How fake loan apps extort money

Mukesh Ranjan

Call it the pandemic’s residual effect on personal finances that gullible Indians in their thousands have, of late, been getting sucked into the trap of instant loans being offered by unregulated digital lending apps, mostly linked to entities based in China. What follows is stealing of personal data and a relentless cycle of extortion that has resulted in some of these borrowers taking the extreme step and ending their lives.

Delhi Police recently busted a fake loan application and extortion gang by arresting 22 persons. They allegedly lured people with fake loan schemes, and the money that was extorted using their personal data would be sent to their associates in China via cryptocurrency.

KPS Malhotra, DCP (Cyber Crime Unit) of Delhi Police, said, “We have found that there were 100 such apps involved in fake loan and extortion rackets. The apps would lure users to get instant loans. They would seek permission from users to access their data and steal all their contact details, chats, photos, etc. These would then be uploaded on servers based in Hong Kong.”

The police investigation found that the gang members, referred to as recovery agents, would then call the users and extort money using their morphed photos by operating from call centres.

“Due to fear of society, the user would pay the money but the accused would extort even more. All money was being sent to China through hawala channels or cryptocurrency. Victims who would take loans of Rs 10,000 to Rs 15,000 were threatened and forced to pay up to lakhs. We also received reports of suicide cases because of the app,” DCP Malhotra added.

Even Chandigarh Police’s Cyber Crime Cell arrested 21 members of a gang, including a Chinese national living illegally in India, for duping people on the pretext of providing them instant loans online and extorting money.

The Enforcement Directorate (ED) has launched an investigation under the Prevention of Money Laundering Act (PMLA) into the unauthorised instant loan app businesses on the basis of multiple FIRs registered in Hyderabad and Bengaluru over the past two years.

According to the agency, most instant loan apps have links to entities based in China. Chinese nationals or companies directly own several financial technology (fintech) firms in Gurugram, Delhi, Mumbai and Bengaluru or control them by using proxies as directors, it said, adding that to initiate the lending business, they infused funds into these firms directly or indirectly from overseas locations such as Hong Kong.

Meanwhile, noting that India is at a “strange juncture” where there is no data protection law, no privacy law and no specific law to deal with cybercrimes, Supreme Court advocate Pavan Duggal, who is also the president of Cyberlaws.Net, said, “The country appears to be a fertile and attractive destination for such unscrupulous elements, who believe that they can have a free run without the fear of being convicted.”

Duggal is of the view that it would be “next to impossible” for the police and other enforcement agencies like the ED to pre-emptively deal with these “fraudulent apps” within the existing legal and regulatory framework. “We need pre-emptive measures to deal with such crimes and for this, we need a holistic and dedicated criminal code as it exists in many developed countries,” he adds. “Amendments need to be brought to the Information Technology Act Rule 7 by inserting invocation of criminal liability under the IPC to make app promoters and app host platforms accountable,” Duggal says, adding that even the Reserve Bank of India (RBI) should come up with a regulatory framework for hosting such loan apps.

Considering the legal and regulatory vacuum, unscrupulous Chinese entities and individuals have quickly realised the potential to digitally exploit India, one of the most populous countries in the world, by creating cracks and distrust in the legal system, Duggal notes.

As per the existing law, a lending company needs to be either a bank or a non-banking financial company (NBFC) that is registered with the RBI. But a senior enforcement official says, “When the RBI refused to provide these Chinese entities with an NBFC licence to launch their digital lending business, they identified 38 defunct NBFCs with meagre capital ranging from Rs 3.5 crore to Rs 11 crore.”

Deals were then struck between the Chinese-controlled fintech firms and the NBFCs, providing security deposits worth over Rs 100 crore and bringing in more funding through the Foreign Direct Investment route, the officials said, adding that this enabled the NBFCs to register separate merchant IDs with various payment gateways for the fintech firms to start their lending business using loan apps.

The ED had on September 3 conducted raids at the premises of online payment gateways such as Razorpay, Paytm and Cashfree in Bengaluru as part of its probe under PMLA. It said it had seized funds worth Rs 17 crore kept in “merchant IDs and bank accounts of these Chinese-controlled entities”.

The RBI, too, took notice of the growing number of individuals and small businesses falling prey to unregulated digital lending platforms and mobile apps offering quick loans. On December 23, 2020, the RBI issued a note asking members of the public to verify the antecedents of companies offering such loans. “Consumers should never share copies of KYC (Know Your Customer) documents with unidentified persons, unverified/unauthorised apps and should report such apps/bank account information associated with the apps to the law enforcement agencies concerned or use the Sachet portal,” it had said.

Notwithstanding the RBI’s guidelines, the apps continued to offer loans, ranging from Rs 10,000 to Rs 20,000, to thousands of customers with minimum KYC requirements and based only on online verification.

A senior Indian Revenue Service (IRS) official said that to provide a loan, the apps ask customers to upload their Aadhaar card, PAN card and live photograph. Customers are also asked to share a One Time Password (OTP) that is generated. The borrowers give various permissions while activating the app, giving it complete access to their contact list, location, chats, photo gallery and camera, he added.

“The catch is that at the time of sanctioning the loan, the app deducts 15 per cent to 25 per cent as processing fee and the remaining sum carries an interest rate in the range of 182 per cent to 365 per cent per annum. A steep rate of penalty is added to the total repayable amount in case of default,” the officer said, adding that smartphone users often miss the fineprint in their desperation to avail loans.

Noting that the rate of recovery from these loans is as high as 90 per cent, the officer said the net profit is generally in the range of 25 per cent and more, but the NBFCs get only 0.2 per cent to 0.5 per cent of the interest collected.

Modus operandi

• Fraudsters mostly target people from low or medium income groups, who are generally considered to be not-so savvy in finance and technology. They are offered small amounts (Rs 10,000- Rs 20,000) as loan.
• Fraudsters first deduct a certain percentage of money lent as processing fee and combine this with penalties on any delay in repayments.
• They also charge exorbitantly higher interest rates than the legal range prescribed by the RBI.
• These lending apps get access to personal data from the borrower’s mobile phone, which they allegedly use to harass them and extort money.

Tips and Precautions for borrowers

• Do not click on unknown, unverified links and immediately delete such an SMS/email.
• Unsubscribe to mails providing links to a bank, e-commerce and/or search engine website. Block the sender’s ID before deleting the email.
• Always go to official website of your bank service provider.
• Check URLs, domain names received in emails for spelling errors.
• In case of suspicion, inform the financial institution.
• There is no need to enter PIN or password anywhere to receive money.
• Check on the publishers or owners of the app before downloading it.
• When downloading an app, only give permissions that are absolutely essential for using the application.

FM asks RBI to make ‘white list’

The government has asked the Reserve Bank of India to prepare a “white list” of legal digital lending apps to be permitted to be hosted on app stores. The RBI will also monitor money laundering through mule/rented accounts, take proactive action in cancelling dormant non-banking financial company (NBFC) licences and remove unregistered payment aggregators within a timeframe.

List of fake Chinese apps to be avoided

• Raise cash
• PP money
• Rupees master
• Cash ray
• Mobipocket
• Papa money
• Infinity cash
• Kredit mango
• Kredit marvel
• CB loan
• Cash advance
• HDB loan
• Cash tree
• RAw loan
• Under process
• Minute cash
• Cash light
• Cash fish
• HD credit
• Rupees master
• Ruppes land
• Rupee loan
• Cash room
• Well Kredit