When a fintech in Southeast Asia misused device locking to install spyware on borrower smartphones, the fallout was swift: regulators shut the company down, customers lost trust, and competitors were tainted by association.
Contrast that with another lender in the same region who did the opposite—sending every borrower a two-minute explainer video before contracts were signed. Customers knew exactly what device locking meant, and repayment rates climbed with zero complaints.
These stories underscore the same truth: device lock is powerful, but without guardrails it can backfire. Product managers and compliance teams need a playbook—a set of simple, hard rules to keep enforcement effective and privacy intact. Here’s what experience on the ground, and the perspective of GetMobi’s CEO Victor Kirnarskiy, can teach us.
Rule 1: Be Explicit and Vivid
Victor’s first principle is simple: “Tell your customer clearly: this is a smartphone with device lock, and we use this technology from day one until the last day of our relationship.”
Why it matters: In fintech, ambiguity erodes trust. Hiding lock mechanisms in fine print creates confusion and complaints. When customers know upfront what to expect, they see device lock as fair discipline, not coercion.
Checklist for PMs & Compliance:
Are disclosures visible in the app, in plain language, and multilingual if needed?
Do you provide examples or demos (videos, FAQs, onboarding visuals)?
Could a first-time borrower explain device lock in their own words after signing?
Rule 2: Align Internally Before You Launch
A surprising risk isn’t external—it’s inside the company. As Victor recalls, “Legal, product, and IT must be 100% aligned that device locking will only be used for repayment discipline—not surveillance or control.”
Why it matters: In some negotiations, lenders asked if they could use device lock to collect user data or pressure defaulters with intrusive tactics. These aren’t mistakes; they’re deliberate misuses—and they destroy trust.
Checklist for Teams:
Has your leadership agreed on the purpose of device lock?
Are there written policies limiting use strictly to repayment discipline?
Would every department (legal, product, engineering) give the same answer if asked, “What is device lock for?”
Rule 3: Invest in Cybersecurity Early
Device lock is only as safe as the system behind it. Victor warns: “If a customer doesn’t protect system access, someone could lock devices unfairly. That’s very dangerous.”
Why it matters: The most common risks aren’t technical flaws in the lock software—they’re weak internal controls. An employee with stolen credentials or poor access management can wreak havoc.
Checklist for Teams:
Do you enforce role-based access controls for lock commands?
Are audit logs reviewed regularly for suspicious activity?
Have you assigned a dedicated person responsible for security operations, even if you’re a startup?
Rule 4: Build Transparency Into UX
When a Southeast Asian lender shared explainer videos with borrowers before contracts, customer support tickets about device locking dropped to zero. In contrast, opaque interfaces in other markets triggered complaints, bad press, and regulator warnings.
Why it matters: UX is not cosmetic—it’s compliance. Respectful reminders, partial locks (with emergency access), and clear explanations show regulators you’re balancing repayment with user rights.
Checklist for PMs:
Does the lock screen explain why the device is locked and how to fix it?
Is emergency access preserved (calls, healthcare, basic connectivity)?
Are escalation steps proportional (reminder → partial restriction → full lock)?
Rule 5: Treat Privacy as Your Advantage
In Victor’s words, “Privacy is actually one of the foundations of device locking.” Done right, privacy isn’t a constraint but a differentiator. Companies that get it right expand access to new borrowers, build loyalty, and avoid regulatory crises.
Checklist for Leaders:
Is privacy built into your value proposition?
Do you show regulators proactive safeguards (consent, localization, minimization)?
Are you prepared to communicate privacy as a competitive edge, not a compliance checkbox?
The Discipline of Trust
Device lock is a discipline tool, but it must never feel like punishment. When lenders communicate openly, align internally, protect systems, and design user-friendly experiences, they transform a risky technology into a foundation of trust.
The choice is stark: treat device lock as a blunt instrument, and you risk losing licenses, customers, and reputation. Treat it as a carefully balanced playbook, and you unlock repayment discipline, inclusion, and long-term growth.
This guide is part of our Device Lock & Privacy series. For global benchmarks and regulatory lessons, read our full article: Device Lock & Privacy