As consequences of the rapidly emerging micro-lending services in China, deceptive advertising to attract clients, violent debt collection as well as high interest rates and fees were criticized by the National Internet Finance Association on Friday. Some unqualified lenders have been at the center of numerous scandals after causing financial risks, threatening customers and failing to keep private data safe. Accordingly, the leaking of personal information in the industry is in need of tighter regulation.
Two months ago, a 32-year-old man named Alan became attracted to online micro-lending as he had spent all his savings on gambling in amusement arcades.
After he lost a monthly salary of 3,000 yuan ($454.70), he decided to register on a micro-lending platform, which claimed to approve loans within just five minutes.
It was requested that Alan disclose some of his personal information to earn a higher credit rating on the platform, helping him receive a bigger loan. That information included his identity number, home address, cellphone number as well as his telecom operator information.
As micro-finance companies are often quick to lend money to customers, Alan then applied for online loans on dozens of other platforms and found himself trapped in a complete Ponzi scheme. He owed in total more than 40,000 yuan to the platforms, which also came with high interest rates.
To avoid paying the loans, Alan considered fleeing the country. But the online micro-lending platforms had access to his contact information and threatened that if he fled, all his friends and relatives would find out about the debt he owed.
"It's like a vampire, I have to repay my debt little by little," he said.
Alan is not the only lender who has been threatened and coerced to pay his debt. A 36-year-old woman surnamed Ye living in Neijiang, Southwest China's Sichuan Province, committed suicide on November 12, leaving a note that read, "I owed about 70,000 yuan in debt."
Later, her husband said he found 12 online lending firms' names in her notebook and the other day, her family received persistent calls for repayments. A debt collector even left a threatening message saying, "We know which kindergarten your kid attends."
Since June, there have been 10 million incidences whereby debt collectors have demanded repayments while violating regulations. These cases involved 920,000 victims, 20 of which are now dead, Wu Zhen, secretary-general of the National Committee of Experts on Internet Financial Security Technology, told a recent industry conference.
It is easy to understand how online lenders have access to large amounts of personal information. Besides the collection of users' data, some companies can access further information with the help of advanced technologies.
Data collection
Some Chinese data companies today provide comprehensive individual telecom operator reports to track down people's information, including their phone calls, bills, personal trips as well as social relations.
Priced at only 3.8 yuan, Nanfang Metropolis Daily bought a report containing all those details from a data company called Tanzhi.
Besides the telecom operator report, the company also provides an e-commerce report that analyzes data captured from a user's Taobao account. Taobao is a major online marketplace owned by Chinese Internet giant Alibaba Group Holding.
The report extracts valuable consumer data from the user's shopping behavior, following the rule "recent buying activity indicates future purchasing patterns," and compiles user profiles. In addition, the company uses Web crawlers to capture more personal data, which are now widely used in the Internet sector.
In the online micro-lending sector, companies use Web crawlers to understand borrowers' loan applications, lending schedules and loan limits on other online lending platforms, showing the need for risk control and better regulation.
In March, hackers reportedly tapped into resumes and other similar information of job applicants on Chinese online marketplace 58.com by using a Web crawler priced at 700 yuan. The information collected included candidate names, mobile phone numbers, job orientations and ages.
The US-listed firm later confirmed that the incident was in fact a malicious data capture and that it needed to enhance its data security.
For Internet companies, the most valuable asset is data. As such, some of them have implemented anti-Web crawler measures.
However, some data companies have not signed any agreements with major Internet finance services providers, leaving them without access to open data sources and therefore having to ask users for their personal details, noted a senior from Alipay, the third-party mobile and online payment platform of Alibaba.
"In other words, if you give your key to a stranger, they can use it to open the door to your apartment," the senior said.
No privacy
When an online micro-lending platform asks a borrower for their e-commerce shopping records as well as their telecom operator's information for the purpose of loan approval, the borrower often ends up providing sensitive information such as their usernames and passwords to their platform accounts.
In that case, "personal information is likely to be leaked," said Li Yongqing, founder of Shanghai-based Internet finance services provider Amber Technology.
Online lenders use Web crawlers for several reasons, such as for risk control and to avoid unreliable customers. But they also use the technology in a way that raises ethical concerns.
"If you register on many lending platforms, you have no privacy," a borrower who prefers to remain anonymous said.
A borrower must understand that a lending platform can access certain amounts of their personal data even before they knowingly provide some of their information when signing up for a loan, noted Gao Fuping, a professor at the East China University of Political Science and Law. But "the user has the right to know," Gao said.
Also, micro online lenders may not have to take full responsibility for data leaks, Han Honghui, an industry expert noted. "Some companies have procured this part of their business to third-party companies, which then keep a large part of [borrowers'] personal information," Han said.
"Keeping users' data without permission is a breach of regulation. If the amount of data keeps growing, risks will continue rising," he said.
On June 1, China's new cybersecurity law was enacted with the aim of cracking down on illegal behaviors such as tapping into and tracking down personal information and databases. "The whole industry is facing challenges, as companies have to find more valuable data in accordance with rules and regulations," said Li from Amber Technology.