Lilian Wangui was resting at home one weekend in January when she received a phone call from a strange number.
The person on the end of the line identified himself as a customer care representative at Safaricom.
Having heard about fraudsters who randomly call mobile subscribers with the aim of defrauding them while posing as telecom agents, Wangui was hesitant to believe him.
Except the caller was smarter. He read out her ID number, date of birth and names of some of her next of kin, all which turned out to be correct.
There is no way a fraudster would have all her details, Wangui thought, convinced that the caller was an authentic Safaricom representative.
“The man asked me some generic questions regarding my M-Pesa transactions, all which I confidently answered. He then hang up,” Wangui narrates.
Shortly afterwards, Wangui forgot about the caller, and went about her activities at home.
It is then that she realised that her phone had lost network. Unalarmed, she thought this was a technical issue that would phase out. She was wrong.
The problem persisted for hours until her friend advised her to renew the line. “After renewing the line, I was shocked to discover that money on my M-Pesa account was missing. It is then that it dawned on me that I had been conned,” she recounts ruefully.
Devastated, she called the mobile operator, who confirmed that the money had indeed been withdrawn. She was advised to report the matter to the police.
How debt collectors lay hands on the documents of Jackson Rachilo, a teacher from Suba, is still a mystery to him.
A company called Amedo has been making monthly deductions of Sh4,990 from his salary.
“The company purports that I bought a dining set, 20 iron roofing sheets and a solar panel, property worth Sh89,000 from them on hire purchase in 2010. They claim that I made the transaction at their Kisii branch. I do not know these people and I have never met their agents,” Rachilo laments.
According to the teacher, he has neither met nor been in contact with the people the company claims guaranteed this purchase.
“This company has refused to produce the documents they claim I used or the passport photo taken. I have been to their Head Office in Nairobi and even to the DCI offices in Kisii County without any meaningful assistance,” he adds.
Wangui and Rachilo are only a handful of thousands of Kenyans who knowingly or unknowingly play into the hands of fraudsters by sharing vital personal information, with harsh consequences.
Cloud computing and business intelligence expert Erick Were says that while Kenyans have become more conscious of such duplicitous schemes, fraudsters have only got smarter.
With the growing appetite for mobile loans among Kenyans to thank, scammers are now masquerading as money-lending app companies, and capitalising on the desperation of cash-strapped Kenyans, to mine their personal data. This data is later used to commit forgery and other crimes.
A cursory search of “mobile loan apps in Kenya” on Google Play Store returns more than 50 results. Most of these apps claim to offer different types of loans on different terms. Out of these, however, very few are genuine lenders.
User reviews seen by Saturday Nation on some of the lending apps paint a grim picture of desperation, but also of bitterness by Kenyans who have been conned out of their hard-earned cash by some of the deceitful app companies.
Some of the personal information shared include name, monthly income, payslip, name of employer, employment number, a photo, next of kin, e-mail and even social media accounts.
“More and more people are neglecting the need for data privacy and the security and economic consequences of sharing sensitive information about themselves,” says Were, who works for Data Science Kenya.
“Kenyans should not be quick to share personal details such as ID numbers, full names, bank details, residential addresses and employment details to unknown recipients,” he warns.
While mobile phone firms have voice analytics, call data records, metadata and social network analytics at their disposal to conduct analysis for lending determination, according to data scientist Timothy Oriedo, mobile loan apps sometimes have no such data from which to determine the “creditworthiness” of borrowers.
Mr Oriedo, however, says that apps do not collect data to use on the phone itself. Instead, the data is shared with other servers, he explains.
“Money lending apps, for instance, send your location to a server run by the app’s developer to calculate the credit risk before granting you a loan,” Oriedo says, warning that the app may also send the data elsewhere.
Experts agree that with no security or guarantors required for most of these mobile loans, customers’ personal information becomes the pawn for these devious lenders.
“A bigger percentage of users don’t take time to research on these companies and to evaluate their operation presence, reviews from previous and current users and their rating on Play Store and App Center,” Were argues.
Some of these phoney apps have twisted names almost similar to credible lenders such as Tala and Branch.
Blessed Makena is one Kenyan in the long list of victims who have been duped by Tala Pewa Loans, which she had mistaken for Tala Loans.
“Is this app real?” Makena wonders, “Since yesterday, I have received nothing. I am being told that the team will get back to me in 24 hours. How do I delete my account kindly?”
“The registration is fast but it is four days now since I applied for a loan,” complains Samuel Mbiti, another user.
Yet other apps defraud thousands of unsuspecting borrowers by asking them to pay a certain fee for the loan.
Usawa, for instance, asks clients to pay Sh400 to process the loan. “Why would you charge Sh400 only to offer a lower loan amount? The people behind the app urge you to pay Sh420 quickly to qualify for a higher loan, only to send you Sh400 and the game goes on,” narrates James Odhiambo, a victim of this con.
Even more treacherous, most of these so-called money lenders do not have physical addresses, and often operate from the digital space almost entirely.
“As a user, you have the responsibility to take precautions by going through reviews of the apps, evaluating whether they are registered and even going further to request for financial reports. Trading with the public makes these companies duty-bound to issue necessary documents upon request,” adds Were.
So, just how safe is your data with these lenders? Does it ever occur to you that your information could potentially be abused?
“What is lacking in the current sphere of app usage is not only consent, but also informed and ongoing consent to access certain domains of the user’s phone,” Oriedo notes.
For a country that lacks watertight regulations on mobile apps, he says, users are left at the mercy of these criminals.
Were however notes that through the National ICT Policy, the country acknowledges the importance of accessing and safeguarding information, but laments that lack of awareness makes Kenyans vulnerable to cybercrime.
“Kenyans are not conversant with the set guidelines for their own information security. It is the responsibility of both private and public sectors in the relevant field of data protection to educate the masses,” he notes.
Most of these apps trick customers to rate them favourably on Google Play Store “as we process your loan”.
This rating translates to more clients, only the money never comes. “I had saved with a lending app but when I tried to call them, I realised the number is busy all day and night. I’m worried that my money and personal information have fallen into the hands of fraudsters,” laments John Ouma.
Until stricter regulations are put in place, Oriedo warns, the responsibility falls on the smartphone user to understand privacy permissions and their implications.