The dark, hidden and ugly side of banks in India – Part 5

• A large number of borrowers in Telangana and Andhra Pradesh committed suicide after being harassed by recovery agents calling on behalf of loan apps like Cash Mama, Loan Zone, Mera Loan, and others — which were neither registered NBFCs nor regulated by RBI. The agents repeatedly called the victims, insulted them and misused the data in their phone to shame them publicly. RBI and Ministry of Electronics and Information Technology (MeitY) began investigations as soon as the Hyderabad Police registered the FIRs. Several Chinese-linked apps were banned or delisted.

• Borrowers who took small loans as low as ₹1,000–₹5,000, were shocked to find that their phones were compromised. Apps had secretly accessed their contacts and SMS (to read financial transactions). If the borrowers delayed the EMI payment by even a day, the app like RupeeKing, SnapIt, iCredit, and similar clones that kept changing names to avoid detection would call their family, employer, and friends, morph their face onto obscene images, and send bulk messages calling them defaulters or frauds

• Google removed over 100+ predatory loan apps from its Play Store including CashNow, KreditMukti, CoolCash, GoCash, and SuperLoan for violation of user data policies, unauthorized financial services, and failure to disclose NBFC partnerships. The recovery agents used a Bangalore based techie’s face to create a fake obituary and circulated it to his contacts on WhatsApp and Facebook. To address the humiliation and mental distress, the borrower had to seek legal help.

Lesson learnt – think before you tap!

Digital lending is evolving fast — but not always in the right direction.

Online lending apps offer quick, unsecured personal loans and disburse money within minutes— often with minimal documentation like PAN, Aadhaar, and bank details.

RBI recently issued strict guidelines that only regulated NBFC-backed apps can disburse loans. But fake or foreign-funded apps continue to harvest user data and harass borrowers.

History of digital lending in India

The history of digital lending in India dates back to around 2008–2009 when online lending fintech platforms, like Capital Float and Faircent entered the market dominated by banks. These early ventures operated cautiously, as India’s regulatory and digital infrastructure was still evolving. The landscape transformed significantly over the next five years due to the proliferation of smartphones, Aadhaar-based eKYC, and UPI which made it easy for fintechs to offer instant personal loans through mobile apps. This era saw the emergence of players like CASHe, KreditBee, ZestMoney, and PaySense, who offered short-term, unsecured loans to salaried employees based their mobile usage, transaction history, and social profiles, instead of traditional credit scores.

The first wave of digital lending was characterized by speed — apps offered personal loans within minutes, bypassing the slow, paper-heavy processes of traditional banks. But this speed often came at the cost of consumer safety.

In 2017, the Reserve Bank of India issued formal guidelines for peer-to-peer (P2P) lending platforms, making it mandatory for them to register as NBFCs. However, 2020-2021 proved to be the darkest phase in India’s digital lending history. The COVID-19 pandemic led to widespread financial distress, pushing many low-income and middle-class borrowers toward instant loan apps that promised fast disbursals. Hundreds of unregulated and often foreign-controlled apps flooded the market. Many of these apps operated without RBI registration and used shell entities to evade legal scrutiny.

Also Read: The dark, hidden and ugly side of banks in India – Part 1 

This period was largely dominated by suicides, hidden fees, exorbitant interest rates, aggressive recovery tactics, harassing calls, and even public shaming via contact list leaks to exploit users. 

To curb the menace, the RBI introduced a comprehensive digital lending framework in August 2022. This required loan apps to disclose their lending partners who had to be RBI-registered NBFCs. The RBI banned the aps from accessing contact lists and personal data and mandated that all loans should be disbursed directly into the borrower’s bank account. A cooling-off period for loans was also introduced, allowing consumers to reconsider borrowing decisions.  

How online loan platforms and digital banking apps exploit consumers

Online loan platforms and digital banking apps promise quick, hassle-free loans to trap unsuspecting borrowers who have a poor credit history or are in immediate need of funds. These platforms use high-pressure sales tactics to rope in borrowers in to a debt trap without mentioning the hidden fees, exorbitant interest rates, or stringent repayment terms. These platforms then exploit the vulnerabilities of the customers by leveraging technology and data analytics making it difficult for them to make informed decisions for their financial well-being. As a result, many borrowers find themselves trapped in a vicious cycle of debt struggling to repay loans with unfairly high interest rates and harassed by recovery agents.

