Boon or Bane? Uncovering the Risks of Sharing User Data with Financial Apps

Financials Author: Yiru Qian Editor: Tao Ni Mar 15, 2022 11:49 AM (GMT+8)

Digital finance brings opportunities, but new risks ensue

Internet financial management

The annual consumer rights TV show, aired by China's state broadcaster China Central Television (CCTV), is only a few hours away. This evening gala is also known as "315," which is a reference to the World Consumer Rights Day on March 15. It is designed to expose unethical business practice and illegal cover-ups, and has previously named and shamed firms from domestic online recruitment platform (JOBS:NASDAQ) to reputable international brands such as Siemens(SIE:ETR) and BMW (BMW:ETR).

In fact, the use of personal privacy data is attracting increasing attention in recent years. Last year, the two-hour gala singled out the renowned kitchen and bath product manufacturer Kohler for using "undetected" face recognition cameras to collect information such as consumers' gender, age and mood without seeking their authorization. The company continuously analyzed the data obtained and adopted targeted marketing and sales strategies accordingly. Moreover, it was revealed later that this face and user profiling data was also shared with the data aggregator illegally.

The same malady has also afflicted digital finance. Digital technologies are reshaping our lives and spurred by the COVID-19 pandemic, a growing number of consumers are using digital banking and financial apps on a regular basis to manage their finances, transfer money, and engage in other financial activities. Yet, consumers remain mostly in the dark about personal financial data collection, access, storage and sharing.


Financial apps are the most egregious data poachers  

According to the Identity Theft Resource Centre (ITRC), the overall number of data breaches in 2021 around the world was up 60% over 2020, with data poaching in the financial services sector also showing a significant uptrend. Consumers had a scant knowledge of what data would be collected and how data was stored and shared when they signed up for financial apps. This is likely due to the fact that this type of detailed information is usually buried within the lengthy, obscure terms and conditions that first-time app users must agree to. But according to a consumer survey by The Clearing House, a banking association and payments company, on average 77% of respondents did not read them at all.


Chinese authorities have launched a series of crackdowns on smartphone apps that illegally collect personal data, lack privacy protocols or have vague rules since 2019 to actively address the problem. In one of such clampdowns in 2019, 41 apps were blacklisted for illegal and excessive collection of user data or setting improper barriers to logging out of user accounts. Tencent’s popular Chinese social media platform QQ (Version 8.2.0) was one of them.

The 2021 campaign had broader repercussions and over 100 apps have been penalized and removed from app stores. The violators were mostly in finance and cash loans segments, including apps operated by Ping An Group (2318:HKG) (601318:SH), DiDi Global (DIDI:NYSE), 360 Digitech (QFIN:NASDAQ) and China Merchants Bank (3968:HK) (600036:SH), although the specific fines for each app were not disclosed.

Last month, China's Ministry of Industry and Information Technology (MIIT) released a notice on apps in violation of users' rights in 2022. Another 107 apps and 13 embedded third-party software development kits ("SDKs") had been ordered to rectify their problems within a week from the day the dressing-down was issued. MIIT has also published an updated, stricter version of data regulation, giving itself more power in overseeing cross-border data transfer.

Dark schemes come to light

On the blacklist composed by Heimao Tousu (Chinese: 黑猫投诉), a third-party consumer complaint platform under tech giant Sina, Alibaba-backed Alipay ranked first in the financial payment sector in the weekly list starting from March 7. And WeBank - the first so-called neobank in China - placed second in both the weekly list and quarterly list; China's biggest social networking and mobile game company Tencent (0700:HK) is its largest shareholder.

The number of complaints lodged against  WeBank's core lending product Weilidai (Chinese: 微粒贷), which literally means "a tiny bit of loan," have reached 12,450 as of March 14, 2022. According to the consumer rights watchdog, most of them revolve around offenses including violent debt collection, invasion of user privacy and deduction from unlinked bank cards.

Several other consumer finance and loan products companies have also received a lot of criticism. By analyzing the complaints documented on the website, EqualOcean has come up with a list of the top five culprits in the financial payments sector, which includes Home Credit (64,373), 9f Bank (Chinese: 玖富万卡) (51,890), Fenqile (Chinese: 分期乐) (46,875), Niwodai (Chinese: 你我贷) (36965) and JD Finance (31313) (restructured as JD Technology amid Beijing's tech crackdown in 2021).

Innovative strategies based on overused data

In addition to personal information leakage, the excessive use of user data has also been one of the hot topics in recent years.

User profile is undoubtedly an important digital asset with commercial value, especially for tech companies. Take Alibaba (BABA:NASDAQ) as an example. This tech conglomerate utilizes users' consumption records generated via its e-commerce platforms - Taobao and Tmall - along with powerful algorithms to establish credit ratings and user portraits for individuals These in turn will feed back into the financial services such as the microloan products Huabei (Chinese: 花呗) and Jiebei (Chinese: 借呗).

"From information collection, processing to value transformation, it is a complete data value chain. Based on such business logic, many Internet companies tend to collect as much personal information as possible and form datasets. This is the reason for excessive collection," said Liu Dian, an associate researcher at the China Institute of Fudan University.

These so-called platform economies leverage the huge amounts of user profiles and transaction data to further design niche products according to customers' characteristics and develop targeted marketing strategies. While users enjoy a certain amount of convenience, there is also an aversion to the risks associated with information sharing and data leakage. Such a "privacy paradox" is not uncommon; the key point then comes down to finding a balance.

Bottom line

In the age of the Internet and big data, personal information is undoubtedly a valuable digital asset. It is foreseeable that the general public will be more concerned than ever about their privacy, especially the security of financial data. As privacy infringements and information breaches are and will remain prevalent in China for a long time, only those companies that are truly user-centric will be trusted with these coveted "digital assets" amid increased regulatory scrutiny and be able to thrive in the long run. The era of China's "Wild West" of data protection, with unbridled theft of personal information, is finally coming to an end.