Hindenburg Crashes Into Cash App, But Report Lacks Context; 42% Of BNPL Users Overdraw Their Accounts
SEC Charges Lindsay Lohan, Lil Yachty for Illegal Crypto Promotions; President's Economic Report Takes Dim View of Crypto; CFPB Wins Funding Challenge in 2nd Circuit
Hey all, Jason here.
It took me a couple days to recover from my jet lag, but it was worth it for the first in-person Fintech Meetup event in Las Vegas! Amazing chance to catch up with industry folks, attend some thought-provoking sessions, and make new contacts. Huge congrats to the organizers on a successful event.
In less than a month, I’ll be headed back stateside for NY Fintech Week, where I’ll be hosting a “Masterclass” at the Empire Fintech Conference with Cable co-founder Katie Savitz — info and tickets here. I’ll also be hosting a happy hour and panel discussion on the topic, What’s Next for Baas? — info and waitlist here.
Lastly, next week, I’ll be joining Unit21 for a webinar discussion on real-time monitoring strategies for fraud detection and prevention — details and registration👇
Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday:
CashApp, Zelle, FedNow, Oh My! 💸 🤑
Sponsored content: According to Juniper Research, online payment fraud is expected to reach $48 billion by 2023, up from $22 billion in 2018 due to the rise of real-time payments and fast fraud.
In summary: Faster payments = faster fraud.
Unit21 is hosting a live session featuring industry experts (like Jason Mikula!), to discuss the latest trends and risks in real-time payments and fast fraud, along with the top fraud prevention strategies.
📅 Join us this Thursday, March 30th for “Fraud In the Fast Lane: Real-Time Monitoring Strategies All FIs Should Know”
Join this session to learn how to mitigate fraud risk using real-time monitoring across a variety of fraud scenarios.
Short Seller Hindenburg Research Takes Aim At Cash App, Alleging High Rates of Fraud, Compliance Gaps — But Skips Critical Context
Short seller Hindenburg Research — yes, it’s named after that Hindenburg — dropped what can only be described as a salacious report about Block (formerly Square), focusing primarily on its Cash App p2p payment app, but also touching on Afterpay, the BNPL company it acquired for some $29 billion.
It’s worth reading the report in its entirety, but, before you do so, remind yourself of the context of who is publishing it and why: as Hindenburg holds a short position in Block, its explicit goal is to make a case that Block is overvalued and to drive down the company’s share price.
The report isn’t intended as some kind of impartial journalistic, academic, or legal analysis of the company — and it certainly doesn’t come across as that.
What Does Hindenburg’s Report Argue?
While the overarching theme is that Block, with a market cap of about $45 billion before the report was published, is overvalued, Hindenburg makes a fairly sprawling and somewhat disjointed set of claims.
The core of its argument basically boils down to suggesting that Block knowingly had and tolerated inadequate fraud screening and prevention measures, as this helped boost the number of “transacting active users,” enabled it to report a lower cost of customer acquisition, and boosted revenue growth — particularly as billions of dollars in aid was hastily disbursed during the height of the pandemic.
Other allegations and critiques made in the report include:
Cash App intentionally avoided regulatory compliance to minimize friction in its user onboarding
By only requiring an email address or phone number + ZIP code, Cash App knowingly allows users to create numerous duplicate accounts — boosting Cash App’s metrics at the expense of enabling fraudulent activity
Cash App has “embraced one traditionally very ‘underbanked’ segment of the population: criminals”
Cash App failed to ban accounts that were clearly linked (by SSN, email, phone, device ID, etc.) to others that were blacklisted for fraud or suspicious activity
Cash App is highly reliant on its “instant deposit” feature for revenue, which is a tablestakes feature for which Cash App charges more than competitors
Despite Cash App parent Block having $31 billion in assets, it avoids Durbin amendment-mandated interchange caps by working with Sutton Bank, a practice which may be under SEC scrutiny
BNPL unit Afterpay was designed to avoid responsible lending regulations in its native Australia, carries late fees that reach an equivalent of 289% APR, and is seeing delinquencies and losses rise
Growth in Cash App users and funds flowing into the platform has slowed considerably
Block has significant share-based compensation expenses and increasingly relies on non-GAAP adjustments to show profitability
Block’s stock trades at a 60x EV/EBITDA multiple and a 40x forward P/E ratio, substantially higher than market comps
As evidence of the above, the report cites interviews with former employees, documents stemming from state FOI requests, product analysis, and anecdotal and quantitative evidence — though the analysis lacks key context.
