Digital Lenders Using Mobile Apps to Invade Privacy and Humiliate Customers

The digital lending boom has come with some unpleasant side-effects in Kenya as NTV Kenya recently reported. Digital lenders have gained some notoriety for harvesting names and contact information of people related to borrowers. Subsequently these people receive threatening messages and phone calls.

The habit is common and it works as follows.

  1. I take a loan using an app on my phone and receive my money on M-Pesa.
  2. The app also harvests contact information from my phone but I couldn’t care less. I need the money.
  3. I default, for whatever reason.
  4. The contacts that were harvested in step 2 start receiving annoying calls and SMS messages. They get reminders upon reminders, all geared to encourage them to contact me and implore me to settle my debt… or else.

The Office of the Data Protection Commission (ODPC) has sprung into action for an additional round of fines.

Mulla Pride Ltd, a Digital Credit Provider (DCP) that operates KeCredit and Faircash mobile lending Apps, has been fined Sh2,975,000 [USD20,000] by the Office of the Data Protection Commissioner (ODPC).

Mullah Pride was not the only offender.

Meanwhile, Naivas Supermarket and digital credit lender WhitePath are awaiting their fate after a compliance audit was conducted on them over data breach reports…

According to the Office of the Data Protection Commissioner, WhitePath Company Limited has previously been fined Sh5 million (USD34,000) as a penalty for non-compliance, adding that numerous complaints from the public were received regarding the company’s conduct.

WhitePath is not even scared of fines, it would appear. Hence they continue appearing on the data protection radar. Perhaps the returns from this business make the fines look like a simple cost of doing business.  One could also argue that companies like WhitePath will not change if they only receive small slaps on the wrists that have no meaningful long term effect on their business. They know consumers will continue applying for loans. They know there will be defaulters. They know whatever they do with the defaulters will result in some minor administrative penalty and little else.

Beyond the fines, government efforts appear to be just proclamations and roadside declarations.

In March 2022, the Central Bank of Kenya banned digital credit providers, its officers, or agents in the course of debt collection from using obscene or profane language with the customer or the customer’s contacts to shame them.

This is developing into some kind of vicious cycle and I am not convinced that the regulators and consumer protection agencies are doing enough to stop the menace.

Meanwhile, if some of the Commsrisk readers receive threatening emails about a loan that was taken in Kenya, they should not be surprised.  I have taken a few loans in the recent past and times are tough. If you are in my phone book, consider entertaining the insults and threatening messages as your service to humanity.

Joseph Nderitu
Joseph Nderitu
Joseph Nderitu is a director at Integrated Risk Services Ltd and specializes in revenue assurance. He previously worked as Head of Revenue Assurance and Fraud Management at Vodacom's operation in Tanzania, having previously served in the same role at Vodacom Mozambique.

Before his work with Vodacom, Joseph was an internal audit manager for Airtel, with responsibility that covered their 17 countries in Africa. Whilst at Airtel, Joseph led reviews of the Revenue Assurance, Customer Service and Sales & Marketing functions.

Prior to his stint at Airtel, Joseph was an RA manager at Safaricom in Kenya. He holds an MSc Degree in Information Systems.