The only person David Kiragu lied to about the texts was his mom. To those close to him, like his partner, friends, former schoolmates, and work colleagues, he explained what was going on. To more distant contacts, including annoying relatives, he said nothing.

His mother probably knew he was lying — mothers often do — but she let it slide.

“I couldn’t tell her the truth,” Kiragu said to me last December. “So I told her it was one of those prison scams and she should ignore it.”

He owed money. Not a lot of it, but that didn’t matter. His fintech creditor was still telling everyone in Kiragu’s inner circle that he was a deadbeat.

It happened like this: Toward the end of March 2018, Kiragu found himself in a bind. At 32, he earned a solid income as a manager at an iNGO in Nairobi. But for the first time in his life, he couldn’t make rent.

His choices were limited. He could always borrow the remainder from friends, family, or somebody else in his network. The problem was that if he did, people would know he was living beyond his means.

But then one morning Kiragu logged into his Facebook account and saw an ad for a fintech app called OKash that promised to be the discreet friend who would spot him some cash and never mention it again. Offering the ability to “process loans in seconds,” OKash is one of many fintech apps that have sprung up in Kenya since 2012. All he needed to do was download the app, enter his financial details, and let the algorithm generate a credit rating. He would get the money he needed and could pay it back once he was liquid.

He doesn’t remember that day too well now, but Kiragu thinks it took just minutes to apply for his loan. His money arrived right away, so he paid his bills and moved on. “I started with about $15, which I repaid [on time], and my loan limit expanded. Then I borrowed about $35, which I also repaid,” he told me as we sat on the balcony of a chic restaurant in a mall outside Nairobi.

It was the third loan that upended his life. He needed it to top up his rent, because by then a vicious cycle had begun, wherein he would pay off his loan then borrow again to fill the hole that the last payment had left in his finances.

Kiragu started getting calls even before that deadline passed.

“Will you repay your OKash loan?” Kiragu remembers a caller asking him, before warning that if he missed a payment, the company would notify everyone on his contact list. In texts he showed me on his phone, an OKash representative had written an hour before the deadline lapsed, “Despite several polite reminders on your OKash loan . . . No PAYMENT received yet . . . Note that we are going to invade your privacy according to Terms of Service clause 8, IF NOT CLEARED BY 4PM.” The clause in question reads as follows: “In the event we cannot get in contact with you or your emergency contact, you also expressly authorise us to contact any and all persons in your contact list.”

In the days after the deadline, debt collectors hounded Kiragu, calling three to four times every hour. They also cast a wide net. “They texted just about everyone I know,” Kiragu says. His parents and many friends got messages. One of his colleagues even shared a screenshot of a text from OKash in an office-wide WhatsApp Group.

“Some [people] sympathized with me,” Kiragu wrote in a Facebook post about the experience. “Some were laughing at me and some were actually very annoyed that OKash is exposing and shaming me . . . Even my boss called me to ask if everything is okay.”

But his colleagues weren’t his main concern. What worried him more was what his parents would think. After an estranged aunt shared the message within his village, Kiragu’s father accused him of bringing shame on the family.

This was nearly two years ago, but the memory is still raw, so much so that Kiragu asked to use a pseudonym for this article. “If you pay on time, they are angels,” Kiragu said as he sipped his tea and stared at a potted plant behind me. “They keep texting you to take out another loan with them. If you do and won’t or can’t pay, then it’s pretty simple: Pay or we damage what you value most.”

Sven Torfinn/Panos Pictures Panos/Redux

In 2007, Safaricom, Kenya’s biggest telecoms provider, launched M-Pesa, a mobile wallet that allowed users to send and receive money and buy airtime. Smartphones were just becoming popular, so Safaricom tailored its fintech product to the basic cell phones most Kenyans already owned. It was immediately hailed as a revolutionary way to bring millions of “unbanked” customers into the formal financial sector. The Clinton Global Initiative and other major philanthropic organizations were vocal supporters, and it was soon being taught as a case study in business schools around the world. It was also a success on the ground: Safaricom aimed to sign up 350,000 M-Pesa users by the end of 2007, but by November it had already attracted over 1 million. From there, it only continued to grow. As of last September, 23.6 million Kenyans — nearly half of the country’s population — were using it regularly.

