Fintech adoption in the Philippines is rising. Filipinos can now access electronic wallets, online trading platforms, and loan apps that, for the most part, have made financial transactions easier for all involved.

The advocacy behind Fintech in the Philippines, which is financial inclusion, has spawned truly amazing services like the e-wallet CoinsPH and the money-lending app Tala.

But an opportunity for unscrupulous players to prey on people has also presented itself.

I’d like to discuss a curious case in this post, involving a money-lending app called PondoPeso. This app currently sits at the first spot of the financial category in the Google App Store (at least in the Philippines) and offers an initial loan of up to Php 40,000. The service offers a quick loan application process using just your smartphone and an even quicker approval process.

So What’s the Problem?

There are several worrying signs that this app is suspect:

It’s not a duly licensed company in the Philippines. A search of their business name using the government’s business name search yields no results. They do not have a physical address and a telephone number. The numbers they use to contact people seemingly are one-way, and usually do not respond to inquiries. Their support channels are an email address on a parked domain (this Fintech “company” doesn’t even have a working website) and a Facebook page rife with complaints from people whose issues have not been resolved. A breach in privacy is a recurring complaint on the Facebook page.

Let’s focus on the fourth item on the list above. The common story goes:

A person receives a loan and has a problem with paying it back on time. Aside from the usual shenanigans that Filipino debt collectors do like incessant phone calls and text messages, and threatening to file lawsuits that aren’t even possible, this outfit also sends messages to everyone on the person’s contact list and discloses all the information of the loan to them.

How is this possible?

Upon installation, the app asks for the user’s permission to access their contacts list. If this permission is denied, no loan process is initiated.

If the people behind the app can send messages to a person’s contact s list, then this means they saved the contact list in their servers upon installation.

Shaming Late Payers

Once a person is late for payment, the calls and messages begin. After a few days, their family and friends start to get messages as well.

The message implies that the person in debt has placed the recipient as an “emergency contact” and then proceeds to send all the details of the debt to them; full name of the person in debt, the amount, how many days payment is past due, and so on.

It’s an attempt at shaming, thinly-veiled as a “hey, we’re just checking in on your friend/family, he owes us money.”

Even legitimate debt collectors don’t do this. But the app’s collections team does so with abandon.

Why?

Either they aren’t familiar with the prevailing laws on Credit and Privacy, or they just don’t care because they think they can get away with it.

No matter what their reason, this is a perfect opportunity for the newborn National Privacy Commission to do some good for the citizenry.