Solving Fraud in Payments is Harder than You Think.

On the topic of RTP and faster payments... I need to explain that banks are not really for faster payments (see blog here on RTP).

I lauded the UK previously on pushing faster payments top down aka their “open banking” system. But in the beginning, fraud was WILD.

Shell accounts galore, fraudsters abound. TONS of money lost. Consumers saw shit hit the fan and got stressed out too. So in the UK, although they have a “better and faster” system, it's not really as widely adopted as you think and penetration is actually rather low. If you look in the US, we have Zelle which I actually personally use quite a bit. But fraud is also insane as you can see per this wonderful NYT article.

So let's talk a bit more about fraud.

Every year fraud increases - almost $6bn lost to fraud in 2021, representing around 70% growth from 2020. What does this risk look like?

  • credit risk

  • settlement risk

  • AML / regulatory

  • ACH risk

  • fraud risk

Fintechs are risk management businesses at their core. Banks have historically owned fraud management and charged a lot for it.

Obviously differentiation has greatly decreased over time as fraud has been managed down to 3bps (Apple, Amazon, etc.) by newcomers, greatly compressing bank margins (see my post on payments innovation and v/ma). Specialists then emerged like like Cybersource, Digital River. Some integrated offerings to bring a more full stack solution like PYPL, Stripe.

But clearly fraud is rising in other areas. One down, 5 more pop up. RIP.

If you think about it though, no one really stands to win from a perfect bulletproof identity.

The whole point is to manage risk to a very low level, but not really get rid of it because how are you supposed to make money? Banks are INSANELY profitable businesses. Goodbye interchange fees, drive down margins, and give away data to third parties? Are you kidding me?

Clearly there's an inherent conflict of interest here.

So banks really are in it to keep things they way they are. The way it's been since the 70s and before. Because they know exactly how to manage it and improve incrementally within their own control. The system is actually quite ridiculous. So when you make a payment, you gotta go through 500 people like V/MA, issuers, acquirers, and more. Just to buy some coffee. Hello??? But all of this power aggregation is because companies that are not banks don't really have risk management and data gathering capabilities themselves.

Good fraud management takes a lot of data. Underwriting can't be done on a month of data... hence why banks hold that much power in this system.

If you look at consumer behavior too as I mentioned above, bad press on your money not being recoverable if you send it in 0.01 seconds to someone else really destroys consumer confidence. Then the “annoying amount of time it takes for money to settle, for balances to be checked, and for money to move around” suddenly becomes a positive, because it's a buffer. Ultimately when shit hits the fan, you care more about your potential losses rather than your potential tiny gains of sending money faster.

Frankly, most consumers don't actually need money to move around faster.

Banks and “older” companies have come together to create systems like Early Warning (owns Zelle) to better manage risk and improve the ecosystem. But to really have some sort of accepted, KYC'd ID... this means sharing data - not gatekeeping it within entities. So this may create some conflicts in terms of letting consumers know that 50000 more entities will have access to their KYC information or businesses for KYB.

Pushing trust out like that is hard.

From the banks' POV, they then would have to charge less for the data they hold because everyone has it... so less money for them.

You can see why it is hard to create some sort of universal ID.

So, at the end of the day though there is no “universally accepted” standard for fraud control despite companies pushing from below and Early Warning pushing from above. Everyone kind of has their own system and most of it pools with banks because they can control which merchants they want to work with (usually more reliable ones but fintechs have popped up to underwrite higher risk ones).

The best and hardest solution is to collaborate. But historically... that has not really happened / made sense for anyone to do.

It's hard for new fintechs to sell fraud management because ultimately banks do not own the risk and the relationship so they feel uneasy. That's also another cost line for banks. But at the same time banks are threatened by fintechs hence why their RTP system and FedNow systems are like little baby steps forward to show the ecosystem that they're trying.

So... very roundabout way of saying I do not have the answer. BUT here is a summary.

Main problems

  • Customers don't REALLY need modernized payments rails, they care about the experience. RTP is not the “answer”

  • Incentives are all misaligned

    • merchants, banks, consumers, fintechs/companies

    • maybe it will take a universal ID like Authentify but will it get pushed out / actually be able to have updated data?

    • maybe it will come from an Apple/Google/PYPL because honestly they own the customer relationship (and sometimes merchant if you're PYPL) and can effectively underwrite themselves

  • What is the best business/revenue model? Thinking of all those at the bottom of the chain that are just competing on price tbh (Jumio, etc.)

THE PIE IS SEEMING RATHER ZERO SUM RIGHT NOW! Energy needs to be more "let's grow the pie together :D"

Is collaboration too far fetched?