By Diana Baptista and Avi Asher-Schapiro

MEXICO CITY: A week after Pedro Figueroa borrowed 10,000 pesos ($500) from Jose Cash, a popular Mexican lending app, the online abuse barrage began.

A flood of WhatsApp messages flooded his phone, threatening to damage him and his reputation if he didn’t pay.

Figueroa had borrowed the money to get him through a rough patch, but soon fell into a cycle of debt and extortion as the app began broadcasting increasingly threatening messages, including threatening to send all his contacts a manipulated image depicting him labeled as a pedophile.

To pay off debt and escape stress, 34-year-old Figueroa turned to other digital apps to borrow more money and had accumulated $75,000 in debt across 27 apps in three months.

All of this made him contemplate suicide.

“I fell into a deep ditch of fear because of these apps,” Figueroa, an IT specialist, told the Thomson Reuters Foundation, using a pseudonym for fear of further reprisals.

Figueroa is one of more than 2,230 people who fell victim to fraudulent credit apps in Mexico between June 2021 and January 2022, according to data compiled by the Citizen Council for Justice and Security, an advocacy group based in Mexico City. were compiled.

The Thomson Reuters Foundation has found 29 lending apps on the Google Play Store with millions of downloads that have been reported to authorities for extortion, fraud, violation of Mexico’s privacy law and abusive financial practices.

“We take this issue very seriously and are committed to providing a secure platform for billions of Android users. We have already taken action against more than a dozen apps and will continue to investigate,” a Google spokesperson wrote to the Thomson Reuters Foundation.

The explosion of predatory lending apps in Mexico is part of a global trend that authorities are struggling to stem.

A Reuters investigation last year found dozens of lending apps in India violating Google’s own short-term lending policies.

Investigators in Kenya last year launched an investigation into possible data breaches by mobile lenders, while regulators in the Philippines have flagged dozens of mobile lending apps as violating local laws.

BIG EASY CASH

In late March, Figueroa downloaded Jose Cash, lured by the app’s promise of a quick loan without a credit check.

The app has over a million downloads and a 4.8 out of 5 rating on the Google Play Store.

“What attracted me was its ranking and number of downloads. It also had an attractive message saying it would loan you up to $20,000 in less than five minutes,” Figueroa said.

Like most of the apps surveyed for this article, Jose Cash has thousands of similar five-star reviews in broken Spanish, all praising the app’s interest rates and speed of approval.

The moment Figueroa downloaded the app, he accidentally agreed to give her access to his contact list, call history, camera, location, text messages, social media accounts, and browsing history.

To sign up for a loan, he also provided personal information — full name, address, a picture of his ID, and bank account number.

The app also contained information about the phone, including IMEI number, year of manufacture, model and Wi-Fi connection.

“It was unclear to me at the time how my information would be used,” Figueroa said.

The 29 apps reviewed for this article all collect sensitive information that experts say exceeds legal limits.

Most lending apps have a similar line in privacy policies — all void even if the user agrees to share their data, said Dafne Mendez, founder of the Privacy Watchers advisory group. “Why do rental apps need access to the user’s contact list or pictures? It’s not really necessary for their purpose,” she said. “What they are doing is abusive, illegal and not permitted under any circumstances under the law.”

Jose Cash did not respond to requests for comment.

Representatives from two apps investigated for this article denied any wrongdoing and said credit apps that may be linked to crimes used their companies’ logos and names to impersonate them.

HARD CONDITIONS

A mix of economic crisis, financial exclusion and easy access to the internet has pushed thousands of Mexicans into illegal microcredit apps, a trend exacerbated by COVID-19.

“During and after the pandemic, there was a lack of economic activity that created harsh conditions for people,” said Salvador Guerrero, president of the Citizen Council of Security and Justice, a civil society organization that provides free legal advice to crime victims in Mexico.

“These have created the conditions for the illegal crime market.”

According to the Official 2021 Financial Inclusion Survey, 42% of adults in Mexico do not use financial services, while more than half of them work in the informal sector and therefore have no access to formal credit.

On the other hand, 84 million Mexicans have access to the internet and 96% use a smartphone, data shows.

Figueroa had his 10,000 pesos loan application approved on Jose Cash in five minutes. The fine print said the money had to be paid back within seven days at an annual interest rate of 360%.

Of the requested 10,000 figueroa, he received 5,500 pesos.

At the end of the week he was harassed to pay back the full amount. He received a picture of his face via WhatsApp, which was edited into a poster that read “Wanted for raping a minor,” which was sent to his contacts and social media.

He also received images of dismembered bodies, which left him fearing for his wife and children, while a graphic rape video was sent to one of his friends with threats against his family.

“Panic, fear and shame overcame me. I got to a point where I started contemplating suicide, I wanted to end it all,” Figueroa said.

The Thomson Reuters Foundation reviewed screenshots of images sent to other borrowers in which their faces had been edited into graphic images with text claiming they were pedophiles, sex workers or wanted criminals.

In addition to extortion and fraud, such aggressive money-grabbing tactics violate several Mexican digital harassment and defamation laws, Mendez said.

LEGAL VOID

Lending apps in Mexico operate in a loophole in the law that allows them to offer loans without having to register like regular financial institutions, said Eduardo Apaez, a banking and finance attorney and former Mexico’s financial regulator.

CONDUSEF, Mexico’s consumer finance regulator, has received more than 700 reports of doxxing — defaming someone online — related to lending apps since January, but is powerless to act.

“We have no jurisdiction or authority. We can only respond to complaints against authorized financial service providers,” said Oscar Rosado, President of CONDUSEF.

The Citizens’ Justice and Safety Council has helped victims file more than 170 reports with local police and released a list of 130 lending apps it says have resorted to doxxing, extortion, fraud and other crimes.

None of these cases have been resolved.

At least 29 of these apps are still available on the Google Play Store, the Thomson Reuters Foundation found.

Jose Cash was no longer visible – but the exact same product had appeared under a different name with the same unique Google App ID, privacy policy and contact address: SuenoCredy.

Warnings about the apps are being heard en masse – from overworked cyber police in several Mexican states and even from the country’s president.

But without success.

“There are no names, no addresses. They also use VPNs, which make tracking difficult,” Mendez said. “We have wonderful privacy laws and institutions, but how can we prosecute crime when we don’t even have a name?”