Anecdotally, the report leverages a thinly veiled dog whistle that “Cash App” appears in hundreds of hip hop songs, including one where a rapper references paying for a hitman with Cash App. It also cites references in legal proceedings and court filings to Cash App being used in drug dealing, child pornography, and sex trafficking transactions.
The report also demonstrates the ease with which accounts with bogus names can be created and used, with the authors creating and conducting transactions with accounts that purport to belong to “Donald Trump” and “Elon Musk.”
On the quantitative side, Hindenberg leverages data obtained from state freedom of information requests to show the absolute amount of funds states attempted to recoup from Cash App’s partner bank, Sutton, were disproportionately high compared to its number of accounts and transactions.
What’s Missing From Hindenberg’s Report: Context
The most important thing missing from Hindenberg’s analysis?
Every financial services company, and ecommerce company, for that matter, has seen fraud increase substantially in recent years, particularly during the height of the pandemic.
According to the FTC’s 2023 Consumer Sentinel Network report, fraud, identity theft and other complaints have seen a steady rise since 2010, growing substantially during the pandemic:
Cash App is hardly the only consumer financial platform to see elevated rates of fraud, with numerous consumer complaints, media reports, and government scrutiny of other p2p payment apps like PayPal-owned Venmo and bank-owned Zelle.
In fact, PayPal had to acknowledge it removed some 4.5 million accounts that were driven, in part, by a bonus referral scheme that incentivized fake account creation.
Zelle, operated by bank-consortium-owned Early Warning Services, has received frequent criticism from Congress and consumer protection regulators for failing to protect users from scams and fraud and refusing to reimburse them.
While an imperfect data source, an analysis of Google search data suggests that, while users have historically searched more frequently for “Cash App scam,” Venmo and Zelle aren’t far behind:
As external observers, it borders on impossible to quantify the rate of fraud and scams on Cash App vs. other peer-to-peer payment platforms.
And it’s not just the p2p payment apps that have been vectors for fraudsters.
Digital banking apps, both “neobanks,” like Chime, and chartered institutions, like Green Dot, have come under scrutiny for potentially inadequate KYC/AML and fraud prevention practices that may have facilitated financial scams and crime.
Friction vs. Fraud
A fundamental trade off for any digital platform — whether p2p payment app like Cash App, digital banking app, like Chime or Green Dot (or Chase), or ecommerce platform — is between “friction” and fraud.
Customers have come to expect seamless digital experiences, and UX and marketing teams are incentivized to maximize conversion rates and minimize cost per acquired customer (CAC).
But companies aren’t naive — they understand this trade off. Business analysts understand the need to incorporate the costs of fraud and determine the impact on LTV and overall profitability.
Companies likely could substantially reduce fraud by introducing additional checks — for instance, by requiring users to upload copies of identity documents, take “ID selfies,” pass knowledge-based authentication, etc.
But the vendors necessary to conduct such checks aren’t free, and the additional friction they introduce into customer onboarding reduces conversion rates, which, in turn, increases CAC.
It’s entirely possible Cash App made a calculated decision to tolerate certain levels of fraud on its platform in order to maximize short-term profitability — something you think shareholders would like.
That isn’t to say there aren’t some perverse incentives here, particularly when it comes to feeding at the trough of government benefits.
Unlike fraud perpetrated against lenders, who stand to lose substantial amounts of money, in Cash App’s model, enabling fraud could boost its ARPU and profitability.
Because the majority of Cash App’s revenue is derived from interchange (spending) and instant transfer fees (moving money off Cash App quickly), what the company really cares about and thus is optimizing is the amount of money moving through the platform — regardless of its provenance.
It’s entirely possible — indeed, likely, even — that fraudsters are lower CAC and higher LTV than a real a Cash App customer.
They’re more likely to generate numerous accounts, move large(r) amounts of money, and to want to move that money quickly, incurring a 0.5%-1.75% instant funding fee to do so.
A “Reasonable Belief” In Its Customers’ True Identity?
Section 326 of the PATRIOT Act applies to all “financial institutions” — a broad group that includes banks but also money services businesses, securities/commodities dealers, check cashers, precious metal dealers, casinos, pawnbrokers, and even travel agents.
The provision defines “minimum standards for financial institutions that relate to the identification and verification of any person who applies to open an account,” which require financial institutions to implement reasonable procedures for:
(1) verifying the identity of any person seeking to open an account, to the extent reasonable and practicable;
(2) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and
(3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.