M-Pesa was initially meant to be a microfinance project; its first sales pitch to users was “Send Money Home.” It was banking on the fact that while working-class Kenyans who lived away from home wanted to support their families, cash is expensive. This was not a new concept; among Somalis, the Hawala system exists to address this same problem. If you want to send money to someone, you give it to a local agent, who then contacts a second agent located in the same area as the intended recipient, and that agent then disburses the money. Both agents earn a small commission, and they sort each other out.

In Kenya, there were several factors behind M-Pesa’s rapid ascent. One was that 2007 was an election year, and when violence erupted over the results, having a way to transfer money without leaving the house felt to Kenyans like a godsend. Another, more structural, reason was that before M-Pesa, the country’s banking sector served only a portion of the population. Kenya’s economy collapsed four times between the mid-1980s and the early 2000s, by which point the banks were heavily regulated. It was nearly impossible for low-income Kenyans, including millennials, to get loans. No such legal barriers applied to fintech.

When fintech took off, banks, Silicon Valley–backed products, private-equity products, and Kenyan companies all began competing for the same clients. One of the first savings-and-lending apps, called M-Shwari, was launched in 2012 through a partnership between a local bank and Safaricom. Some of its earliest users were Kenyans in the informal economy. In a 2017 social media post, for example, a business journalist noted that “up to a third of loans are taken between the hours of 3am and 5am. Most are repaid within twenty-four hours.” When the Central Bank looked into what was going on, they discovered that a typical user was a market seller who would wake up early and borrow enough money to pay everybody in her supply chain that day. She would then work until evening, pay back the loan, and repeat the cycle again the next morning.

Within a few years, credit-app use had started to spread throughout Kenyan society. Over a 13-year period, financial inclusion jumped from nearly 27 percent, in 2006, to almost 83 percent. And the product side grew as well. As of September 2018, according to a report from Financial Sector Deepening Kenya (FSD), the two main app stores offered 110 credit apps.

Almost all of these companies make their money by providing short-term loans with high interest rates. But that’s often where transparency around the business model ends. Since there is no regulatory framework governing fintech, it is hard to know who exactly owns an app or even where the money is coming from. The absence of regulation has many perks for the sector and one major liability: As companies soon discovered, if a user does not pay back what they have borrowed, plus interest, there is little a digital lender can do. Users can simply delete the app and move on. One solution to this problem has been to flag defaulters to one of Kenya’s three credit reference bureaus (CRBs), effectively locking them out of the credit market. It’s unclear how effective this strategy is, but it’s frequently used. Between 2014 and 2017, about 2.7 million Kenyans were negatively listed with a CRB, 15 percent of them for defaulting on loans of less than about $2. Last year, “how to check CRB status” was among the most-Googled questions in Kenya, between “how to be successful in life” and “how to get pregnant.”

Before long, digital lenders started looking into other methods of recouping their investments. Skip tracing, the ancient art of finding someone who owes you money and making them pay, was virtually nonexistent among fintech companies until early 2018. Coincidentally, that was the same year that Opay, a fintech company partially owned by the software-maker Opera, launched OKash in Kenya. The majority of Opera’s operations had been bought by a consortium of Chinese investors two years earlier, and shortly afterward, the company went on an expansion spree, announcing plans to invest $100 million in East Africa. While Opera’s then managing director, a former banker  named Edward Ndichu, said at the time that the app would protect users’ personal information, he never explained how the company planned to safeguard its financial investment. But the answer was buried in OKash’s terms and conditions: When users download the app, they give it permission to access their contacts.

