Apple & Google's App Stores Pose A Risk To Users. The CFPB Should Regulate Them.
Apple & Google's App Stores Pose A Risk To Users. The CFPB Should Regulate Them.
Why I Invested in Knot, Apple Pay Later Details Emerge, Goldman Card Ambitions Dim, Fintech Funding Hits 2-Year Low
Hey all, Jason here.
Wow — I’ve been really humbled by the reception to my first research report. Really appreciate the input, feedback, and support from across the fintech and banking community. It really wouldn’t be possible to do what I do without it!
If you missed it last week, you can get a bit of a preview here or go ahead and get the full report.
Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday:
Fight Fraud ⚔️ Get a Yeti
Sponsored content: Today’s risk and compliance leaders are under pressure: Increasing fraud volume, shifting fraud schemes, and economic uncertainty in 2023...time for Fraud Fighters to survive AND thrive!
Learn how Unit21 can help make risk & compliance teams more efficient so you can focus on fraud prevention and AML, not engineering.
Take a Unit21 demo—Get a Fraud Fighters Yeti Mug.
We’ll be live at Fintech Meetup March 19-22 talking fraud prevention and handing out Yetis. Meet us there!
Not attending Fintech Meetup? No problem. Take a virtual demo and we’ll ship the Yeti to you 📦.
Apple & Google’s App Stores Pose A Risk to Consumers. The CPFB Should Regulate Them.
While probably less true for readers of this newsletter — surely not a representative sample of the general population — many consumers’ primary means of discovery of and interaction with financial services is through their phone.
This is even more true for lower-income and minority users, who are more likely to depend on their phone as their primary or only means of accessing the internet.
Services like TikTok and YouTube are flooded with self-proclaimed financial advice gurus and “influencers” of widely varying quality — who often suggest products and services from companies that may be sponsoring them or profit through affiliate arrangements, which may or may not be properly disclosed as required by law.
If TikTok and YouTube are home to a new generation of financial self-help influencers, Facebook/Instagram and Google Ads remain mainstays of financial services’ direct response advertising strategies.
And while these platforms do have policies governing what products can be marketed and how advertisers can target users, especially for credit products that fall under ECOA, those policies are often ignored or evaded.
Whether influencer or traditional ad, the most common call to action directs a user to the Apple App Store or Google Play Store to download and install an app. In fact, Google and Facebook make it easy for advertisers to optimize for this, by letting them bid on a “Cost per Install” basis.
Affiliate marketing programs, a common monetization strategy behind the kinds of influencer content that turns up on social media and YouTube, also typically enable advertisers to pay on a cost per install basis.
Apple & Google Aren’t Tending Their Walled Gardens
If ad networks and social media are somewhat of a wild west (sorry for the tired metaphor), Google and Apple make great efforts to portray their app stores as tamed, walled gardens.
Apple in particular has leaned in to “user safety” positioning as a way to justify its control over what apps are permitted in its app store and on to its devices. Apple has described its app store as “the world’s most trusted marketplace for apps.”
An Apple spokesperson told the Washington Post that “[u]ser trust is at the foundation of why we created the App Store, and we have only deepened that commitment in the years since.”
In theory, Apple has robust policies and review practices to uphold that commitment to user trust, as does Google.
Apple’s policies when it comes to financial services are surprisingly sparse and generally non-specific, with a couple notable exceptions. Its policies do lay out specific requirements for crypto-related apps, including requirements that exchanges be appropriately licensed in the jurisdictions in which they are offering services and that ICOs (remember those?) be offered only by “approved” financial institutions and comply with “applicable” law:
“(iii) Exchanges: Apps may facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered only in countries or regions where the app has appropriate licensing and permissions to provide a cryptocurrency exchange.
(iv) Initial Coin Offerings: Apps facilitating Initial Coin Offerings (“ICOs”), cryptocurrency futures trading, and other crypto-securities or quasi-securities trading must come from established banks, securities firms, futures commission merchants (“FCM”), or other approved financial institutions and must comply with all applicable law.”
Apple’s policies also specify that apps offering contracts for difference, forex, or other derivatives must be licensed where they offer services…
“(viii) Apps that facilitate binary options trading are not permitted on the App Store. Consider a web app instead. Apps that facilitate trading in contracts for difference (“CFDs”) or other derivatives (e.g. FOREX) must be properly licensed in all jurisdictions where the service is available.”
…and requires apps offering loans to display a max APR and prohibits those with APRs higher than 36% and those that require full repayment in fewer than 60 days (but, strangely given the above, no requirements about licensing):
“(ix) Apps offering personal loans must clearly and conspicuously disclose all loan terms, including but not limited to equivalent maximum Annual Percentage Rate (APR) and payment due date. Apps may not charge a maximum APR higher than 36%, including costs and fees, and may not require repayment in full in 60 days or less.”
