Fraud continues to plague fintech businesses large and small. During its earnings call for the fourth quarter of 2021, PayPal chief financial officer John Rainey said the company identified 4.5 million accounts that it believes “were illegitimately created.” Its stock slumped 25% on Wednesday after it also reported that profits fell short of Wall Street analysts’ expectations and that it anticipated slower growth in 2022 than previously expected.
Over the past two years, while ecommerce soared due to the pandemic, PayPal added 120 million new customers (it now has 426 million total accounts). In 2021, the company “leaned into incentivized customer acquisition tactics to a much greater extent than we ever have in our history,” Rainey said on the earnings call. For example, PayPal ran marketing campaigns that offered to deposit $5 or $10 in a new customer’s account if he or she signed up for PayPal or Venmo. It ran into trouble when bots, or software created to automatically visit websites and take actions, started scooping up those incentives for the sole purpose of seizing the reward.
Rainey said the company is changing its customer acquisition strategy to move away from incentive programs and focus on “sustainable growth and driving engagement,” or getting current customers to use PayPal’s apps more often. He said this change in strategy is “separate and apart” from the fake account issue.
“This is the first time I have seen a company acknowledge that fraudsters can take advantage of these new account programs with such scale,” says Frank McKenna, cofounder of fraud prevention firm Point Predictive.
Since the pandemic began, fintech’s fraud issues have grown at a frightening pace. Car rental companies like Avis and Hertz stopped accepting cards from apps like Chime, Cash App and PayPal, and Chime users had money stolen from their accounts (Chime has said that rental companies need to be more careful about whom they rent cars to). Robinhood created a list of banks that it bans transfers from as a way to stop the bleeding from fraud losses. PayPal’s fraud challenges date back to the earliest days of the company–in 2000, it lost $6 million, or $1,900 an hour, to fraud at a time when its revenue was less than $5 million.
Its latest fraud challenges and admission that 4.5 million accounts were fake begs the question of how other fintechs are being affected. “How much of the growth in some of these fintech portfolios could be fueled by these bots that are creating accounts just for collecting the incentive?” McKenna says. “I think every fintech should look at accounts that signed up with incentives but never used the account again.”
“What we’re seeing at PayPal is a systemic issue,” says Mary Ann Miller, a vice president at identity and fraud company Prove. “It’s related directly to the identity theft and synthetic fraud that we saw during the pandemic.” She says that bad actors are weaponizing the personal information that they’ve stolen in data breaches and using bots to launch attacks. “They’re going to all kinds of fintechs and attacking their account-openings processes,” she adds.
The continued acceleration of fintech fraud is also surprising some experts. Tommy Nicholas, cofounder and CEO of Alloy, whose software helps fintechs prevent fraud and comply with “know-your-customer” regulations, said in an email that “fraud is really widespread right now, really bad, and getting worse.” He added that fintechs and banks “aren’t getting worse at fraud prevention or looser in their stances. It’s the opposite!” But the criminals are getting smarter and more powerful. “Fraudsters are better funded (flush from defrauding governments over pandemic relief), bolder, and more talented than ever.”