Many people who seek online payday loans are already in a very vulnerable position when they take on the added risk of the excessive interest rates and often exorbitant fees associated with these short-term loans. But there’s another danger possibly lurking in the payday shadows: Having all their personal and financial data end up in the hands of cyber criminals.
Bloomberg reports that as millions of consumers turn to online payday lenders – companies known to skirt state laws in order to provide high-interest, short-term loans – for needed lines of credit, they’re also putting their most valuable information up for grabs.
Cybersecurity experts say that the highly sensitive information online payday lenders and lead generators store – such as names, Social Security numbers, addresses and financial data – have made the companies an increasingly tempting target for hackers.
While online payday lenders aren’t the only entities to carry such sensitive consumer information, experts say that larger banks often have more robust cybersecurity defenses.
But even those institutions aren’t exempt from devastating hacks. Just last year, information for 76 million households and 7 million small businesses was compromised in a mega coordinated attack against JPMorgan Chase and other banks.
And it’s not just consumers who take out an online payday loan that are vulnerable to this kind of breach, those who have simply researched the option or shown interest in the credit have also put their data at risk.
Lead generators and clearinghouses often collected personal information from consumers looking for payday loans. Those companies then sell that data to actual payday lenders, creating another avenue in which criminals can get their hands on personal data – either through a hack or by purchasing the information.
In fact, the Federal Trade Commission shut down one such operation that made $46 million by issuing unauthorized payday loans to consumers who had provided their information to a third-party lead generator.
According to the FTC complaint [PDF], the operation purchased the information from the lead generators and, without approval from the borrower, used it to deposit money — typically between $200 to $300 — in a borrower’s account.
Once the unauthorized “loan” was deposited, the defendants would then allegedly withdraw recurring bi-weekly “finance charges” of up to $90, quickly racking in millions of dollars.
Andrew Komarov, president and chief intelligence officer of cybersecurity firm IntelCrawler, tells Bloomberg that criminals accessing consumers’ personal information through online payday lenders is a “new wave of fraud.”
To illustrate his point, Komarov says that IntelCrawler recently obtained several databases from a seller on a hacking forum who claims to have access to lending information for more than 105 million consumers.
Bloomberg contacted several consumers on the list and many said their data came from payday loan applications.
One man told Bloomberg that he was notified last November that two accounts he had with a bank – and had previously provided to a payday lenders – had been hacked multiple times. In all, he says he lost about $1,100.
Hackers getting their hands on consumers’ personal information through online payday lenders isn’t exactly a new worry for consumer advocates.
Tom Feltner, director of financial services for the Consumer Federation of America says that these kinds of breaches highlight a significant threat to the financial system.
“When you have this amount of information in this level of detail about consumers that may have taken out a loan or are considering taking out a loan, that puts their bank accounts at considerable risk,” he tells Bloomberg.
Representatives for the online lending industry tell Bloomberg they’re working to expose fraudulent practices, like companies that knowingly sell consumer information to identity thieves. But that could be easier said than done, considering the thousands of online payday lenders working online.
“The challenge is that people go on lots of different sites—some of those sites are fraudulent sites that are put up there exactly for this purpose: capturing this data,” Lisa McGreevy, chief executive officer of the Online Lenders Alliance, tells Bloomberg.
While the industry tries to find unscrupulous lenders, consumers are left wondering if their information is up for grabs.
For advocates like Feltner, the vulnerability of already-struggling consumers’ information is just another reason payday loan reform need to occur sooner, rather than later.
How Hackers Can Cash In on Your Online Payday Loans [Bloomberg]
