The Dark Underbelly of India’s FinTech Lending — Ghost Loans

Stories have been breaking in the past week on Ghost Loans that show up on unsuspecting people’s credit bureau reports. It is where a fraudster avails a loan with someone else’s identity details. New age digital lending apps make it so easy that all it takes is a PAN number and an address proof document. The victims are unaware that loan(s) have been availed with their identity & often discover this by chance when they apply for a credit card or loan themselves. While identity theft & frauds are not new to the lending business, the scale & acuteness of the problem has been exacerbated by a multitude of factors, starting with the digitisation of the lending business.

Rollback to 90s and early 2000s, retail lending was a small part of Indian Banks. The neighbourhood branch State Bank of India would only process unsecured loans of applicants that the branch manager personally knows. Even opening a saving bank account would require a recommendation letter / introduction by an existing customer of the bank. Fast forward to 2020, there are 1000s of mobile apps that disburse loans at mind-boggling pace where anyone can go from downloading the app to money-in-bank in under 3 mins. A famous commercial with the legendary M.S.Dhoni advertises how Indiabulls Dhani mobile app can give out a loan in the time it takes to complete an elevator ride.

While the digital lending business in India has many pros & cons, lets focus on the factors that contributed to the ghost loans problem.

Need For Speed

In order to quickly disburse money to someone that doesn’t already have a relationship with the lending company (like an existing savings account holder with a Bank), the process has to be completely automated with no time for manual verifications. It is not just the speed but also the sheer volume of these loans that make manual operations & verification impossible. An app like PayTM disburses almost 50,000 loans a day. Software technology doesn’t yet support 100% accuracy in verifications yet, as discussed below.

What’s in a Name?

“That which we call a rose by any other name would smell as sweet” — Shakespeare

All lenders are required to verify the authenticity of documents & match the details of name & date-of-birth across. Usually the borrowers submit 3 documents;

• PAN for credit checks
• Aadhaar or other address proofs (for KYC compliance)
• Bank Account details to receive money

Establishing the authenticity of these documents is one problem. For example, non-Aadhaar based KYC documents are hard to authenticate especially if they are submitted via a photo take on a mobile phone. That said PAN, Aadhaar & Bank Accounts are easy to verify directly with the Govt. / Bank databases. Thanks to all the progressive efforts of agencies like NSDL, UIDAI & NPCI.

The task of matching the details across these documents is, however, another ball game. It is very common for names to be different to the point of it being confusing for human eyes, leave alone an algorithm on a computer. English is not a language that preserves phonetic fidelity. A name like Aditya Sinha will have all sort of variations in the documents like Adithya S, A Sinha, Mr.Adith Singha and the notorious Mr.Adithya Sinha s/o Gunjan Sinha (frequently seen on PSU savings accounts). The error tolerances for matching names in algorithms are set so wide that any two 5–6 letter words starting with A & S will match!

Adithya Kalra’s Ghost Loan was disbursed to a PayTM account of Adity Yogi (courtesy The Ken)

Date of birth is another problem. It is common and easy for people, especially in tier-2 cities / rural areas, to use different date of birth across documents usually done for meeting age criteria for admissions in school, jobs, sports etc. There are also mistakes done by agents who create these documents while entering the data from a paper form into the govt. database portal. For these reasons, lenders might only match year of birth or year+month.

In Buy-Now-Pay-Later schemes, the step of of verifying borrowers bank account is skipped altogether since the money goes to the vendor or platform like Amazon, Flipkart or PayTM merchant.

In-Person Verification & Face Match

Another step in the KYC process is to ensure the borrower is live / present at the time of applying. The old way was to send an agent to borrower’s location and have them sign the documents. The agent is also required to certify this. In the digital process, there are a few options like eKYC (only available to Banks), oKYC (otp based), video KYC (expensive & manual). The OTP based oKYC only proves that the person has borrower’s mobile phone. Lending companies combine oKYC with a selfie to match the face of the borrower against the ones in the documents. Given the quality of photos on documents like PAN, Aadhaar, this is an impossible task even for human eyes. Another problem is the less-than-steady hands of people capturing the images on their worn out mobile phones. Third problem is the face-match algorithms that don’t work well on non-caucasian faces. It shouldn’t be surprising if some of the lending companies skip this step altogether in order to provide a good customer journey.

Large Scale Leakage of ID documents

Outside of lending, many organisations & professional services require documents like Aadhaar & PAN. For example to purchase sim cards, Internet, DTH, utility connections, file tax returns or even buying cars & jewellery. These documents are collected by agents either in hard-copy or more popularly on WhatsApp. They are stored in unsecured databases & storages by agencies. Databases get hacked. Agents sell these documents.

Summary

Combine these factors

1. Documents leakage
2. Need for complete automation in lending
3. Hardness of verifying the details
4. Ensuring borrower’s presence

we have an ideal system for fraudsters to exploit. While the lender does incur losses, all of that gets hidden or ignored under the growth-at-all-cost mantra. When dealing with the victims, it is easier for the lenders to ask for forgiveness than prevent it. Prevention is expensive & slows down growth.

Digital lending isn’t all bad. It has opened up the lending to segments & locations previously unserved. Credit has been made accessible to everyone. Sachet-sized credit is essential in a market like India. Financial inclusion can happen only with small ticket loans which in-turn are not possible without software, technology & automation. As we go through this transition period of technology adoption in lending, there will be un-intended consequences. Fortunately the good folks at Reserve Bank of India are already acting to course correct with a lot of appropriate measures. Soon the compliances will not be a good-to-have but a must-have.

What can we do?

There are a few things that we as consumers can do to protect ourselves from these ghost loans.

1. Don’t give out identity documents like PAN & Aadhaar unless absolutely essential. Ensure the company / agent is trustworthy and the mode of transmission is safe. Write the purpose of giving out the document copy along with the name. E.g., “For obtaining Airtel SIM card”, “Buying jewellery at ABC jewellers in Bangalore”. In case of identity theft, you can trace back the source of leakage & hopefully hold them accountable.
2. Check your credit score periodically. Credit Bureaus like Transunion Cibil are legally required to give out a free credit report to individuals once a year. Make sure to exercise this option.
3. If you find Ghost Loans on your credit report, complain to the lending company (Bank or NBFC) immediately. Escalation to RBI after 30 days is an option. Remember, squeaky wheels get the most grease.
4. Help create awareness in your community. Help the victims get resolution. Especially the less tech-savy & financially illiterate.