Apple, Google Fail To Enforce Own Policies Or Protect Users From Potentially Deceptive Apps & Scams
Despite these policies and Apple’s stated dedication to protecting users, its app store is rife with offerings that would appear to obviously flout the requirements:
As well as enabling apps that are arguably deceptive in how they’re positioned and marketed, like Tellus:
Companies that are operating without legally required licenses and are under cease and desist orders in some jurisdictions, like SoLo Funds:
And apps that have been cited by regulators for potentially deceptive practices and appear likely to be an outright scam or Ponzi scheme, like Zera Financial:
CFPB Has Right To Regulate Nonbank Firms That “Pose A Risk” To Consumers
The app stores are not themselves “financial” companies, but are merely “platforms” to connect users with companies’ apps. How could they fall under the CFPB’s supervisory jurisdiction?
Dodd-Frank clearly authorizes the CFPB to supervise several categories of institutions, including (1) banks with more than $10 billion in assets and their service providers; (2) all entities in the mortgage, private student loan, and payday loan industries, regardless of size; (3) and “larger participants” in other nonbank markets, include entities like credit bureaus, student loan servicers, remittance providers, and so on.
The CFPB also has authority — which it has never invoked — to supervise “nonbanks whose activities the CFPB has reasonable cause to determine pose risks to consumers,” where “risks” could involve, “for example, potentially unfair, deceptive, or abusive acts or practices, or other acts or practices that potentially violate federal consumer financial law.”
There is a strong argument to be made that the CFPB could use this authority to bring Apple and Google’s app stores under its supervision:
(1) It is quite clear that the companies offering access to their services through Apple and Google’s app stores are “covered persons” as defined by the Consumer Financial Protection Act: “any person that engages in offering or providing a consumer financial product or service.”
(2) Further, a reasonable argument could be made that operators of app stores are “service providers” to the companies providing financial services, where the CFPA defines “service providers” in part as “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.”
(3) If, as service providers and thus “covered persons,” Apple and Google’s app stores can be considered to pose a risk to consumers, the CFPB could bring them under its supervisory authority, as the CPFA (emphasis added and spacing adjusted):
“authorizes the Bureau to supervise a nonbank covered person when the Bureau has reasonable cause to determine, by order, after notice to the person and a reasonable opportunity to respond, that such person is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.
The Bureau is authorized to, among other things, require reports from, and conduct examinations of, nonbank covered persons subject to supervision under section 1024.”
Such supervisory authority would permit the CFPB to (spacing adjusted):
“supervise nonbank covered persons subject to 12 U.S.C. 5514 of the Dodd-Frank Act for purposes of:
(1) assessing compliance with the requirements of Federal consumer financial law;
(2) obtaining information about such persons’ activities and compliance systems or procedures; and
(3) detecting and assessing risks to consumers and to markets for consumer financial products and services.”
Based on Apple and Googles’ enablement and distribution of apps that violate the companies’ own policies, lack legally required licenses, may be deceptive, or may be outright scams, a convincing case could be made that their conduct “poses a risk” to consumers.
Why I Invested in Knot
[disclosure: If it’s not obvious from the headline, I do have a financial interest here. This post is not directed to any investors or potential investors, and does not constitute an offer to sell, or a solicitation of an offer to buy, any securities, and may not be used or relied upon in evaluating the merits of any investment.]
I am not a venture investor, by training nor by profession.
But I do get a fairly unending stream of startup pitches — often from young, first-time founders.
The quality of pitch and plausibility of building a viable business tend to be all over the map, from sometimes obviously illegal to inspiring but without clearly viable economics to likely workable products that suffer from a small TAM.
That’s what made it all the more refreshing when the Knot team demoed their product for me — it’s the only time I’ve seen an early-stage startup pitch and come away thinking, “This is obviously a great idea, solves a real problem for consumers and financial institutions, and has huge market potential.”
Consumers’ Ever-Changing Payment Card Details
There were over one billion credit cards and more than 330 million debit cards in circulation in the United States as of 2020.
It’s estimated that over 20 million new credit cards were issued in 2021 (and that doesn’t include replacement cards for existing accounts.) And a further 165 million debit cards are issued each year — including for newly opened accounts and reissued cards due to loss or theft, expiration, and data breaches.
This all results in consumers juggling what feels like ever-changing payment card details.
The Problem: Updating Card on File Information Is High Friction
Businesses, particularly in the ecommerce space, enable users to store their card information — for their “convenience,” which boosts merchants’ conversion rate and customer stickiness.
In fact, many services require storing/linking a payment card — think on-demand services, like Uber or Instacart, but also subscription services, like Netflix or Spotify.
With the proliferation of apps and services, this can result in a consumer having payment card information stored in potentially dozens of places — which is convenient when it works, but if (really, when) that payment card is replaced, whether because it expired, is lost or stolen, or just because a user’s preferences have changed, that user now needs to update information across numerous merchants.
For merchants, out-of-date card information results in lower conversion rates and higher rates of cart abandonment in ecommerce transactions. For subscription services, failed card payments can result in the interruption of services and cause users to churn.
And, perhaps most relevant, for card issuing financial institutions — whether “fintech” or bank — is the battle to get and keep “share of wallet.”
For existing cardholders, the need to update stored payment information when card details change is a friction point that can cause lost card spend, if users fail to update their card info or if they do update card info, but choose to use a different card.
