- Menacing messages, threats spiral along with debt
- Legal loophole creates Wild West for lending apps
- Complaints mount but regulators powerless to act
By Diana Baptista and Avi Asher -Schapiro
MEXICO CITY, Aug 11 (Thomson Reuters Foundation) – A week after Pedro Figueroa borrowed 10,000 pesos ($500) from José Cash, a popular Mexican lending app, the barrage of online abuse began.
A slew of WhatsApp messages swamped his phone, threatening harm – to him and his reputation – if he did not pay.
Figueroa had borrowed the money to tide him over a rough patch, but was soon caught in a cycle of debt and extortion as the app sent ever more menacing messages, including a threat to send a doctored image to all his contacts labeling him a pedophile.
To pay down the debt and escape the stress, 34-year-old Figueroa turned to other digital apps to borrow more money, and in three months, had racked up debts of $75,000 across 27 apps.
All of which pushed him to contemplate suicide.
“I fell into a deep hole of anxiety because of these apps,” Figueroa, an IT specialist, told the Thomson Reuters Foundation, using a pseudonym for fear of further reprisals.
Figueroa is one of more than 2,230 people who fell prey to fraudulent loan apps in Mexico between June 2021 and January 2022, according to data compiled by the Citizen Council for Justice and Security, an advocacy group based in Mexico City.
The Thomson Reuters Foundation found 29 loan apps with millions of downloads in the Google Play Store that have been reported to the authorities for extortion, fraud, violation of Mexican privacy law, and abusive financial practices.
“We take this issue very seriously and are committed to providing a secure platform for billions of Android users. We have already implemented measures against more than a dozen apps and will continue to investigate,” a spokesperson for Google wrote to the Thomson Reuters Foundation.
The explosion of predatory lending apps in Mexico is part of a global trend that authorities have struggled to contain.
A Reuters investigation last year found dozens of lending apps in India that violated Google’s own policies against short-term loans.
Investigators in Kenya launched a probe last year into possible data privacy violations by mobile lenders, while regulators in the Philippines have flagged dozens of mobile lending apps as being in violation of local laws.
BIG EASY CASH
Figueroa downloaded José Cash at the end of March, lured by the app’s promise of a quick loan with no credit checks.
The app boasts more than a million downloads and a rating of 4.8 out of 5 on Google Play Store.
“What drew me to it was its ranking and amount of downloads. It also had an attractive message saying it would lend you up to $20,000 in under five minutes,” said Figueroa.
Like most of the apps surveyed for this article, José Cash has thousands of similar, five-star reviews written in broken Spanish, all praising the app’s interest rates and speed of approval.
The moment Figueroa downloaded the app, he inadvertently agreed to grant it access to his contacts list, call history, camera, location, SMS messages, social media accounts, and browsing history.
To register for a loan, he also provided personal information – full name, address, a picture of his national ID and bank account number.
The app also had information of the phone including the IMEI number, year, model, and WiFi connection.
“It was unclear to me then how my information would be used,” said Figueroa.
The 29 apps reviewed for this article all collect sensitive information that experts say exceeds what federal law allows.
Most loan apps tote a similar line in privacy policies – all invalid even if the user agrees to share their data, said Dafne Méndez, founder of consulting group Privacy Watchers.
“Why do loan apps need access to the user’s contacts list or their pictures? It is not really necessary for their purpose,” she said. “What they are doing is abusive, illegal, and not allowed under any situation under the law.”
José Cash did not respond to requests for comment.
Representatives of two apps investigated for this article denied any wrongdoing and said loan apps possibly related to crimes have used their companies’ logos and names to impersonate them.
A mix of economic crisis, financial exclusion and ready access to the internet has driven thousands of Mexicans to illegal microlending apps, a trend only exacerbated by COVID-19.
“During and after the pandemic there was an absence of economic activity that created hard conditions for people,” said Salvador Guerrero, president of the Citizen Council of Security and Justice, a civil society organization that provides free legal services to crime victims in Mexico.
“These generated the conditions for the illegal crime market.”
According to the official 2021 Survey on Financial Inclusion, 42% of adults in Mexico do not use any financial service, while over half of them work in the informal sector so cannot access formal credit.
On the other hand, 84 million Mexicans have access to the internet and 96% use a smartphone, data showed.
Figueroa had his 10,000-pesos loan request approved within five minutes on José Cash. The fine print said the money had to be repaid in seven days under an annual interest rate of 360%.
Of the 10,000 Figueroa requested, he received 5,500 pesos.
By the end of the week, he was being harassed to pay back the full amount. He received, via WhatsApp, an image of his face edited into a poster that read “Wanted for raping a minor”, which was sent to his contacts and social media.
He also received images of dismembered bodies which made him fear for his wife and children, while one of his friends was sent a graphic rape video with threats against his family.
“Panic, fear and shame came over me. I reached a point in which I started thinking of suicide, I wanted to stop it all,” said Figueroa.
The Thomson Reuters Foundation reviewed screenshots of pictures sent to other borrowers, in which their faces were edited into graphic images with text claiming they were pedophiles, sex workers or wanted criminals.
Besides extortion and fraud, such aggressive tactics to recover money break several Mexican laws against digital harassment and defamation, according to Méndez.
Lending apps in Mexico operate in a legal loophole where they can offer loans without registering like regular financial institutions, said Eduardo Apáez, a banking and finance lawyer, and former Mexican financial regulator.
CONDUSEF, Mexico’s regulator for consumer finance, has received more than 700 reports of doxxing – maligning an individual online – related to loan apps since January, but is powerless to act.
“We have no jurisdiction or authority. We can only act on complaints against authorized financial services,” said Óscar Rosado, president of CONDUSEF.
The Citizen Council for Justice and Security has helped victims file more than 170 reports to local police, and published a list of 130 loan apps that it said resorted to doxxing, extortion, fraud and other crimes.
None of these cases has been resolved.
At least 29 of those apps are still available in the Google Play store, the Thomson Reuters Foundation found.
Warnings about the apps have come thick and fast – from inundated cyber police in several Mexican states and even from the country’s president.But to no avail.
“There are no names, no addresses. They also use VPNs that complicate tracking,” said Méndez. “We have wonderful privacy laws and institutions, but how can we prosecute the crime if we don’t even have a name?”