Surya Prakash Tripathi is a 30-year-old marketing professional working for an international pharmaceutical company in Uttar Pradesh’s Gorakhpur. His CIBIL score, as assigned by the credit information company, has mostly stayed upwards of 800. Tripathi often got offers on credit cards and personal loans on a daily basis. But then things changed. In December, Tripathi was shocked to find that his CIBIL score had fallen to 680 and due to the lower credit rating, he was deemed ineligible to become a guarantor to an associate’s loan application.
Puzzled, Tripathi started enquiring with credit monitoring agencies to understand what went wrong with his CIBIL score. Having knocked on many doors, Tripathi eventually learned that two separate loans were passed under his name by fintech app Dhani. The two loans were of Rs 1,000 each and due to non-payment of interest, in one loan account the amount overdue reached Rs 10,000.
On January 9, he wrote his first official mail to email@example.com with the subject line “Wrong loan show in my CIBIL”. The email read: “Dear sir, in my civil (CIBIL) wrong loan show and not taken any loan from dhani. It will show (shows as) Ivl finance limited. Kindly remove on urgent basis (Sic).”
The Dhani support team immediately responded, saying, “Dear, Surya Prakash Tripathi …, Greetings from dhani!!! This is in response to your mail. We regret the inconvenience caused to you. As per telephonic conversation, we hope your issue is been resolved.
“For any further clarification or changes you may contact our customer care… We look forward to your continued patronage with dhani.
“Thank you for your understanding and cooperation.”
Not satisfied with the response, Tripathi approached the Reserve Bank of India (RBI) and after three months of negotiations with the Dhani team and others, the issue was sorted out and his CIBIL score is now back to over 800. The fake loan account was deactivated.
This is not an isolated case.
Something similar happened with 33-year-old entrepreneur Praphul Kumar. Kumar claims that his CIBIL score dropped sharply after a loan worth Rs 5,000 was passed under his name by Dhani without his consent. The contact number, email ID, date of birth and address mentioned in the loan account were invalid, he said.
Moneycontrol has seen the email interaction between Kumar and the Dhani customer care representative. Kumar’s loan account is closed on the Dhani app but continues to appear in his CIBIL report, he said. He has also approached the RBI, CIBIL, the Serious Fraud Investigation Office and the police with his grievance.
“If you are a businessman, your business loans can get affected as your PAN is linked to your firm and this can harm your entire business cycle," he said, adding that the amount of mental anguish this can put you through is unimaginable.
A larger issue
These are not one-off cases. Recently, many customers of Dhani had taken to social media about fake loans in their names. Alleging that their PAN details were used by unknown people to avail loans via Dhani, some have complained that they are facing show-cause notices by collection agents for loans they never took. The list included even the actor Sunny Leone.
Complainants added that their credit scores have also been impacted, as credit reports have listed loans they had never availed as defaults.
While the informed customers often get quick assistance, that isn’t the case with everyone.
“I am educated and have the means to reach the authorities. There have been countless similar complaints made by others too. How can a financially unaware person approach the relevant authority? Will he be privileged enough?” Tripathi said. Moneycontrol has seen the list of emails exchanged between Tripathi and the Dhani team. An email sent to Dhani seeking its response remained unanswered at the time of filing this story.
Digital frauds in numbers
During the pandemic, when customers could not venture out for immediate financial assistance, a large number of fintechs offering instant advances at higher rates started appearing on app stores.
As per the RBI’s Report of the Working Group on Digital Lending including Lending through Online Platforms and Mobile Apps dated November 18, there were approximately 1,100 lending apps available for Indian Android users alone, out of which 600 were found to be illegal.
During 2020-21, there was a marked increase in frauds related to private banks both in terms of number as well as the amount involved. In H1FY22, private lenders accounted for more than half of the number of reported fraud cases and in value terms the share of state-owned lenders was higher, indicating the predominance of high-value frauds, the RBI said in its report titled Trend and Progress of Banking in India published on December 28. While the major share of loan-related cases pertained to public sector banks, private banks accounted for a majority of card, internet and cash-related cases.
