The numbers never lie?
By Liudas Kanapienis, CEO and co-founder of Ondato
Startup valuations are under the spotlight right now. Massive inflows of VC funding in 2021 drove certain sectors — particularly crypto and fintech — to new heights. Pitchbook reported that valuations reached record levels across the board — early stage startups to late stage step ups.
The landscape has changed now, of course. It’s not the bloodbath that some commentators are suggesting, but global venture funding in May 2022 totaled $39 billion, according to Crunchbase, the lowest level since November 2020, and well below the $70 billion peak in November 2021.
With sobriety returning to the VC party, perhaps now is the right time to question valuations pegged to user adoption rates, which are then extrapolated to predict scalability and potential profitability.
The fake account crisis
Adoption rates are based on hard data, right? You either have a customer, or you don’t.
Not so fast. Twitter is not the only one under pressure for fake accounts right now. Recent admissions by Paypal and several neobanks that their customer numbers contain large percentages of fakes support the argument that accounts mean customers look distinctly dubious.
It’s hardly a new problem. As part of the clean out operations after the banking crash, Wells Fargo Bank was estimated to have had 3.5 million fake accounts. It was fined $185 million in 2016 by the US Consumer Financial Protection Bureau (CFPB) and in 2020 agreed to pay another $3 billion to settle various civil and criminal suits.
More recently, in February 2022 PayPal was forced to disclose it had 4.5 million “illegitimate” or fake accounts on its network. The company blamed gaps in its customer acquisition strategy.
What are scammers doing when they open fake accounts?
The motivations behind fake account openings can range from organized crime syndicates seeking to launder vast amounts of money, through to individuals with what they see as a clever side hustle to make a bit of extra money.
At the upper end of the spectrum, the syndicates might be using “synthetic identity fraud”, which deploys a combination of real and fake personal information to open fake accounts. Fraudsters combine a stolen social security number, for example, with a fake name, date of birth and address to create a new identity. They can then use the “Frankenstein ID,” as it’s sometimes called, to commit various frauds.
Using automated scripted bot attacks, they can open multiple accounts quickly. They program bots to complete account opening processes at fintechs and banks using the stolen data. This part usually happens with no human interaction.
The bad actors then have various options, including check deposit fraud, Automated Clearing House fraud, dispute abuse fraud, collection of account opening or referral incentives, money laundering, and even crimes like human trafficking. If a financial institution sees a spike in account opening, it’s almost guaranteed that attacks on the payment services will begin.
One category of scams that afflicts neobanks, particularly, is account opening or referral bonus abuse. PayPal, for example, offers its UK customers £50 for five referrals. Neobanks have to grow quickly to placate investors. One way to do that is to offer a bonus to any existing customer who recommends a friend who then also opens an account. Banks and FinTechs might underestimate the effort a scammer will go through just for a £10 incentive, but the fraud can be automated and repeated over and over.
Buy now, pay later (BNPL) players with “zero fraud chargeback” policies may also experience issues as they accept the risks of fraud on behalf of merchants — leaving BNPL companies to foot criminals’ bills in full.
Time to address the whole problem
Nobody is pretending that it’s easy for banks and other financial institutions to get completely on top of this situation. Resorting to aggressive monitoring of customer accounts can lead to unnecessary account closures and a backlog of appeals. In 2020 Resolver, a UK-based online complaints resolution service said it had received more than 8,100 complaints over the previous three years against the four main digital banks: Monzo, Revolut, Starling and Pockit. According to data from the UK’s Financial Ombudsman, almost 1,400 complaints were made against Monzo in 2020, while 1,586 were brought against Revolut.
However, the scale of fake accounts is perplexing in a world where huge amounts of time and energy are devoted to rigorous customer identification, or Know Your Customer (KYC).
The technology exists to accurately vet any customer and interrogate the sources of their funds. However, what’s happening is an arms race between scammers and financial organizations, with the scammers usually one step ahead. There’s no point looking for a magic bullet solution as, even if it existed, it would soon be out of date.
While there is much that technology can do to eliminate the worst issues described here, what’s actually needed is not the latest wonder tech, but systematic automation of processes and integration with existing (or preferably upgraded) workflows. And yet, this does not seem to be happening, largely because KYC is not being looked at holistically, as a systems approach. Great KYC technology will only be as good as the rest of your onboarding process.
With VC valuations pegged to customer numbers, it’s time to get on top of fake accounts with a holistic approach to KYC and to make sure these numbers reflect reality.
About the author
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.