The Borrower’s Safety Checklist: How to Verify a Microfinance Loan Before You Apply

When you need fast cash, a microfinance organization (MFO) can seem like the easiest option. But the digital lending space is also a hunting ground for scammers, illegal lenders, and predatory terms. One wrong click can cost you your data, your money, or even your credit history.

This checklist is not about getting approved faster or promising government support. It is a practical, step-by-step guide to verifying the legitimacy and safety of any MFO or online lender before you submit your application. Use it every time.

---

1. Check the Official Domain (Not Just the Name)

Scammers often create fake websites that look identical to real MFOs. The first red flag is the web address.

• What to do: Look at the URL in your browser’s address bar. The official domain should match the company’s legal name exactly, or be a clear, logical variation (e.g., `example-mfo.ru`).
• Check for typos: Scammers use misspellings like `examp1e-mfo.ru` (using the number 1 instead of the letter 'l') or `example-mfo-credit.ru`.
• Check the extension: Be wary of unusual extensions like `.top`, `.xyz`, or other non-standard domains unless the company is a well-known international brand.
• Look for HTTPS: The URL should start with `https://`. The padlock icon in the address bar does not guarantee legitimacy, but its absence is a major warning sign.

Action: Write down the exact domain you are on. Compare it to the domain listed on the company’s official social media pages or in the Central Bank of Russia (CBR) register.

---

2. Read the Consent Text (Don’t Just Click “Agree”)

When you apply online, you are asked to consent to processing personal data. Most people skip this. Don’t.

• What to do: Before checking the box, click on the link that says “Consent to processing of personal data” or “Privacy Policy.” Read it for three specific things:
• Purpose: Does it say the data is only used for loan origination and servicing? Or does it say data may be sold, transferred to third parties for marketing, or used for credit scoring by unknown agencies?
• Scope: Does it ask for data unrelated to the loan (e.g., access to your entire contact list, photos, location history)?
• Retention period: How long will they keep your data? A legitimate MFO will state a specific period (e.g., a certain number of years after loan repayment). An illegal lender may say “indefinitely.”

Action: If the consent text is vague, overly broad, or impossible to read (tiny font, broken link), do not proceed. A legitimate lender makes this text clear and accessible.

---

3. Verify the Lender’s Identity (Legal Name & License)

The name on the website may be a brand, not the legal entity. You must know the exact legal name.

• What to do: Scroll to the bottom of the website (the footer). Look for “Legal entity name,” “OGRN” (Primary State Registration Number), or “INN” (Taxpayer Identification Number).
• Check the details: The legal name should be a specific LLC or JSC (e.g., “MFO Example LLC”). The OGRN and INN should be clearly displayed.
• Cross-reference: Search online for the legal name + “OGRN” or “INN.” You should find the company listed on official government databases (e.g., the Federal Tax Service register). If the numbers lead to a different company or no results, it is a scam.

Action: Write down the full legal name and OGRN. Use the next step to verify them.

---

4. Confirm the MFO is in the State Register (CBR Registry)

This is the single most important step. In Russia, all legal MFOs must be registered in the State Register of Microfinance Organizations maintained by the Central Bank of Russia (CBR).

• What to do: Go to the official CBR website: `cbr.ru`. Navigate to the section “Financial Markets” → “Registers” → “State Register of Microfinance Organizations.” Alternatively, use the direct search link (search “CBR register of MFOs”).
• Search: Enter the legal name or OGRN you found in Step 3. The register will show:
• The exact legal name.
• The registration number and date.
• The status (should be “Active” or “Current”).
• The types of microfinance activities permitted.

Important: If the company is not in this register, it is operating illegally. Do not apply. Even if the company claims to be a “partner” or “agent,” the actual lender must be in the register.

Action: Take a screenshot of the register entry. If you cannot find it, walk away.

---

5. Calculate the Full Cost of the Loan (Not Just the Interest Rate)

The interest rate (e.g., a daily rate) is misleading. You need the Full Cost of the Loan (FCL) – the real percentage including all fees.

• What to do: Look for the “Full Cost of the Loan” or “Effective Annual Percentage Rate (APR)” in the loan agreement or on the calculator page. This is legally required to be displayed in a box on the first page of the contract.
• Understand the limits: The CBR sets a maximum FCL for MFOs. If the FCL is above the legal limit, the lender is violating the law. Check the current limit on the CBR website.
• Check for hidden fees: Read the fine print for fees for: early repayment, late payment, account maintenance, SMS notifications, or issuing a card. These can drastically increase the cost.

Action: Use a loan calculator (e.g., on the CBR website or a reputable finance site) to input the loan amount, term, and interest rate. Confirm the total repayment amount matches what the lender shows. If the FCL is missing or unclear, ask for it in writing. If they refuse, do not proceed.

---

6. Honestly Assess Your Repayment Ability

No lender can promise approval, and you should not rely on one. But you must be realistic.