Simoul Alva for Rest of World

Reports of OKash using social shaming started to surface almost as soon as the app went live. And people immediately felt the fallout. A University of Nairobi student told me on Twitter that the texts cost him his relationship, and another user told me his boss almost fired him for embarrassing the company. Another user, who wished to remain anonymous, told me he had read the fine print and knew OKash that would contact some people if he didn’t repay. “But of all people,” he marveled, “MY MOTHER IN LAW?”

Some said this felt as if a belligerent stranger had walked into their living room and started shaking them down for money. A user identifying herself as Clare Wambui claimed in the Google Play comments section that she had been repeatedly contacted about an unpaid loan by representatives who used “abusive and threatening” language and increased her interest rates. “I wish I knew where your offices are [so] I [could] come call you those names you call your clients,” she added.

Criticism of these practices has steadily grown, and in January, a spokesperson for OKash told Bloomberg that the app no longer utilized contact lists as leverage over defaulters. Our reporting found otherwise. Customer posts in the Google Play Store allege that the company continued to text and call its users’ contacts through February of this year. Moreover, while OKash was updated in January to conform to Google Play’s new rules concerning payment periods for credit apps, it did not remove clause 8 — which grants it access to Kenyan users’ contact data — from its terms and conditions. (In response to a Rest of World query, an Opera spokesperson said that the company is “currently working on the latest updates of the terms and conditions in the app.”) 

To combat OKash’s debt collection practices, some people have started gaming the system. One OKash user told me that she wrote to her entire contact list to say that her phone had been stolen and that they should ignore any fraudsters who might text them. Then she deleted the app. Another posted an audio recording of himself yelling at OKash debt collectors. Others have simply refused to pay back their debts, even after their friends and relatives have been contacted.

Such responses inevitably raise the question of whether social shaming can be the foundation of a sustainable business strategy. While Opera’s fintech arm reported enormous growth between September and November of 2019 — tripling its revenue to $39.9 million — the company’s credit losses simultaneously expanded, totaling nearly $20 million during that same period. On an individual scale, after landing on the wrong side of their creditors, the users I contacted were inclined either to abandon the app altogether once they could afford to or to simply ignore the harassment and get on with their lives. While many people were familiar with apps that might gently encourage them to eat well or exercise regularly, OKash was different. It was like having a friend post embarrassing photos of them online after they had failed to meet their weight-loss goals.

And yet OKash is only one of many companies around the world using social networks to leverage the power of shame. Last January, a local court in China’s Hubei province used WeChat to release a “map of deadbeat debtors.” In Russia, an online newspaper launched an app called Parking Douche that let citizens upload photos of badly parked cars, which were then fed into pop-up ads on the paper’s website. Before the 2018 US midterm elections, an app called VoteWithMe was released that made it easy for users to check the voting histories of people in their contacts. Last October, in response to more than 300 complaints, the Philippine government summoned the owners of 67 lending apps accused of predatory practices to a public hearing. Twenty-six of those apps were subsequently shut down. Across East Africa, a handful of credit apps have taken approaches similar to OKash’s. And even when an app doesn’t directly contact anybody, it might still use data as collateral: In Nigeria, for instance, the popular lending product Migo will scan a person’s contacts to see if they include known debtors. 

These examples might seem extreme, but they’re only exaggerated versions of dynamics that most tech users are already familiar with. Push notifications, messages that recommend products or nudge users to check in, are so embedded in our daily lives that they often seem like mere minor annoyances: the tax we pay for free technology. We regularly grant apps access to our location, contacts, and other forms of personal information without even realizing it. In the rush toward innovation, as we’ve seen again and again, privacy and social norms often get left by the wayside. And when this happens, you end up with something like OKash.

Nichole Sobecki/VII/Redux

Kenya lacks laws and norms to navigate this corner of the digital age. The rules, instead, are forming among fintech players, but not fast enough. In June 2019, about a dozen digital lenders — not including OKash — created the Digital Lenders Association of Kenya (DLAK) to regulate industry practices. In the association’s code of conduct, members are asked to supervise “the activities of external providers of debt collection services” and investigate “reported cases of infringement of consumer rights.”

