The Cyber Security Authority (CSA), has admonished the public to desist from subscribing to some 38 online loan applications as they are not sanctioned by the Bank of Ghana (BoG) as well as the Data Protection Commission.
ICSA warned that individuals who patronise these services do so at their own risk, urging Ghanaians to review access permissions for mobile applications carefully before installing them.
The loan apps include Ahomka Loan, Antcredit, Beanloan, Bestloan, BezoMoney, Boomloan, Casharrow, Cashwave, Cmgh Loan, Cosycredit, Credit Bag, Divacash, Express Loan, Five Loan, FullCredit, Homecredit, Unik Credit and many others.
In a statement by CSA, it said, “the public is strongly advised against subscribing to these mobile applications since they ARE NOT sanctioned by the Bank of Ghana and the Data Protection Commission.
Touching on the modus operandi of owners of these mobile loan apps, the statement said subscribers who default in repayment are threatened to have their nudes published on all social media platforms.
“When a user installs the App, an amount (usually less than GHS 200) is automatically credited into the user's mobile money wallet even without an actual loan request.”
“One week after disbursing the loan, the fraudsters use extortion tactics including: Demanding loan repayment with high interest rates from the victim or an associate, threatening to circulate actual or fabricated nude photos of the victim on social media and threatening to label the victim as a thief or wanted criminal.”
“Even after victims repay, some fraudsters continue to demand additional payments…Victims would typically have granted these Apps access to their data (contacts, photos) and personally identifiable information (PII) e.g., Ghana card ID, during the installation,” the CSA disclosed.
The authority noted that the activities of these loan apps are in contravention of the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930) according to Bank of Ghana (BoG) notice BG/GOV/SEC/2022/10.
“In addition, the owners of the Apps have not met the compliance obligations of the Data Protection Commission (DPC) and hence their access and use of the data and PII of users violate the Data Protection Act, 2012 (Act 843),” they added.
The CSA called on the general public to not only stay away from these apps but also report any Cybersecurity/Cybercrime incident to the Authority via text, call or email.
