There have been cases of people saying that their KYC details and Other Pictures were taken from Android and iPhone Mobiles, which were shared with the MoneyTor, were used to send PhotoShop Nude Photos of their relatives, without consent.
KYC data collection
In the two documented instances of fake bank accounts, the victims had shared their KYC details such as Aadhaar, PAN card, drivers’ licence and other documents like Photos with the loan apps. The loan app victims are unsure which of the instant loan apps they used misused the KYC details.
Sandeep explains that KYC data collected from the loan app users are being used to open bank accounts. These bank accounts linked to crypto exchanges are being used to siphon money abroad, “The data is also sold over the darknet and can be used by any scammer for money laundering. The loan app scammers are clearly using this modus operandi,” he alleges.
Sandeep claims to have come across several security vulnerabilities in mobile devices that these loan apps use to data-mine the victims. “When you install loan apps you are giving them access to everything in your phone. They only need your phone to receive OTP via SMS or email,” he adds.
The RBI also formed a working committee to form regulations for digital lenders was formed after media reports about instant loan app victims dying by suicide owing to harsh recovery methods and the subsequent police investigations.