Why digital lending platforms harass customers and get away with it?

The harassment of borrowers by online loan platforms and digital banking apps in India stems from a toxic mix of unchecked greed, weak oversight, aggressive business models, and consumer vulnerability. Many of these apps emerged in a regulatory vacuum, especially between 2018 and 2021, when the fintech boom created an illusion of innovation without accountability. Startups and proxy operators — some with links to foreign shell companies — entered the market offering ultra-fast personal loans, often to low-income, financially distressed individuals. To minimize their risk, these apps charged exorbitant interest rates (sometimes disguised as processing fees) and offered very short repayment periods — often just 7 to 14 days. The focus was not on responsible lending, but on extracting maximum profit with minimum transparency.

Also Read: The dark, hidden and ugly side of banks in India – Part 2

To enforce repayment, many apps resorted to unlawful and humiliating tactics like sending defamatory messages to friends and family. This behaviour was made possible because users, often unknowingly, granted these apps full access to their phonebooks, photo galleries, SMS inboxes, and microphones. In the absence of strict data protection laws or real-time oversight, these permissions became tools of harassment. The recovery agents, often hired by third-party collection agencies, operated outside the banking code of conduct and were incentivized to use fear and shame as tools of coercion.

The root cause of the problem is – lack of robust grievance redressal mechanism. Unlike traditional banks, which are bound by RBI’s Fair Practice Code and ombudsman systems, rogue loan apps do not have any effective customer support or escalation channels. There are no avenues for complaint or consumer protection.

Exploiting the flaws in the system many app-based online lending platforms have launched multiple clones under different names. As a result when one app is flagged or banned, another surfaces under a new name. In the absence of any effective regulatory these unscrupulous players and predatory loan sharks operate freely leading to widespread psychological trauma and suicides.

The Reserve Bank of India tried to reform digital lending but there is no one to enforce these norms, as a result many predatory lending platforms continue to operate using overseas servers.

Existing online loan platforms operating in India 

There are many digital lending platforms offering instant credit, savings accounts, payment services, and investment options to a diverse range of salaried professionals, gig workers, MSMEs and students. They can be classified into two broad categories: online loan platforms which provide quick credit, and digital banking apps that offer full-service banking experiences, often in partnership with traditional banks.

The prominent digital loan platforms include Navi, founded by Flipkart co-founder Sachin Bansal which offers personal loans up to ₹20 lakh with minimal paperwork and is backed by its own RBI-registered NBFC. KreditBee, another major player, targets young professionals with short-term and EMI-based personal loans in partnership with registered NBFCs. CASHe, MoneyTap, PaySense, and EarlySalary (now Fibe) are a few other well-known players in the market who use AI-driven credit scoring to offer instant loans – often within 30 minutes.  

Players like Amazon Pay Later, Flipkart Pay Later, and LazyPay dominate the “Buy Now, Pay Later” (BNPL) segment, blending lending with e-commerce in India. At the global level prominent BNPL providers include Affirm which offers point-of-sale finance, allowing customers to pay in fixed instalments, Afterpay which allows customers to pay in four interest-free weekly or monthly instalments, Klarna which provides financing options for larger purchases, Sezzle which offers interest-free payment plans, PayPal Pay Later- which offers flexible payment options to customers for purchases over time, Shop Pay Instalments which offers interest-free payment plans or monthly payments over a period of 12 months, and Zip Money which allows larger purchases with weekly, bi-weekly, or monthly payment schedules. The BNPL segment is increasingly becoming popular among young, urban shoppers because of the instant credit and flexible repayment options. BNPL services benefit both customers and merchants. Customers enjoy flexibility in payments, while merchants experience increased sales volume and revenue. Businesses using BNPL services have seen up to 14% increase in revenue.

