Application security, cybercrime, fraud management and cybercrime

Workgroup highlights professional misconduct and suggests minimum standards for better safety

Soumik Gosh •
22 November 2021

Critical issues in the Indian digital payments space have been identified by a Reserve Bank of India task force that recommended new regulatory frameworks, technology upgrades and guidelines to prevent fraud and address other problems.

See also: How to improve your defenses with Security Analytics

The task force included stakeholders from financial institutions, government agencies, law enforcement agencies, academics and fintech companies, according to India’s leading financial regulator. It sought to maintain neutrality vis-à-vis technological differences, adopt principles-based regulation instead of a rules-based system, and ensure a level playing field and market integrity, according to the RBI report.

Illegal apps

The task force report found that out of 1,100 digital lending apps at 81 Indian app stores, 600 were illegal. Of those 600, 350 were single apps, while the rest emulated legitimate loan apps, he says.

Several illegal and bogus apps have now been removed, said Rahul Sasi, a member of the RBI task force and chief technical officer of Indian cybersecurity firm CloudSEK, who did not specify the removed number.

In March, the RBI identified and blocked 27 fraudulent loan applications, according to a report by Financial Express.

To eliminate bogus apps, the task force says software companies should use digital signatures to allow end users to verify authenticity. The National Security Council Secretariat’s new privacy and security project, I-CAMPS, will also help eliminate bogus and illegal loan applications, Sasi said.

Loan recovery

Sasi told Information Security Media Group that many digital loan applications – not just bogus – have used “illegal and unscrupulous” methods to collect the loaned money.

Consumers could borrow small sums of money – from Rs 4,000 to 10,000, or $ 54 to $ 134 – from any of the thousands of loan apps available, he says. “When unable to repay the borrowed money, some credit companies used their access to customer contacts and media, set up WhatsApp groups with borrowers’ family members, and shamed customers and accused them of fraud, ”Sasi said.

The harassment even led some clients to commit suicide, he adds. As of January, at least six such deaths were reported.

Amala Halder, a legal consultant and former lawyer at the High Court in Calcutta called the practice “shocking” and told ISMG that as a practicing lawyer she often faced harassment cases in which Loan applications used “inhumane means of collection for even small sums.” silver.”

The RBI is proposing new law to regulate the digital lending space, which will likely involve compliance guidelines as well, she says. “The best bet for borrowers is to remain vigilant and only use non-bank financial companies registered with the RBI for loans. The list is on the RBI website.”

The task force also recommended that balance sheet lending through digital lending apps be limited to entities regulated and authorized by the RBI. Loan servicing and repayments should be made directly to a balance sheet lender’s bank account and disbursements should always be made to the borrower’s bank account, he adds.

Use of CIBIL scores

Banks in India determine a borrower’s ability to repay loans based on CIBIL scores, which are calculated on the basis of credit history.

Several digital loan companies did not use the Credit Information Bureau of India Limited, or CIBIL, as an underwriting mechanism because loan amounts were low. Instead, they relied on customers granting full access to their mobile devices, Sasi says.

“One of the task force’s recommendations is that all digital lenders will be required to approve or deny loans based on CIBIL scores only.”

Some digital lending platforms exploit users’ lack of financial literacy and charge them exorbitant interest rates, Rahul Pratap Yadav, chief commercial and strategy officer at digital payment company iMoneyPay and former vice-president, told ISMG. – senior chairman of Yes Bank. He adds that digital lenders trap other clients through tiered marketing and offering them referral bonuses.

Lack of privacy awareness and the lack of regulatory mandates protecting user identities have also contributed to the list of challenges in the digital lending space, Yadav notes.

He recommends that digital lenders “have the right checks and balances in the application, and educate borrowers about financial fraud and bad debts due to financial irresponsibility.”

India’s digital lending space is also home to several China-based players, according to the task force. “Anyone who has access to money and can build an app is able to become a digital lender,” says Sasi.

Many of these unregulated digital lending apps charge 10-15% monthly interest, making the lending market a lucrative business for businesses trying to make a quick buck, he says.

Other recommendations

The RBI working group recommends the establishment of a secretariat that will verify the technological credentials of lenders in the digital lending ecosystem and of a self-regulatory body to oversee lending platforms.

It also recommends basic technology standards for digital lending applications of regulated entities. Standards should include secure application logic and secure application code, keeping event logs of user activity along with their geolocation, IP address, and device information.

And digital lending companies must implement a multi-step approval process for critical activities and monitor transactions processed on the app in a verifiable manner, according to the RBI report.

The working group also recommends measures to ensure the protection of sensitive data and protection against SQL intrusions, as well as the adoption of appropriate data encryption technologies.

Additionally, when people are discriminated against by legitimate lenders, they may be forced to borrow from questionable sources, which can put them at risk of fraud. Therefore, the group says it’s important to consider the possibility of bias seeping into the AI ​​algorithms that digital lenders use for underwriting, Yadav said.

“Bias was also noticed in AI algorithms in the US and Europe. It was observed that some demographics had not received loans. Therefore, gaining visibility in the algorithm is a recommendation important. “

The RBI Task Force recommends that algorithm audits identify minimum underwriting standards and potential factors that can lead to discrimination.