On an overall basis, a total of 4,071 fraud cases were reported by Indian lenders between April and September 2021 and the amount involved in these frauds was Rs 36,342 crore. During the corresponding period a year earlier, a total of 3,499 frauds amounting to Rs 64,261 crore were reported by lenders, as per RBI data.
“Apart from eroding customer confidence, frauds present multiple challenges for the financial system in the form of reputational risk, operational risk and business risk,” the regulator said.
The central bank has been consistently sounding the alarm and issuing public advisories over the rise of digital frauds and the need for more public awareness about the issue as it directly impacts their financial wellbeing. On March 7, it issued a booklet named BE(A)WARE that presented various modes through which fraudsters scam customers and how customers must protect themselves while conducting financial transactions. The regulator said sharing of confidential information by the customers, knowingly or unknowingly, is one of the major causes leading to the financial frauds.
Apart from operating the Reserve Bank–Integrated Ombudsman Scheme where complainants file grievances against registered entities free of cost, the RBI has also been actively promoting financial awareness via workshops and public interest advertisements, and penalising and even barring financial institutions that violate lending norms.
On February 24, the central bank cancelled the registration of PC Financial Services, which was engaged in a mobile app-based lending business through its app called Cashbean, on account of supervisory concerns such as gross violations of RBI directions on outsourcing and KYC or know your customer norms.
Identity theft has always been one of the key areas that banks have constantly highlighted as their primary concern, K.V. Karthik, partner, financial advisory services, at Deloitte Touche Tohmatsu India LLP told Moneycontrol.
“This continues to persist even in the latest edition of our survey report. Regulators and other official bodies have been providing and continue to provide regulation, guidance and recommendations. The Reserve Bank of India has also introduced an ombudsman scheme for all digital transactions to redress customer complaints against payment systems,” said Karthik.
How can companies and customers tackle digital loan fraud?
Amit Das, co-founder of Think360.ai, the parent company of Kwik.ID, a KYC solutions provider, says the recent spate of frauds, impersonation and related issues that digital lending companies face has forced the debate around KYC processes and fraud checks centre stage. There are typically three or four issues to be solved when getting digital customers on board, Das told Moneycontrol. Identifying the customer with a valid proof of identity is the first.
Further, establishing the customer’s location via proof of address, ensuring against tampering and impersonation are also required in order to maintain data privacy and safe onboarding of loan customers.
Kwik.ID uses various validation services such as NSDL (for PAN), UIDAI (for Aadhaar), voter ID details check and driving licence check when getting customers on board, he said. Facial recognition, liveness detection, and validation against the US’s Office of Foreign Assets Control and other sanction lists are some other checks.
Further, from a legal perspective, any remedy for a digital loan fraud victim essentially lies under the Information Technology Act and the Indian Penal Code to some extent, lawyers said. Usually, cases where the accused is an identified person are easier to crack, they add.
Any victim affected by digital loan fraud or cyber fraud must immediately file a complaint with the cyber cell as well as the entity which has granted the loan as a first step. That apart, the aggrieved individual will also have recourse against the entity which has granted the loan in the eventuality that such entity has not carried out adequate due diligence as required in such transactions, said Shreya Suri, a partner at IndusLaw.
“Outsourced entities which are not directly regulated are often engaged by lending institutions. Their responsibility and onus comes from the agreement that they have with the lending institution. So as of today, there is no law directly regulating outsourced entities other than the outsourcing guidelines applicable to NBFCs (non-banking financial companies),” Suri said.Experts say the best way to avoid digital fraud is to not click on unidentified links and to independently verify the authenticity of loan apps and whether the party one is dealing with is regulated. Further, people must also routinely check their CIBIL score to keep track of their credit rating for financial planning. The onus also lies on regulated lending entities to check their IT and risk management systems at regular intervals. As Das says, “Almost all strong digital lenders strike a balance between user experience and fraud checks to minimise losses and reputation risk.”