Also Read: The dark, hidden and ugly side of banks in India – Part 3

On the digital banking front, many neobanks or digital-first financial institutions are providing online loans in partnership with licensed banks. The neobanks provide banking services through mobile apps or online platforms, often without traditional brick-and-mortar branches. They typically to offer services like – digital account management, real-time transactions like bill payments, and money transfers, virtual and physical debit/credit cards, personal loans and other financial services.

Neobanks like Jupiter, Fi, Niyo, and Open are redefining how consumers interact with their finances. Their aim is to provide convenient, accessible, and user-friendly financial services, often targeting specific segments like millennials, small businesses, or underserved communities. These apps do not hold banking licenses themselves but operate in partnership with traditional banks like Federal Bank, Axis Bank, or SBM India. They provide modern, app-based experiences with features like budgeting tools, spend analytics, rewards, and instant virtual debit cards. Paytm Payments Bank and Airtel Payments Bank have also expanded their services to include savings, UPI payments, digital gold, insurance, and micro-credit, serving a vast rural and semi-urban population.

In the digital banking space Fi, Jupiter, and Niyo — operate in partnership with licensed banks. However, their business models is not immune from risk, especially when it comes to data privacy, aggressive cross-selling of financial products, and system downtime affecting access to funds.

Not to be left behind, some traditional banks in India like ICICI, HDFC, Axis Bank, and State Bank of India, have launched their own aps like ICICI Bank’s iMobile, Axis Bank’s Axis Mobile and State Bank of India’s YONO to compete with fintechs. These aps have enabled a wide range of services like processing and instant loan approval, pre-approved credit, UPI services for easy transactions, options for investment in financial products as well as utility bill payments, recharge, and other utility services.

By leveraging the apps even traditional banks hope to enhance customer engagement by offering personalized services, increase operational efficiency, reduce costs and provide innovative digital solutions. This competition between traditional banks and fintechs is good news for the customers who can expect innovation, and better services— all in one place.

However there is always the risk of lesser-known apps in the market aggressively being marketed by ads and WhatsApp forwards, which operate under vague NBFC partnerships or opaque fee structures. It’s essential to exercise caution. By being vigilant and taking precautions, customers can minimize the risks associated with digital lending apps and take informed decisions.  

Red Flags to Watch Out For:

1. Be cautious of apps promoted through unsolicited messages or ads.
2. Verify if the app is partnered with a reputable and RBI-registered NBFC or bank.
3. Be wary of apps with unclear or hidden fees.
4. Avoid apps that request access to your contacts, gallery, or SMS inbox without a valid reason.

The Indian fintech space is indeed evolving rapidly. By staying informed and making smart choices, users can harness the benefits of fintech while minimizing risks.

Are current Online Loan Platforms and Digital Banking Apps in India above-board & blame free?

No, although the situation has significantly improved in recent years the current online loan platforms and digital banking apps in India are not entirely above-board or blame-free. While many leading platforms now operate within the ambit of RBI norms and partner with registered NBFCs or banks, several grey areas continue to exist, especially in the unregulated corners of the digital lending space.

Many fintech apps hide the true lender or NBFC from borrowers to make accountability difficult. Some non-bank fintechs act as digital front-ends without registering themselves, to evade direct regulatory scrutiny while offering credit. Others use proxy NBFC licenses with minimal checks, particularly for micro-loans under ₹5,000, where compliance oversight tends to be weaker. This lack of transparency and oversight can lead to concerns about responsible lending practices.

Some apps do not disclose the total cost of credit, including processing fees and late payment penalties, which can lead to an effective annual interest rate far higher than advertised. There also reports of apps circumventing RBI’s rules by shifting parts of their operations to third-party platforms or offshore servers to escape direct oversight.

Companies usually do not publicly disclose the exact details of their technology infrastructure, partnerships and operational shifts to third-party platforms or offshore servers due to the confidential nature of such information for security reasons.