• What to do: Before applying, calculate your Debt-to-Income (DTI) ratio. Add up all your monthly debt payments (existing loans, credit cards, rent, utilities). Divide that by your monthly net income. A high DTI ratio is dangerous.
• Check the loan term: MFO loans are short-term (usually a few days to a month). Can you repay the full amount (principal + interest) in that time? If you need to roll over the loan, the cost will skyrocket.
• Consider consequences: Defaulting on an MFO loan can lead to harassment from collectors, court orders, and damage to your credit history. It is not “free money.”

Action: Write down your total monthly expenses and income. If the loan payment would push your DTI to a high level, do not borrow.

---

7. Verify Card Requirements (For Online Lenders)

Many MFOs require you to have a debit or credit card to receive funds. Scammers exploit this.

• What to do: The lender should only ask for your card number, expiry date, and CVV code to process a transfer to you (via a payment system like Visa/Mastercard). They should never ask for your card PIN, online banking login, or password.
• Red flags: If the lender asks for your card’s 3D Secure password, SMS code from your bank, or asks you to install remote access software (like TeamViewer), it is a scam. They will drain your account.

Action: Use a virtual card (issued by your bank) with a low balance or a dedicated card for online transactions if possible. Never share your PIN or login credentials.

---

8. Review the Required Documents (Less is More)

Legitimate MFOs require minimal documents for small loans.

• What to do: A standard application requires only:
• Passport (or other ID).
• SNILS (if required by the lender’s policy).
• Contact information (phone, email).
• Red flags: If the lender asks for:
• Scanned copies of your entire passport (all pages).
• Your driver’s license, military ID, or work certificate (unless the loan is very large).
• Your bank account login or password.
• Photos of your credit cards (front and back).
• Any document that seems excessive for a small loan.

Action: If the document list seems excessive or invasive, compare it to the CBR’s standard requirements. If it’s unusual, it is likely a data-harvesting scam.

---

9. Check Privacy & Data Security Policies

Your personal data is valuable. A legitimate MFO must protect it.

• What to do: Look for a Privacy Policy or Personal Data Processing Policy on the website. Read it for:
• Data storage: Is data stored in Russia (required by law)? Is it encrypted?
• Third-party sharing: Who do they share data with? (Credit bureaus, collection agencies, partners). The list should be specific.
• Your rights: Does it explain how you can request deletion of your data?
• Check for security seals: Look for SSL certificates (the padlock) and mentions of compliance with Federal Law No. 152-FZ “On Personal Data.”

Action: If the privacy policy is missing, generic, or says data is shared with “any third party,” do not apply. You are giving away your identity.

---

10. Recognize Common Scam Signals (Red Flags)

Even if all the above checks pass, watch for these behavioral red flags:

• Pressure: “This offer expires in 10 minutes!” or “Apply now before rates go up!” Legitimate lenders do not create false urgency.
• Upfront fees: “Pay a processing fee to receive your loan.” This is almost always a scam. Legitimate MFOs deduct fees from the loan amount or add them to the repayment.
• Guaranteed approval: “100% approval, no credit check!” No legitimate lender guarantees approval. They always perform at least a basic check.
• No physical address: The website lacks a physical office address, or the address leads to a residential building or non-existent location.
• Poor communication: Emails come from free services (Gmail, Yandex, not the company domain). Phone numbers are mobile numbers, not official landlines.
• Fake reviews: Look for reviews on independent platforms (e.g., Banki.ru, Otzovik). Be skeptical of overly generic positive reviews.

Action: If you see two or more of these signals, stop the application immediately. Trust your gut.

---

Final Summary: Your Before-You-Apply Checklist

1. Domain: Verified official domain (no typos, check for unusual extensions).
2. Consent: Read and understood the consent text (clear, limited scope).
3. Lender: Found full legal name, OGRN, INN.
4. Registry: Confirmed active registration on the CBR website.
5. Cost: Calculated the Full Cost of Loan (FCL) and checked it is within legal limits.
6. Ability: Honestly assessed your DTI ratio and repayment capacity.
7. Card: Only provided card number, expiry, CVV (never PIN or login).
8. Documents: Only minimal, standard documents requested.
9. Privacy: Clear privacy policy with data protection details.
10. Scam signals: No pressure, upfront fees, or guaranteed approvals.

Remember: No legitimate lender promises speed or government support. If it sounds too good to be true, it is. Use this checklist every time, and you will significantly reduce your risk of falling victim to a loan scam or predatory lender. Your financial safety is worth the extra time.

Disclaimer: This checklist is for informational purposes only and does not constitute legal, financial, or cybersecurity advice. Always consult official sources such as the Central Bank of Russia (CBR) and Rosfinmonitoring for current regulations. This checklist does not verify any integration with Gosuslugi/ESIA or government endorsement. No legitimate lender will ask for your passwords, SMS codes, or remote access to your device. Domain extensions alone are not reliable indicators of legitimacy; always cross-check with the CBR register.