Devious menace: The Hindu Editorial on predatory loan apps

In the case of Nithin Raj, a first-year dentistry student who died after falling from the top of a five-storey building in Kannur last week, police found that harassment for a loan he had taken through an app was a contributing factor. His death was the third high-profile suicide linked to credit practices in Kerala in four months. Since January, more than 35 complaints regarding these practices have been registered in Thiruvananthapuram Rural alone. Parallel investigations in Raj’s case are also looking into allegations of caste-based discrimination at his school, and the National Commission for Scheduled Castes has requested a report from the State police in less than a week. Once installed, these apps extract contact lists, photo galleries and GPS data from the user’s device and transfer them to servers usually located in North India or abroad. If repayment is delayed, recovery agents continually escalate harassment to the borrower, including repeated malicious calls, harassing people listed as references in the loan application, and damage to reputation. Kerala in particular has high smartphone penetration and digital literacy, but financial literacy is not sufficient and there is a large student population with urgent small loan needs. Despite RBI’s Digital Lending Guidelines, predatory apps lend without regulated status, fabricate Non-Banking Financial Company (NBFC) partnerships, route funds through opaque gateways, hide fees and payment deductions, and provide no grievance mechanism.

The apps can work because the malicious entity operates at the application and data layers, while the RBI regulates financial assets. As a first step, smartphone manufacturers have warned that any app classified as “financial” cannot access contacts, photos, etc., even if the user gives permission. should consider an operating system-level sandbox to which access is technically prohibited. The apps’ call centers are often traced to other states or countries beyond the reach of local police. Second, India needs to enact a law that includes prison sentences and heavy fines for illegal digital lending. When an app is removed from a store or directory, its developers immediately relaunch it under new names. Third, the government may require all financial apps to obtain a cryptographically signed affiliate certificate from a regulated bank or NBFC and app stores to check listings against the Reserve Bank of India whitelist. This is why the Kerala government is considering new legislation to regulate digital lending platforms and empower local police to take action against apps operating from outside the State. Fourth, the country needs stringent disclosure standards on effective interest rates and fees, stringent rules on recovery management, stricter KYC (Know Your Customer) obligations on payment aggregators, and risk flags on UPI IDs associated with lending transactions associated with a high complaint rate.