For newly opened accounts, convincing users to shift spend to a new card can be a challenge. Many issuers, particularly in the credit card space, rely on expensive bonus and rewards schemes to incentivize use in the first several months, hoping that will translate into a enduring — and ultimately profitable — customer relationship.
The Solution: Knot
For consumers, Knot solves this pain point, by automating the process of updating stored card credentials.
Users simply select at which merchants they want to update their payment card information, provide account credentials, and Knot does the rest.
Merchants benefit from having up-to-date card info, reducing failed payments, cart abandonment, and user churn.
Card issuers — both debit and credit — stand to benefit in multiple ways. For cards users already hold, issuers can leverage Knot to ensure when a user’s card information changes, they can seamlessly update it at the merchants they spend at most frequently.
For newly opened accounts, issuers have a unique opportunity to win share of wallet from other payment methods. By simplifying the process of updating stored payment information, financial institutions can capture a user’s high-spend merchants, like Amazon, and frequent spend categories, like Uber.
Knot helps issuers boost card activation and utilization and reduce card churn — potentially boosting customer ARPU/LTV significantly.
In addition to its card-on-file switcher, Knot also offers subscription canceling (comparable to TrueBill, acquired by Rocket Companies for $1.275 billion) and is expanding its third-party account management capabilities (password changing, account creation, etc.)
Accelerating Traction
The companies Knot is pitching seem to clearly recognize the same potential I do, given the traction the company is getting.
With numerous clients already signed for its core card switch and subscription canceling products, the company has already demonstrated robust product/market fit. And with 40+ more sales prospects in the pipeline — including popular fintechs and traditional financial institutions — Knot’s traction is accelerating, despite fintech’s more subdued recent market dynamics.
If you want to learn more about the company, you can schedule a demo or ping me by replying to this email, and I’m happy to introduce you.
Apple’s BNPL Feature, Apple Pay Later, Nears Launch
Bloomberg’s resident Apple whisperer Mark Gurman is reporting that Apple Pay Later, Apple’s delayed BNPL offering, is in internal beta in preparation for a public launch.
Apple is in-sourcing significant capabilities required to offer the product, though it still needs to partner with Goldman Sachs and Mastercard for access to card payment rails.
Per the Bloomberg report, “[w]hen customers sign up, they’re asked to give an amount they would like to borrow and then the system comes back with an approved total — similar to the Spending Power feature for American Express cards.” Test users report being approved for amounts up to $1,000.
Offers would expire after 30 days — a prudent risk management step, though one that may trigger a requirement to send users a notice of adverse action (NOAA).
Apple will incorporate a variety of its proprietary data to assess users’ creditworthiness, including their spending history, what Apple device they own, if they’ve applied for an Apple Card, and what payments cards they have linked to Apple Pay.
Apple may also require users to upload a copy of their government-issued ID, full social security number, and/or two-factor authentication of their Apple account.
Still, a number of elements remain unknown — will Apple use credit bureau data to underwrite the product? Will it furnish data back to the credit bureaus? What about a potential integration with mobile driver’s licenses (mDLs), in the few states where they are live? How will it handle servicing and especially defaults and collections
Apple, long known for its friendly customer service and pro-privacy stance, may find it has a minefield to navigate once it starts loaning money to its customers.
Goldman Trims Credit Card Ambitions
Two small bits of news emerged about Goldman’s dimming consumer ambitions last week.
CNBC’s Hugh Son is reporting the firm has dropped plans for a direct-to-consumer credit card of its own. It makes enough sense that, at one point, given the resources Goldman invested in building (and buying) the infrastructure for Apple Card, that it would have contemplated launching a card under its own Marcus brand.
However, given the substantially slimmed down ambitions for the bank’s own consumer offering and pivot to a “platform” strategy, this news isn’t too surprising.
But the pivot to “platform” also looks to be hitting some speed bumps. The Wall Street Journal is reporting that Goldman has pulled out of co-brand discussions with T-Mobile (we previously covered here) and Hawaiian Airlines (emphasis added):
“Goldman decided to walk away from the discussions in recent weeks, the people said, in large part because of concerns about rewards costs and other expenses. T-Mobile was also concerned about moving forward with Goldman, some of the people said, as the bank is rethinking its consumer ambitions.”
Instead, Goldman seems satisfied to focus on leveraging its existing partners, Apple and GM, and its GreenSky platform to drive additional business to the firm.
Fintech VC Funding Volume Hits Two Year Low: FT Partners Monthly
Announced fintech deal volume in January dipped to $2.6 billion — the lowest monthly total in years. The count of deals rebounded slightly from December — bearing out that earlier stage and smaller rounds are still getting done:
While the decline in aggregate financing volume may look dire, when you zoom out and look at a longer timeline, it starts to look more like reversion to the mean after an incredibly frothy 2021/early 2022:
Other Good Reads
What’s the Difference Between Fraud and Scams? (Fintech Takes)
Are Amazon, Google, and Microsoft Too Powerful in Cloud Banking? (Ron Shevlin/Forbes)
The Future of Payments (Fintech Brainfood)
Contact Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion — reach me on Signal at +1-316-512-1571
Early stage startup looking to raise equity or debt capital