According to a report filed on the Bloomberg Business platform, the sky-high rates that are charged by payday lenders are not the only concern of customers. Online lenders who specialize in payday type loans are also drawing notice from cybercriminals. The criminals take people’s account details in order to apply for credit cards, drain savings accounts or perform other kinds of thievery.
Andrews Komarov, who is the Chief Intelligence Office and President of the cybersecurity company IntelCrawler, said his is company recently received a number of databases from one seller participating on a hacking forum. The seller claims the databases contain the loan information of over 105 million people. While that number was unconfirmed, Bloomberg News did contact individuals in the databases and verified that the information originated from applications for payday loans.
According to the news report, online payday lenders make ideal targets for criminals because the data they store is so usable. The information usually includes the applicant’s social security number, driver’s license number, employer information, address and bank account details.
While such companies as PayPal also include these details, their cyberdefense systems are harder to penetrate. In addition, online lenders possess links to credit-scoring firms or debt collectors, which opens up the opportunity to steal information on people who have not taken out payday loans.
Tom Feltner, the Director of Financial Services at the Consumer Federation of America, commented on the vulnerability of payday loan information. He said, “When you have this amount of information . . . about consumers . . . [it] puts their banks accounts at [a] considerable risk. . . .” He added, “It is clear that we need meaningful reforms.”
The report states that some payday lending companies do share consumer information with lead generators and that some firms serve as payday loan clearinghouses. Either way, the information that is gathered can end up in a hacker’s hands.
Investigators reveal that even if stolen payday information is uncovered, it is hard to track the source. According to Lisa McGreevy, who is the CEO of Online Lenders Alliance, payday loan applicants may visit a lot of different sites and some of the sites are fraudulent – established for the exact purpose of capturing personal data.
Paul Stephens, who is a director of policy and advocacy at the Privacy Rights Clearinghouse, said “[S]ome bogus sites . . . go so far as to pay out loans . . . while selling the data to identity thieves.” He added, “Just because you’re getting the money when you’re applying online doesn’t necessarily mean [the lenders are] legitimate.”