How and why fintech apps use offshore servers:

• Many fintech companies leverage the infrastructure of major cloud providers like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) which offer a wide range of services, including:
  • Storing large volumes of user data, transaction history, and running complex algorithms for credit scoring and risk assessment.
  • Deploying and running core applications and software.
  • Easily scaling infrastructure up or down based on user demand.
  • Utilize the robust security measures provided by these cloud platforms.
• Fintech apps integrate with third-party payment gateways (e.g., Stripe, PayPal, Adyen) to process transactions securely and handle sensitive payment information  
• To comply with regulatory requirements, fintech apps often use third-party services for Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. These services help verify user identities and screen for potential risks.  
• Customer support and communication are often handled through third-party platforms like Zendesk, Intercom, or Twilio for messaging, email, and voice services.  
• Fintech companies utilize various third-party marketing automation and analytics platforms to manage campaigns, track user behaviour, and gain insights.  
• Some fintech companies choose to outsource customer support, or back-end operations to third-party providers in other countries to reduce costs
• Integration with other fintech providers for specific functionalities like credit scoring (e.g., using APIs from credit bureaus or alternative data providers), fraud detection, or account aggregation.

Why Shift Operations?

• Outsourcing non-core functions allows fintech companies to concentrate on their primary product development, innovation, and customer acquisition.  
• Third-party platforms can often provide services more cost-effectively than building and maintaining in-house solutions. Offshore services can also offer labour cost advantages.  
• Cloud platforms and third-party providers offer the ability to scale resources quickly based on business needs.  
• Third-party vendors often have specialized expertise and infrastructure that a fintech company might not possess internally.
• Utilizing existing platforms and services can significantly speed up the development and deployment of new features and products.
• Reputable third-party providers often have robust security measures and compliance certifications that can benefit fintech companies.

Imagine a digital lending app using AWS for hosting its application and storing loan data, integrating with Stripe to process loan disbursements and repayments, employing a KYC/AML service like Onfido or Veriff to verify borrowers’ identities, using Zendesk for customer support inquiries, and having a development team based in another country working through a third-party outsourcing firm.

Also Read: The dark, hidden and ugly side of banks in India – Part 4

These are common practices in the fintech industry to operate efficiently and securely. Though the specific choices of platforms and providers depend on the individual needs and strategies of each company.

Why Fintech apps were pulled up by RBI?    

Recently payment banks and wallet services like Paytm Payments Bank were pulled up by the RBI for violating KYC and compliance norms. The list of such fintech apps faced that scrutiny for allegedly circumventing RBI regulations include:

1. Paytm Payments Bank for non-compliance with regulations, highlighting concerns about governance and risk management.
2. KreditBee, faced investigation for alleged violations of RBI guidelines on digital lending.
3. IndiaLends faced scrutiny for its lending practices

For instance Navi Technologies encountered several controversies in recent times. These include:

• In December 2024, Navi Technologies suffered a significant cyber fraud amounting to ₹14.26 crore. Scammers exploited a vulnerability in the company’s third-party payment gateway (TPAP), to manipulate transaction and reduced the payable amount to ₹1 after initiating payments, the system erroneously marked transactions as successful. While Navi bore the full charges, this breach occurred over a two-week period and prompted an investigation by the Whitefield Cybercrime Police in Bengaluru. ​

• In October 2024, the Reserve Bank of India (RBI) imposed restrictions on Navi Finserv, barring it from sanctioning and disbursing new loans due to concerns over excessive interest rates and non-compliance with fair lending practices. However, after the company revamped its processes to ensure regulatory guidelines, the RBI lifted these restrictions in December 2024. ​

• Some users have expressed dissatisfaction with Navi Health Insurance’s app which offers health insurance policies ranging from INR 2 Lakh to INR 1 Crore for individuals and families within 2 minutes through the app. The Company also boasts of settling most claims round the clock 24×7 within 20 minutes.

• Though unrelated to Navi Technologies, its promoter Sachin Bansal faced legal scrutiny in July 2021, when the Enforcement Directorate issued a show cause notice alleging violations of the Foreign Exchange Management Act (FEMA) during his tenure at Flipkart.  

Conclusion:

These examples illustrate the importance of regulatory compliance in the fintech industry. Regulatory compliance is crucial to ensure consumer protection, maintain financial stability, and foster trust in the fintech industry. By adhering to regulations, fintech companies can mitigate risks, prevent fraud, and promote a safe and transparent financial ecosystem. Compliance is key to sustainable growth.