Generally, a financial institution must collect a customer’s name, date of birth, physical address, and government identifier (most commonly an SSN).
While the institution doesn’t necessarily need to verify each piece of information, it must be able to form a “reasonable belief” in the true identity of its customers.
It’s unclear how Cash App’s onboarding process — which requires only a name, email or phone, and ZIP code — is compatible with these requirements (though additional data points, including a full SSN, are required to obtain an associated debit card.)
For instance, I was easily able to create an account for “Vlad Putin” in about a minute and use it to send requests for payment to other users:
And, in fact, Cash App’s UX is designed to make it exceptionally easy for a user to create and toggle between numerous accounts, as seen in my login screen here:
While one can imagine scenarios where a legitimate user would want to open and maintain multiple accounts, any potential benefit of allowing that would seem to be outweighed by the fraud, scam, and abuse that it enables.
But, Is Block Overvalued?
Fraud clearly is a problem on Cash App — as it is on PayPal, Venmo, Zelle and countless other banking apps.
Block could easily introduce additional checks, like requiring additional identity information and blocking users from creating numerous duplicate accounts by requiring unique identifiers, like a Social Security number, to help mitigate this problem.
However, even that mitigation step isn’t as clear-cut as it sounds.
Given most Americans’ PII has been compromised in numerous data breaches, fraudsters can (and do) create accounts using real, stolen information. This presents a (manageable) second-order problem, in which real users are blocked from creating a legitimate account, because fraudsters have already registered one using their information.
Perhaps more than demonstrating that Block is overvalued, Hindenberg’s report demonstrates the pervasive problem of fraud across all of digital banking and commerce — though Cash App does appear to take a particularly cavalier approach to the problem.
While Block certainly has tools at its disposal to better manage fraud, the real missing link here is a digitally-native identity credential that moves away from a reliance on users’ name, date of birth, and Social Security number — information that is deeply compromised.
As far the question of whether or not Block is overvalued, that depends on your basis of comparison. In its report, Hindenberg compares Block to other fintechs like Affirm, Robinhood, SoFi, and Upstart — points of comparison I would argue aren’t the most appropriate.
Block has a mix of businesses: Square (merchant acquiring/lending), Afterpay (BNPL/lending), and Cash App (consumer payments/lending) — and it’s actually a bank, a type of business that is usually evaluated on a price/book and/or ROTE basis.
PayPal is arguably the best public market comparison, though you could draw parallels to other public market companies like Adyen (a bank), Green Dot (a bank), MoneyLion, or Dave.
Evaluated through this lens, Block may look somewhat “expensive,” but hardly wildly out of line with other similar companies:
Have a tip about Block/Cash App? Reach me on secure messaging app Signal at +1-316-512-1571
BNPL Users More Than 2.5x As Likely To Have Delinquent Accounts
Amid the recent chaos in the banking system, an interesting report on consumers’ use of buy now, pay later has largely gone overlooked.
The insights, derived from the CFPB’s Making Ends Meet Survey and additional credit use data sets, shed light on the characteristics of borrowers that use BNPL, though the analysis has some notable limitations.
First, it’s based primarily on survey data — although the report’s focus is use of pay-in-four products, there’s no guarantee that survey respondents accurately distinguished their use of these products vs. longer-term point-of-sale installment loans.
Second, the analysis is descriptive and speaks to consumers at a specific point in time — it is not analyzing or describing causal relationships related to consumers’ use of BNPL.
With those caveats out of the way, here are the most interesting takeaways from the report.
1. A Small Share of Heavy Users
Despite its explosion in popularity during the pandemic, BNPL remains a relatively niche product: just 17% of respondents reported using it at all in the year prior to the survey:
As is the case with other forms of small-dollar credit, like payday loans or overdrafts, a small proportion of consumers — in this case, 3% of respondents — are heavy users of the product and tend to drive a disproportionately large share of revenue and profitability.
It’s worth caveating that, if those consumers are using BNPL instead of other, more expensive credit options, this could be welfare-enhancing for those borrowers. If borrowers are using it in addition to other forms of credit, BNPL could enable them to become even more over-extended and thus be net negative.
With the available data set, it isn’t possible to draw a conclusion on this.
2. Black, Hispanic, Female, and Younger Consumers More Likely To Use BNPL
The report provides a descriptive analysis of demographic groups that are more or less likely to use BNPL.
It finds that renters, lower income, Hispanic, Black, and younger consumers are more likely to use BNPL.
