By Diana Baptista and Avi Asher-Schapiro
MEXICO CITY: A week after Pedro Figueroa borrowed 10,000 pesos ($500) from Jose Cash, a popular Mexican loan app, the deluge of online abuse began.
A flurry of WhatsApp messages flooded his phone, threatening damage – to him and his reputation – if he didn’t pay.
Figueroa had borrowed the money to get him out of a tough time, but was soon caught up in a cycle of debt and extortion as the app sent increasingly threatening messages, including a threat to send a doctored image to all his contacts calling him a pedophile.
To pay off her debt and escape the stress, Figueroa, 34, turned to other digital apps to borrow more money and, within three months, racked up $75,000 in debt across 27 apps.
All this pushed him to contemplate suicide.
“I fell into a deep hole of anxiety over these apps,” Figueroa, an IT specialist, told the Thomson Reuters Foundation, using a pseudonym for fear of further reprisals.
Figueroa is one of more than 2,230 people who fell prey to fraudulent loan applications in Mexico between June 2021 and January 2022, according to data compiled by the Citizen Council for Justice and Security, an advocacy group based in Mexico City.
The Thomson Reuters Foundation found 29 lending apps with millions of downloads in the Google Play Store that have been reported to authorities for extortion, fraud, violation of Mexican privacy law and abusive financial practices.
“We take this issue very seriously and are committed to providing a secure platform for billions of Android users. We have already implemented measures against more than a dozen apps and will continue to investigate,” a Google spokesperson wrote to the Thomson Reuters Foundation.
The explosion of predatory loan apps in Mexico is part of a global trend that authorities are struggling to contain.
A Reuters investigation last year found dozens of loan apps in India that violated Google’s own policies against short-term loans.
Investigators in Kenya last year launched an investigation into possible data privacy breaches by mobile lenders, while regulators in the Philippines flagged dozens of mobile lending apps as violating local laws. .
BIG MONEY EASY
Figueroa downloaded Jose Cash in late March, lured by the app’s promise of a quick loan without a credit check.
The app has over 1 million downloads and a 4.8 out of 5 rating on Google Play Store.
“What attracted me was his ranking and the number of downloads. He also had an attractive message saying that he would lend you up to $20,000 in less than five minutes,” Figueroa said.
Like most of the apps reviewed for this article, Jose Cash has thousands of similar five-star reviews written in broken Spanish, all praising the app’s interest rates and speed of approval.
The moment Figueroa downloaded the app, he inadvertently agreed to give her access to his contact list, call history, camera, location, SMS messages, phone accounts. social media and browsing history.
To register for a loan, he also provided personal information – full name, address, photo of his national ID card and bank account number.
The app also contained information about the phone, including IMEI number, year, model, and WiFi connection.
“It was not clear to me then how my information would be used,” Figueroa said.
The 29 apps reviewed for this article all collect sensitive information that experts say goes beyond what federal law allows.
Most lending apps contain a similar line in privacy policies — all invalid even if the user agrees to share their data, said Dafne Mendez, founder of advisory group Privacy Watchers. “Why do lending apps need access to the user’s contact list or photos? It’s not really necessary for their purpose,” she said. “What they are doing is abusive, illegal, and not permitted in any situation by law.”
Jose Cash did not respond to requests for comment.
Representatives of two apps investigated for this article denied any wrongdoing and said lending apps possibly linked to crimes had used their companies’ logos and names to impersonate them.
A mixture of economic crisis, financial exclusion and easy internet access has pushed thousands of Mexicans into illegal microcredit applications, a trend that has only been exacerbated by COVID-19.
“During and after the pandemic, there has been an absence of economic activity which has created difficult conditions for people,” said Salvador Guerrero, president of the Citizen Security and Justice Council, a society organization Civil Society which provides free legal services to victims of crime in Mexico.
“These created the conditions for the illegal crime market.”
According to the official 2021 survey on financial inclusion, 42% of adults in Mexico do not use any financial services, while more than half of them work in the informal sector and therefore cannot access formal credit. .
On the other hand, 84 million Mexicans have internet access and 96% use a smartphone, according to the data.
Figueroa had his loan request for 10,000 pesos approved in five minutes on Jose Cash. The fine print said the money was to be repaid in seven days with an annual interest rate of 360%.
Of the 10,000 Figueroa requested, he received 5,500 pesos.
At the end of the week, he was hassled to repay the full amount. He received, via WhatsApp, an image of his face mounted on a poster that read “Wanted for rape of a minor”, which was sent to his contacts and on social networks.
He also received images of dismembered bodies which made him fear for his wife and children, while a friend of his received a graphic rape video with threats against his family.
“Panic, fear and shame washed over me. I reached a point where I started thinking about suicide, I wanted to stop everything,” Figueroa said.
The Thomson Reuters Foundation reviewed screenshots of photos sent to other borrowers, in which their faces were changed to graphic images with text claiming they were paedophiles, sex workers or wanted criminals.
Besides extortion and fraud, such aggressive tactics to recover money violate several Mexican laws against digital harassment and defamation, according to Mendez.
Lending apps in Mexico operate in a legal vacuum where they can offer loans without registering like regular financial institutions, said Eduardo Apaez, a banking and finance lawyer and former Mexican financial regulator.
CONDUSEF, Mexico’s consumer credit regulator, has received more than 700 reports of doxxing – slandering an individual online – related to loan applications since January, but is powerless to act.
“We have no jurisdiction or authority. We can only act on complaints against authorized financial services,” said Oscar Rosado, president of CONDUSEF.
The Citizen Council for Justice and Safety helped victims file more than 170 reports to local police and released a list of 130 loan applications it said used doxxing, extortion, fraud and other crimes.
None of these cases have been resolved.
At least 29 of those apps are still available in the Google Play store, the Thomson Reuters Foundation found.
Warnings about the apps have come and gone – from the inundated cyberpolice of several Mexican states and even the country’s president.
But in vain.
“There are no names, no addresses. They also use VPNs which make it difficult to track,” Mendez said. “We have wonderful privacy laws and institutions, but how can we prosecute crime if we don’t even have a name?”