At a time when Chinese loan apps are being criticised for imposing exorbitant interest rates and employing predatory practices, fintech company MobiKwik (which was looking to go public until recently) has been accused of resorting to similar, ethically-dubious practices for securing the repayment of a loan availed from its platform.
This particular incident pertains to Bharath C Raghurama, a 34-year-old native of Karnataka who is currently based in Gujarat. Raghurama had availed an instant loan offered by MobiKwik in December and his repayment was scheduled for the end of the month. But when Raghurama was not able to pay it by the stipulated deadline, MobiKwik agents started harassing him over WhatsApp, it is learnt. They warned him that if he is not able to repay the sum as soon as possible, then friends and family would be informed about the situation. They also appended a list of his ‘key contacts’ as proof that they have access to the details of his friends and family.
We reached out to co-founders of MobiKwik Bipin Preet Singh and Chandan Joshi, Associate Director and Head of PR and Communications Amandeep Arora, and another PR group associated with MobiKwik with specific queries in this regard. However, we are yet to receive any response from them.
Several people have ended their lives due to harassment from representatives of unauthorised digital lending apps, many of which were found to have ties with Chinese nationals. Agents of such unregulated apps also allegedly threatened to start reaching out to people on victims’ contact lists.
This is harassment and breach of privacy: Victim
“How did MobiKwik get access to my contact list? I did not share with them at any point. This is a breach of privacy. How could they do this?” — Bharath C Raghurama
Raghurama said that he plans to approach the Reserve Bank of India to register a complaint in this regard. He also shared screenshots of the conversation that he had with the MobiKwik agent.
Note: Sensitive details such as names and phone numbers of Raghurama’s friends and family have been redacted in the following image.
The MobiKwik agent was in touch with Raghurama over phone and WhatsApp for the better half of a month. They also called him numerous times, to remind him of the repayment. It was only in February, as per the screenshots, that the person who identified themselves as being from the MobiKwik Loan Team, texted Raghurama his key contact details including phone numbers of his father and mother, among others. Raghurama also dismissed the agent’s contention that he did not respond to their pleas for repayment.
MobiKwik responds over Twitter: When Raghurama first raised the issue on Twitter, MobiKwik responded to his tweet and later contacted him via direct message. Here are screenshots of his conversation with the MobiKwik support team.
While MobiKwik apologised for the ‘inconvenience’, it also stated that “all lending companies follow necessary resources to collect money owed by customers if they have not repaid on time,” and said that “process-wise, contacts are only called if the customer is late in repayment.”
This is not a one-off incident: SaveThem India Foundation
SaveThem India Foundation, a team of cybersecurity researchers and criminologists, has been investigating predatory loan apps in India since March 2020. Sandeep Kumar Sahoo, the director of the foundation, told MediaNama that this practice is not just restricted to obscure apps offering instant loans but has been getting prevalent in recent days in regards to more mainstream, RBI-regulated financial platforms such as MobiKwik.
“Majority of companies, hire or outsource their outreach/calling department. For instance, a BPO calling centre/customer care centre takes projects from different companies. A lending application may give data to the third party and give them the responsibility of recovering the money for a certain sum.” — Sandeep Kumar Sahoo of SaveThem India Foundation
Sahoo alluded that the rise of such predatory practices was due to the negligence of authorities as well as loopholes in India’s legal system. “India still does not have a data protection law,” he added.
MobiKwik faced a cybersecurity breach last year
In 2021, sensitive data belonging to millions of cardholders and users stored on MobiKwik’s servers has been compromised and put up for sale online, according to several security researchers. The data breach was first reported by cyber security researcher Rajshekhar Rajaharia back in February 2021.
The data dump, around 8.2 terabytes worth, allegedly belongs to users of the payments application and includes their sensitive financial and personal information. It includes:
- Leaked database contains 8.2 TB worth of data, 36 million files containing KYC information belonging t0 3.5 million people
- Around 7.5 TB worth of KYC data pertaining to over 3 million merchants on MobiKwik’s network.
- Includes a total of 350 GB of MySQL dumps that include 500 databases
- Contains 99 million users’ phone numbers, emails, hashed passwords, addresses, bank accounts and card details
- Over 40 million card details, up to 10 digits, have also been leaked with month, year and card hash data
- MobiKwik IPO: Platform plans to raise Rs 1,900 crore, dismisses data breach allegations, and more
- Millions of card and KYC details leaked from MobiKwik up for sale
- MobiKwik raises $7.2 million in pre-IPO funding round
- MobiKwik’s revenues up 134% in FY20 on the back of consumer payments and fintech lending
Have something to add? Post your comment and gift someone a MediaNama subscription.