Meanwhile, homeowners, those making above $80,000 annually, male, white, and older consumers are less likely to use BNPL.
These descriptive associations are, on their face, interesting but not terribly surprising.
3. BNPL Users Have Substantially Lower Credit Scores, More Delinquencies Than Non-Users
Again, it’s not terribly surprising that BNPL users have significantly lower credit scores than non-users.
And while BNPL advocates might suggest this data point supports an argument that BNPL provides access to credit to borrowers often locked out of traditional borrowing channels, when viewed in combination with other credit product usage, that doesn’t actually seem to be the case.
In fact, BNPL users reported higher rates of using traditional credit products, like credit cards or personal loans, than non-users. A whopping 95% of BNPL users reported also having a traditional credit product vs. 86% of non-users.
BNPL users also reported significantly higher rates of account delinquency vs. non-users. They were more than 2.5x as likely to report having any product in delinquency, with 7% of non-users reporting an account in delinquency in the year prior vs. 18% of BNPL users having a delinquent account:
4. BNPL Users Report Lower Savings, Higher Credit Utilization Rates
BNPL users also reported significantly lower non-retirement savings than non-users — $3,887 vs. $15,868 — and somewhat less “credit card liquidity” (unused credit limit):
BNPL users carry more credit card and retail debt and consistently have higher credit card utilization rates than non-users:
5. BNPL Users More Likely To Be Subprime, Revolve
Given the above, it’s no surprise that BNPL users are more likely to be subprime, revolve debt on their credit cards, and have higher interest rates on their cards:
6. BNPL Users More Likely To Use Overdrafts, Auto Title & Payday Loans
Finally, BNPL users are substantially more likely to be considered “underbanked,” as they show comparatively high rates of using “alternative” products like payday loans, pawn loans, and auto title loans.
A high share of BNPL users also report overdrafting their bank account — a full 42.8% of BNPL users reported at least one overdraft in the past 12 months, vs. 17.3% of non-users:
While these metrics are surely interesting, it’s difficult to draw any conclusions from them, as they’re descriptive and not causal.
It’s certainly alarming that 42.8% of BNPL users have overdrawn their accounts in the past year and that they show relatively high rates of using payday and pawn loans.
One thing the report does demonstrate is that consumers who choose to use BNPL are heavily indebted across a variety of credit products.
But the data don’t tell you that BNPL is causing this behavior.
In fact, it is possible that BNPL is a net positive for these consumers, even as they struggle to manage their debt load.
The question is if they’re using no- or low-cost BNPL in place of expensive overdraft and short-term loans or in addition to those products — enabling them to become ever more indebted.
SEC Charges Lindsay Lohan, Jake Paul, Lil Yachty For Shilling Unregistered Crypto Securities
In the wake of last year’s numerous crypto disasters and the more recent meltdown of crypto-focused banks Silvergate and Signature, US regulators from across the spectrum have taken an increasingly dim view of cryptoassets.
Last week, the SEC, headed by Gary Gensler, announced charges against crypto-entrepreneur Justin Sun and three of his companies for the offer and sale of unregistered securities.
The SEC alleges that, in addition to offering unregistered securities, Sun and his companies fraudulently manipulated the secondary market for said securities through extensive wash trading.
Also caught up in the case?
“Celebrities” Lindsay Lohan, Jake Paul, Soulja Boy, Austin Mahone, Kendra Lust, Lil Yachty, Ne-Yo, and Akon. The SEC alleges they promoted the dubious cryptocurrencies without disclosing they were compensated for doing so and the amount of their compensation.
Lohan and the other promoters, with the exception of Soulja Boy and Mahone, agreed to pay $400,000 in disgorgement, interest, and penalties to settle the charges, without admitting or denying the SEC’s findings.
Other Good Reads
4D Chess In Card Payments (Nikil Konduru)
The Silicon Valley Bank That Never Was (Zac Townsend/TWIF Signals)
The Silicon Valley Bank Collapse: Fear Mongering and Other Bad Takes (Ron Shevlin/Forbes)
The Most Interesting Conversations from Fintech Meetup (Fintech Takes)
Listen: Barney Frank on His Role in the Banking Crisis (NYT Daily)
About Fintech Business Weekly
Fintech Business Weekly’s Banking-as-a-Service 2023 Market Analysis.
Looking to work with me in any of the following areas? Email me.
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion — reach me on Signal at +1-316-512-1571
Early stage startup looking to raise equity or debt capital