It has happened in the UK, in many African countries, China, and Indonesia.

India, say experts, was ripe for this business because we’re not new to unorganised lending at high-interest rates – it has been rampant among local unorganised moneylenders. What has happened now, according to Anuj, is that instead of doing it in a physical marketplace, people have created apps for it.

He adds that despite India’s regulators being stricter compared to most countries, for those looking to make a quick buck, it’s a risk worth taking.

“They are very opportunistic and are not here for the long term. They are here as long as they can make some money and then move on,” Anuj adds.

RBI’s action so far and what can be done further

The Reserve Bank of India (RBI), in December, took notice of the practices of these instant loan companies and put out a warning, asking the public to stay away from unauthorised digital lending applications.

It also urged people never to share KYC documents with unidentified persons, unverified/unauthorised apps and asked people to report such fraudulent activities to law enforcement agencies or RBI’s Sachet portal.

RBI has also mandated digital lending platforms used on behalf of banks and NBFCs to disclose the name of the Bank(s) or NBFC(s) upfront to the customers.

While there are also reports that RBI is looking into the source of funds of these lending apps, no further action has been taken by the banking regulator.

The Digital Lenders Association of India (DLAI) suggests that there should be a law in place not allowing short term loans with a tenure of below 60 days and interest rates should be shown upfront before processing the loan.

“When you start doing minimum 60, 90 or 120 days, it’s not easy to rotate money and companies will need to raise a lot of capital, do proper collections etc. You can't ask for very high-interest rates either, which also makes the business less profitable and margins are reduced,” Anuj says.

(With Inputs from Haripriya Suresh)

Read part two- Investigation: Chinese owners, Indian proxies, & ghost addresses

Did you like this story?

Become a TNM Member for just Rs 999!
You can also support us with a one-time payment.