By: Jeff Kauflin and Eliza Haverstock
Fraud is a growing issue for fintech companies, as bad actors are doing everything from stealing identities to exploiting the slow U.S. bank-to-bank transfer network to siphon off money. The problem has gotten so bad that some fintechs, including investment service Betterment and digital banks HMBradley and One, have temporarily banned transfers from other digital banks for fear of being on the hook for a fraudulent transaction.
Forbes has learned that Robinhood, the dominant free stock trading app with 22 million active users, has become the latest fintech to ban transfers from a specific list of institutions as a blunt tool for fighting fraud. In a statement to Forbes, a spokesperson confirmed: “Robinhood prevents transfers from routing numbers that display a high pattern of return and fraud rates.” (Routing numbers are the bank identification numbers used by the bank-to-bank transfer system in America.) “It is a standard practice to prevent transfers from institutions that are sources of sustained levels of fraudulent activity, whether digital banks or traditional banks,” the statement continues. “When Robinhood and other financial institutions take the step to prevent transfers from a particular routing number, it’s because the fraud problem originates at that institution.”
Robinhood declined to disclose the specific institutions on the list, but Forbes has learned that it contains a wide variety of banks, including a heavy concentration of neobanks and the moderate-sized banks they partner with, plus a small number of large, traditional brick-and-mortar institutions. Some of the names on the list include: LendingClub; Ohio-based Sutton Bank (one of the partner banks that Square’s Cash App uses to store customer deposits); Tennessee-based First Century Bank (one of the partner banks for PayPal’s Cash Card); prepaid card issuer and digital bank Green Dot; New York-based Metropolitan Commercial Bank (the partner bank for digital bank Current); and Iowa-based Lincoln Savings Bank (one of the partner banks for fintech apps such as Cash App and Acorns). Pittsburgh-based PNC Bank–the nation’s seventh largest bank by assets–and its subsidiary BBVA are also on Robinhood’s banned list, Forbes has been told.
LendingClub, First Century Bank, Green Dot, Metropolitan Commercial Bank and PNC Bank didn’t respond to Forbes’ requests for comment. A Sutton Bank spokesperson says, “the fraud rates we experience across our programs are in line with or below industry averages” and that ACH returns (when a transaction fails because the customer doesn’t have enough funds in his or her account) are more likely the culprit. PayPal says it has never had an integration with Robinhood. Lincoln Savings Bank says it has no knowledge of such a ban, and that it hasn’t heard any complaints from customers.
The slow speed of America’s bank-to-bank transfer network makes certain types of fraud possible. Since transactions can take days to settle, people can move money from one account to another and then withdraw the same funds from both accounts while a transfer is in process–that’s why some fintechs are afraid to accept transfers.
Many financial institutions have lists of banks whose customer deposits they view as higher risk, and they apply extra scrutiny to transactions with those institutions. But outright bans on transfers are unusual and reflect the difficulty some fintechs have had controlling fraud.
Robinhood’s ban comes as it grapples with a variety of troubling security issues. In early November, the brokerage disclosed a breach that exposed personal data of roughly seven million users to hackers that demanded an extortion payment from the company. (Robinhood wrote in a blog post that it “contained” the hack, and said there was “no financial loss to any customers” as a result of the incident.) And this summer, Robinhood reported that its provision for credit losses for the first half of the year surged 54%, largely due to increased fraudulent activity.
Tommy Nicholas first encountered Robinhood’s ban last month when he tried to move money from his personal digital bank account (he declined to say where) to Robinhood. The brokerage app abruptly rejected it, even though he had been moving funds between the two institutions without issue for three years. This naturally piqued Nicholas’ interest, since he’s the cofounder and CEO of Alloy, a startup whose software helps fintechs to prevent fraud and to comply with “know-your-customer” regulations (aimed at controlling money laundering, tax evasion and other illicit activity).
“Banks and fintech companies are banning deposits and transfers from fintech companies at a rate I’ve never seen before,” Nicholas tweeted after the experience.
A wide range of factors have contributed to the problem fintechs are now having controlling fraud. One is that startups aim to have a “frictionless” signup process, where it’s quick and easy to join, making them a tempting target for scammers. Another is that fraud is on the rise everywhere—fraud attempts on merchants rose 140% in 2021 compared with 2019, according to LexisNexis. Nicholas thinks one of the biggest causes of digital banks’ outsized fraud problem is simply their young age. Since they’re new and fast-growing, they have a larger concentration of new customers. And at any financial institution, new customers have a higher propensity to commit fraud than long-standing ones.
In early December, Forbes reported on merchants like Avis and Holiday Inn rejecting digital bank cards over fraud concerns, but fintechs blocking each other presents a different and potentially bigger challenge. So far, the total amount of transfers being blocked by fintechs isn’t large, Nicholas says. And a Robinhood spokesperson says that only a “single-digit percentage” of its users have been affected by its fraud-prevention bans—which means up to 2 million customers could encounter the block. Yet if the practice continues to spread, digital banks’ brands could well suffer, as consumers won’t want to rely on a banking service that isn’t accepted by other apps for money transfers. In a blog post describing the challenges for fintechs, Nicholas writes: “The calculation used to be customer acquisition cost vs. lifetime value vs. fraud risk. Now, your institution’s reputation at the network level determines what your users can and can’t do. It’s no longer in each institution’s control.”
If bans between digital banks become common and long-lasting, all the startups could suffer, Nicholas says. That, he warns, could tilt the playing field further in incumbents’ favor and discourage entrepreneurs from starting new neobanks.
“Fewer fintech companies means less innovation and less competition, which negatively affects the consumer, especially those underbanked or niche populations who may want something that traditional banking institutions aren’t providing,” Nicholas writes. For example, Chime has attracted millions of customers partly because people can use it like a regular bank. It has helped lower-income Americans avoid monthly and overdraft fees and has pushed the entire banking industry to reduce or remove fees, with Capital One being the latest established bank to eliminate overdraft fees.
If blanket bans aren’t the right approach, what is? Nicholas believes companies can do more to identify each specific type of fraud they see–there are many ever-changing varieties–and deploy custom tactics to combat each one, such as requiring users to submit more documentation or a valid phone number to complete a transaction. He also thinks fintechs need to collaborate more: “We all win by lowering the fraud risk of the entire ecosystem, but the growth mindset of the last five to ten years has lacked the incentives for deep collaboration at almost all levels. There are efforts underway to correct some of this, but I think more needs to be done.”
Credit: Source link