In March 2020, Shonali was laid off from a lecturer position at a private university in West Bengal. Faced with a cash crunch, the 48-year-old lecturer turned to Chinese instant loan apps. These apps provide loans instantly without collateral but high-interest rates. Starting September, Shonali used the money that she had loaned from these apps to meet her expenses. However, by October, she had started defaulting.
These apps provide micro-loans of as little as ₹ 1,000. However, the catch here is that they have a much shorter repayment period and very high-interest rates. The standard interest rates are not only 1 per cent a day on average but also compounded on a weekly or a fortnightly basis. Also, they usually charge 14 per cent to 15 per cent of the principal amount as a processing fee.
To pay off one loan, she ended up taking loans from almost 25 such instant lending apps. The principal amount cumulated to ₹ 2.4 lakh. It was a debt trap. Following this, she received innumerable threats and harassment calls to repay the loans. "We paid ₹ 7.8 lakh with interest as loan repayment. The harassment nearly drove me to suicide, but I survived," she said to The News Minute. However, her nightmare was far from over.
In December, she briefly lost access to her HDFC, ICICI, and SBI bank accounts. Someone had changed her net banking credentials as well. Then, she received an email from Kotak Mahindra Bank that congratulated her for opening a bank account. She also received an OTP email from Bitbns, which is a cryptocurrency exchange.
How Did The Apps Access Her Private Information?
Shonali had to share her Aadhaar card details with these apps as KYC to avail of the loans. Buying and selling digital currencies in cryptocurrency exchanges do not require a KYC. However, if a bank account needs to be linked with any of these exchanges, a KYC verification is mandatory.
Reportedly, the KYC data is being used to open bank accounts. These bank accounts — linked to crypto exchanges — are being used to siphon money abroad.
"There could be many such fake bank accounts being used for crypto exchanges that we are unaware of," said Sandeep Sahoo, Director, Savethem India Foundation. The foundation comprises of cybersecurity professionals who research the Chinese-operated instant lending and online betting apps. They also assist victims of such frauds and connect them to law enforcement agencies.
Fortunately — with the help of the banks and Kolkata Cybercrime Police — Shonali was able to recover her lost money.
Who Else Is The Data Shared With?
When Shonali defaulted on her payment in one app, she was redirected to another app to repay the initial default amount. Allegedly, once installed, this apps gains full access to the contacts, gallery, location, and other details. The entities that run these lending apps are also linked to online betting and gaming apps. So, the user information is shared across several apps that the user is not even aware of. Out of the 25 apps used by Shonali, four apps are already being investigated by Hyderabad Police.
The police are investigating many similar apps in Delhi, Karnataka, Tamil Nadu, Telangana, and the Enforcement Directorate. The Crime Division of the Hyderabad Police had sought to remove hundreds of such apps from Google Play Store. However, cybersecurity researchers say that many of these apps are still operating with valour.
The police have arrested seven Chinese nationals and 35 Indians as part of the crackdown on these apps.