Concerted steps needed to curb fake digital apps: FACE CEO Sugandh Saxena

All apps, including legal ones with sophisticated cyber security protocols, are prone to fraud and cyber threats, said Saxena

Fake apps have emerged as a significant threat in the digital lending ecosystem, with the potential to shake public confidence in the channel, at a time when digital payments have taken off in a big way in the effort to foster financial inclusion. SUGANDH SAXENA, chief executive officer of the Fintech Association for Consumer Empowerment (FACE) — an industry association that recently applied to the Reserve Bank of India to become a self-regulatory organisation — spoke with Raghu Mohan on the concerns over fake apps. Edited excerpts:

How do you look at the phenomenon of fake digital apps?

Digital lending apps started around 2015-2016, when many fintech startups started leveraging our excellent public infrastructure on e-KYC and payments and progressive public policy framework for financial inclusion. These apps and fintechs became even more significant during the pandemic, as they enabled millions of consumers and small businesses in need of digital financial services and convenient credit to deal with the blow to their livelihoods. 

Unfortunately, success is also attracting fake lending apps, crowding popular mobile application marketplaces, misleading consumers and taking advantage of their need for money. They misguide on the interest rates and all-too-easy processes that get customers attracted to, or rather, fall prey to. Once a user starts engaging with the apps, the harassment starts — charging high processing fees and then disappearing, or changing their app name and identity, or doubling up the loan amount.

In the process, they extract personal data such as contacts, addresses, and phone gallery, which they eventually misuse against borrowers and their contacts. The reason why it has been so difficult for enforcement agencies to get hold of these apps is that their modus operandi is very nebulous and unpredictable. They are fast, elusive and they change their identity very often, making tracking, crackdowns and swift action extremely tricky.

The Reserve Bank of India (RBI) working group’s (WG’s) report on digital lending gave the impression that digital fraud is largely from unregulated entities, but this is not the same as saying it only emanates from them. How do you react?

Absolutely. All apps, including legal ones with sophisticated cyber security protocols, are prone to fraud and cyber threats, as they are digital entities, as we have seen in cases like the Dhani data breach. Look at what happened to government agencies in Costa Rica last week. Running an app and being prone to digital fraud is understandable, and action can be taken to eliminate the attacker, strengthen cybersecurity measures and mitigate the damage to customers. 

However, we need to differentiate illegal lending apps and treat them very differently, as they are essentially built with the sole purpose of fraud, harassing customers and extorting money, which becomes a different ball-game. We should not club the two issues.

What’s the sense you have got from stakeholders and regulators on this issue?

From the RBI, regulated entities, Google to enforcement agencies — every stakeholder is concerned about the wavering trust in digital lending apps. All agree that the issue has to be dealt with on a continuous basis rather than with sporadic interventions. As part of the RBI’s WG’s report, there are concrete suggestions to arrest the issue of fake apps and ensure sustained growth of the industry, including the role of the self-regulatory organisation (SRO). The report is already giving us a blueprint, and in line with that, FACE is working to take the responsibility of the SRO.

We already have a code of conduct for lenders and we are working on other standards proposed in the WG’s report. I believe the solution to these problems lies in creating a tech-innovation-regulation trifecta. On another level, regulators and law enforcement need to work towards putting up higher benchmarks on loan apps, such as withholding the Certificate of Registration, which serves as a strong deterrent for errant players.

Can you throw light on your partnership with Equifax to launch the Luminate Exchange?

Luminate Exchange is a special project that we launched along with our FACE member-companies to tackle identity fraud. It’s a risk management exchange that enables fintech lenders to mitigate identity fraud at its origin, in real time, using the power of common big data, giving them greater confidence while processing loan applications. It’s still at a very nascent stage, but we are looking to scale fast with this solution.

As of now, lenders tag them using their own protocol based on the information they have. Lenders use this information to undertake further scrutiny on the application. The collaboration is still in its very early days, and we are still working with a few partners to see how it works.

What’s the difference between FACE and the Digital Lenders Association of India?

Both of us are industry associations of fintech players, working towards a similar goal. However, FACE differentiates itself by focusing on digital lending in the regulated space only, and using the customer well-being lens in all our work. In that sense, FACE is rather unique, where lenders have come together to form an association to prioritise customer-centricity and the SRO framework.