Taking a loan is bittersweet. While there is someone to bail you out in time of need, the paperwork for getting a loan approval is a drag. There is a whole machinery involved, and it is far from efficient. The documents go to the lender’s back-office for processing. The details are entered manually on a spreadsheet, leaving room for clerical errors. Then, spreadsheets are computed. Finally, a credit team judges your creditworthiness. It can take anywhere between three days to several weeks before a loan is sanctioned. But there is a class of companies called ‘account aggregators’ –AAs–that digitise this process, reducing it to a few minutes, or hours for a complex job.

But if it’s so easy why haven’t more banks adopted the digital route? Because instant approvals come with risks.  

In fact, it is a wonder that a full-blown security disaster hasn’t happened as yet. Perfios says it is India’s largest online AA and it took a maverick road—riding with no stamp of approval for its ways. On the face of it, the business runs like that of a valuable fintech service provider. Perfios assesses the creditworthiness of loan seekers by scouring bank statements to create an intelligent report for the lender. It also has a personal finance management tool that lets users see all their financial relationships in one place. Pretty nifty if you have relationships with many different financial institutions.

Both services –quickening loan issues with fewer people involved, and a personal finance management product for borrowers– are good to have. But the manner in which companies such as Perfios collect data has made some banks and consumers reluctant to use them.

AAs take the client’s user and password details and access their bank accounts, and if that isn’t discomfiting enough, they create duplicate screens in a software-assisted process called ‘screen scraping’, which is internationally deemed unsafe. The company says it takes security precautions by encrypting data and runs a two-page disclaimer asking the user’s consent for accessing their bank statements. More on this later.

Rahul Sasi, co-founder of Bengaluru-based cyber security startup, CloudSek, says third-party companies are particularly vulnerable to threats. “For hackers, this is like an open invitation to make a breach as they usually target third-party vendors, rather than the main entity.”

In July, Italy’s biggest bank UniCredit saw a data breach where hackers accessed 400,000 customers’ personal data. While no money was reportedly lost, details stored at the time of taking loans such as the names, addresses and bank card numbers of borrowers were stolen. And the bank squarely blamed third party providers for the breach.  

So far, Perfios claims it has had no data breach. The security risks, along with the fact that building such a product needs deep customisation to be compatible with every financial institution has meant that few companies exist in this space.


Arundhati Ramanathan

Arundhati is Bengaluru-based. She is interested in how people use money in the digital age and how new economies will take shape based on that interaction. She has spent over 10 years reporting and writing on various subjects. Previous stints were at Mint, Outlook Business and Reuters.

View Full Profile

Available exclusively to subscribers of The Ken India

This story is a part of The Ken India edition. Subscribe. Questions?


Annual Subscription

12-month access to 200+ stories, archive of 800+ stories from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 2,750


Single Story

Instant access to this story for a year along with comment privileges.

Rs. 500


Annual Subscription

12-month access to 150+ stories from Southeast Asia.

$ 120


Single Story

Instant access to this story for a year along with comment privileges.

$ 20



What is The Ken?

The Ken is a subscription-only business journalism website and app that provides coverage across two editions - India and Southeast Asia.

What kind of stories do you write?

We publish sharp, original and reported stories on technology, business and healthcare. Our stories are forward-looking, analytical and directional — supported by data, visualisations and infographics.

We use language and narrative that is accessible to even lay readers. And we optimise for quality over quantity, every single time.

What do I get if I subscribe?

For subscribers of the India edition, we publish a new story every weekday, a premium daily newsletter, Beyond The First Order and a weekly newsletter - The Nutgraf.

For subscribers of the Southeast Asia edition, we publish a new story three days a week and a weekly newsletter, Strait Up.

The annual subscription will get you complete, exclusive access to our archive of previously published stories for your edition, along with access to our subscriber-only mobile apps, our premium comment sections, our newsletter archives and several other gifts and benefits.

Do I need to pay separately for your premium newsletters?

Nope. Paid, premium subscribers of The Ken get our newsletters delivered for free.

Does a subscription to the India edition grant me access to Southeast Asia stories? Or vice-versa?

Afraid not. Each edition is separate with its own subscription plan. The India edition publishes stories focused on India. The Southeast Asia edition is focused on Southeast Asia. We may occasionally cross-publish stories from one edition to the other.

Do you offer an all-access joint subscription for both editions?

Not yet. If you’d like to access both editions, you’ll have to purchase two subscriptions separately - one for India and the other for Southeast Asia.

Do you offer any discounts?

No. We have a zero discounts policy.

Is there a free trial I can opt for?

We don’t offer any trials, but you can sign up for a free account which will give you access to the weekly free story, our archive of free stories and summaries of the paid stories. You can stay on the free account as long as you’d like.

Do you offer refunds?

We allow you to sample our journalism for free before signing up, and after you do, we stand by its quality. But we do not offer refunds.

I am facing some trouble purchasing a subscription. What can I do?

Please write to us at support@the-ken.com detailing the error or queries.