At stake is the reputation of the entire fintech sector. “We want to be regulated,” Kevin Mutiso, the founder and CEO of Alternative Circle, which offers a micro-loan product called Shika, wrote in an email. Mutiso, who is also one of the founding members of DLAK, worries that, if it goes unregulated much longer, Kenyans may give up on digital credit entirely. “We would [only] need light touch regulations,” he wrote, “minimum capital requirements, customer verification, and submission of positive and negative data to credit bureaus.” Francis Gwer, a researcher on Kenya’s FSD report on fintech, agreed that efforts to regulate have so far fallen short. “For now,” Gwer wrote in an email, “all the proposals to rein in the lending sector are just bandages.”

Lack of regulation is already taking a toll on fintech in Kenya. In a scathing February report on Opera, financial-forensics firm Hindenburg Research alleged that the corporation was hemorrhaging money and its products were losing users. (The report was released alongside Hindenburg’s announcement that it had taken a short position on Opera.) The publication also criticized what it asserted were the company’s predatory practices, including the fact that Opera’s mobile lending apps in Kenya, Nigeria, and India impose astronomical interest rates on users who don’t repay their loans within 30 days — half the amount of time required under the terms of the Google Play Store. Opera rejected the report as full of “numerous errors, unsubstantiated statements, and misleading conclusions and interpretations.” Yet Hindenburg projects that once Google realizes what is going on, “this entire line of business is at risk of disappearing or being severely curtailed.” In February, shareholders filed a class-action lawsuit against Opera for allegedly making false and misleading statements about their methods and policies.

When asked to comment on Okash and other apps owned by Opera, and allegations that they violate its rules, Google Play replied only that it had recently expanded its policies “to protect people from deceptive and exploitative personal loan terms,” adding, “When violations are found, we take action.” 

For their part, fintech companies say these strategies are simply required to do business. “People misunderstand why we charge the way we do, but it is a complex calculation of risk,” Mutiso wrote in his email. “It usually has to start high as the business has to be able to absorb the losses we are inevitably going to have,” he explained.

One big irony of fintech is that as the industry has grown, people have begun to use credit apps against each other, often taking from one app to pay another. While a user might be barred from borrowing from one because of unpaid student loans, for example, they could still easily get credit from a competitor. As I was reporting this story last December, one of my siblings called to ask for a soft loan of $30, which she promised to repay right away. She had to cover a loan she owed Tala, a Silicon Valley–backed app, from which she planned to borrow again immediately afterward. She only needed the money to pay the balance, skirt the deadline, and renew her line of credit. I knew what her plan was even before she finished telling me about it; many other people were doing the same thing. (I sent her the cash and told her she could keep it.)

In an effort to correct course, in late 2018, Safaricom and two other financial partners introduced Fuliza, an overdraft service, on its M-Pesa platform. The idea was to restore some legitimacy to mobile lending, and to get rid of the impression that the whole sector was built on sand. Fuliza lets users pay or send more money than they have in their mobile wallet within a certain limit. If users fail to repay the loan within the prescribed time period, interest will begin to accrue at a daily rate, and that amount will be deducted automatically when the person next receives money, regardless of who sent it. The service was a hit — Safaricom users borrowed roughly $800 million in the first six months of 2019 — and Fuliza, which is Kiswahili for “overdraft,” became a slang term. 

Of course, as with every other digital-lending product, as soon as Fuliza became part of our reality, Kenyans started gaming it. Several weeks ago, I wanted to place an order with Martin, my bodaboda delivery guy. Martin has two phone numbers. One of them, he told me, has Fuliza, while the other uses a different payment app. So before sending him out on an errand, I called him to ask which number I should use. Then I made my request to the number without Fuliza. That way, he told me, he could accept my money without having to pay back his debt.