Tackling the threat posed by loan apps
There are close to a 1,000 unauthorised instant-loan apps available on Google’s Play Store. Research conducted by internet activists shows that most of these apps were built in China. While they have been around for the last few years, their notoriety hit the headlines only after the Covid lockdown in 2020, when millions of workers suddenly lost their income. By the end of the year, at least 20 suicides were reported across India, directly related to bullying faced by customers. The accusations ranged from cyber-bullying to data theft, wherein the lender gets access to the borrower’s phone book and photo gallery.
While the abusive practices have attracted the attention of regulators, the bigger question is, where do these apps get the money to lend? As most of them originate in China, they do not have any tie-ups with Indian banks or NBFCs, a prerequisite to lend money. Does that mean some banks are flouting norms and KYC processes to lend to these apps? Or is the money coming from abroad, say, China? This is puzzling both internet activists and the RBI alike. Earlier this month, the Enforcement Directorate in Hyderabad launched a probe to check if these apps are involved in money laundering. This is important as the sheer volume of business done by them is huge, with transactions worth a whopping Rs 21,000 crore being registered.
While the RBI has put out warnings about such digital micro-lenders and Google has cracked down on a few of the many such apps, not much has been done by either the administration or technology providers to stop or penalise theft of data from consumers. The fact that most of these apps originate in China lends credence to such fears. From WhatsApp and Facebook to Chinese loan apps, the data of Indian customers is flowing freely into foreign hands because of the lack of a robust legislation. Experts are of the opinion that the Personal Data Protection Bill, 2019, pending in Parliament, is a good start, provided the concerns over government surveillance of citizens can be addressed. However, dealing with cybercrime and data theft requires a more holistic approach, one that integrates the industry, academia and the government.