The Cyber Security Authority (CSA) has cautioned the general public against signing up for digital lending mobile applications (Apps) following a resurgence in cases of cyberbullying experienced by their users.
In a press release, the CSA revealed that so far, they have received about 130 reports of cyberbullying from victims who signed up for these apps they say are not sanctioned by the Bank of Ghana and the Data Protection Commission to operate.
“When a user installs the App, an amount (usually less than GHS 200) is automatically credited into the user’s mobile money wallet even without an actual loan request.”
“One week after disbursing the loan, the fraudsters use extortion tactics including: Demanding loan repayment with high interest rates from the victim or an associate, threatening to circulate actual or fabricated nude photos of the victim on social media and threatening to label the victim as a thief or wanted criminal.”
“Even after victims repay, some fraudsters continue to demand additional payments…Victims would typically have granted these Apps access to their data (contacts, photos) and personally identifiable information (PII) e.g., Ghana card ID, during the installation,” the CSA disclosed.
The loan apps the CSA found culpable include Ahomka Loan, Antcredit, Beanloan, Bestloan, BezoMoney, Boomloan, Casharrow, Cashwave, Cmgh Loan, Cosycredit, Credit Bag, Divacash, Express Loan, Five Loan, FullCredit, Homecredit, Unik Credit and many others.
The authority noted that the activities of these loan apps are in contravention of the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930) according to Bank of Ghana (BoG) notice BG/GOV/SEC/2022/10.
“In addition, the owners of the Apps have not met the compliance obligations of the Data Protection Commission (DPC) and hence their access and use of the data and PII of users violate the Data Protection Act, 2012 (Act 843),” they added.
The CSA called on the general public to not only stay away from these apps but also report any Cybersecurity/Cybercrime incident to the Authority via text, call or email.