Fintech/Analysis/

Neobanks’ biggest challenge isn’t growth. It’s fraud

PayPal admitted it had found 4.5m “illegitimate” accounts last week. That raises questions of how smaller fintechs are tackling the compliance battle, as fraudsters get smarter.

By Isabel Woodford and Amy O'Brien

It’s not sexy, but it’s the single biggest issue in financial services — the F word, fraud.

PayPal offered a prime example last week, when the financial services giant was forced to disclose it had 4.5m “illegitimate” or fake accounts on its network. The company blamed gaps in its customer acquisition strategy.

It’s a wake-up call for European fintechs focused on hypergrowth too. Neobanks in particular are now facing increased scrutiny over their compliance systems; employed to fight everything from criminal transactions to fraudulent users.

Georg Hauer, a former general manager at N26, says: “Look at challenger banks under the hood. Their anti-money laundering (AML) and financial crime detection systems are the same as traditional banks’… These engines are so inefficient that only 1% of suspicious activity is stopped. Overall, 95% of those [accounts or transactions] flagged are false positives.

“It’s a huge problem for challenger banks… Any [other] system that has a 99% fault rate, you would kick out.”

Compliance crackdown

The last year has seen something of a crackdown on neobanks.

N26 has faced hefty fines for its “weak” AML systems, while Monzo is currently facing its own money-laundering investigation. Revolut’s compliance headaches have also been well-documented, including losing two compliance chiefs in quick succession.

All have since ramped up their compliance systems, often integrating external software to battle the key pillars of KYC (Know Your Customer) and AML (Anti Money Laundering). 

But it’s like plastering over a leak and waiting for the next flood, explains Charlie Delingpole, founder of London compliance startup ComplyAdvantage.

“There are always new areas of attack, and each one is more and more complex,” says Delingpole, whose regtech software services 1,000 clients.

Hiring is one solution — Revolut’s compliance team swelled to 600 people last year. But that’s an expensive price to pay for growth, argues Hauer.

“The challenger banks have had to become stricter. And the only way they currently see to fix it, is to hire more people. It’s insane to have 1,000 people just on that,” he adds, speaking in his new role as COO of Hawk:AI, a compliance startup which relies largely on artificial intelligence.

Others have resorted to hyper-aggressive monitoring of customer accounts, which has led to indiscriminate, unnecessary account closures, creating a large backlog of appeals. Data from the UK’s Financial Ombudsman reveals that ​in 2020, almost 1,400 complaints were brought against Monzo for account closures, and 1,586 were made against Revolut. 

Starling has so far stayed out of the limelight, but declined our request to discuss compliance.

Upset brewing? 

The risk now is that European top fintechs could also be vulnerable to a PayPal-style debacle.

Experts warn that the fraud issue is getting worse as fraudsters are getting smarter.

“It is harder than ever to detect illegal activity,” says Dimitrie Dorgan, a senior fraud specialist at Onfido, the identity verification startup.

One issue is that there are now rings of fraudsters who “create multiple fake identities using data sourced from breaches and fictitious data,” he explains.

Scores of fake accounts then go on to take out loans or abuse sign-up bonuses with third parties, creating a snowball of fraud loss.

Hauer agrees that financial companies are struggling to keep pace: “All crime has a digital transaction. And banks are coming to the fight with sticks, while criminals have lasers.”

Banks are also, frankly, not motivated to fight each individual case; companies are simply required to follow basic compliance rules rather than to pre-empt fraud, explains Hauer, giving fraudsters the upper hand. 

Financial fraud also soared during the pandemic with in-person verification all but removed, explains Delingpole.

“Online verification is not perfect,” he tells Sifted. “There are still many ways of undermining that process. It’s an arms race in that every single component of the value chain… has flaws that can be exploited by fraudsters.”

And while the big neobanks have their work cut out trying to quell the issue with huge teams, Delingpole warns that it’s new fintech entrants which are most likely to face attacks. 

“Fraud gangs will systematically target new fintechs with mechanisms that have worked elsewhere,” Delingpole says. “They can operate internationally and use structural flaws in identity systems or credit reference systems that they’ve seen in others.” 

He cites instances where fintechs experienced 30 people trying to defraud them within 24 hours of launching on the app store.

An expensive bugbear 

Threats aside, PayPal’s compliance breach raises other critical questions. 

For instance, how many of the users reported by European fintechs are fakes or “illegitimate”?

Many fintechs offer “free cash” referral schemes similar to PayPal, which fraudsters are particularly fond of and use bots to capitalise on. What’s more, their valuations are largely p​egged to this growth in “customers”.

There could also be challenges for buy now, pay later (BNPL) giants who have a “zero fraud chargeback” liability. 

This policy means the likes of Klarna accept the risks of fraud on behalf of its merchants — leaving BNPL companies to foot criminals’ bill in full.

Fines aside, the costs of fraud are clear. According to Forbes, Paypal lost $6m, or $1,900 an hour, to fraud globally back in 2000.

Other US fintechs have also paid the price. Neobank Chime and payment app CashApp have been blocked from rental companies due to fraud issues, while trading giant Robinhood has also suffered serious fraud losses.

The fraud-fighting startups

In response, a string of European regtechs are now trying to tackle the issue.

In France, Paris-based Bleckwen uses real-time analytics software to detect and prevent payments fraud. The spin-off from French cybersecurity firm Ercom tackles areas such as authorised push payment fraud — cases of which increased 71% in the first half of 2021 in the UK. 

In Germany, Hawk:AI — which Hauer recently joined — is employing artificial intelligence as the solution, claiming to catch up to 90% of false positives. He says the startup has a handful of clients signed so far, but confirmed his old stomping ground, N26, is not among them.

Onfido, Jumio and Socure  all also tackle the thorny issue of digital identity verification through a combination of AI, facial biometrics and machine learning. 

Estonian identity verification startup Veriff, which recently became the Baltic country’s sixth unicorn, serves fintechs, crypto and gaming companies across 190 countries for their KYC and compliance processes, as do iProov, Trust Stamp and IDNow.

ClauseMatch is another London-based regtech startup. It sells automated compliance policy-management and regulatory change solutions to neobanks like Revolut and to larger banks, giving them visibility and traceability when audited.

Still, founder and CEO Evgeny Likhoded argues that European incumbents are more reticent than neobanks at adopting these tools, stuck “at the beginning of that journey”.

Isabel Woodford is Sifted’s fintech correspondent. She tweets from @i_woodford and coauthors our fintech newsletter. Sign up here 

Amy O’Brien is a reporter at Sifted. She tweets from @Amy_EOBrien

3
Join the conversation

avatar
  Subscribe  
newest oldest
Notify of
Francois Mazoudier
Francois Mazoudier

‘bit (read: VERY) surprised that ThirdFort isn’t mentioned – UK’s 2nd fastest growing business, and they’re providing exactly what you mention, and the industry needs. http://www.thirdfort.com
I can make intros. No, I have no shares in them 😉

Andrew Turvey
Andrew Turvey

No-one wants to say this bit there’s only one way for banks or fintechs to effectively fight fraud (or indeed any other crime):

Forget the arms race. The risks to the criminal of getting caught and punished must outweigh the gains. ‘Stopping’ fraud will always be inadequate. We catch fraudsters, prosecute and punish them.

Banks camt do it alone – it needs a concerted global effort between businesses and governments. And we’re very late in starting the battle…

Alan
Alan

Blockchain fueld by AI and the locally centralised fintech supporting legislatives could remedied the issue, to be seen with the current Indian (braver then others) scenario.