Year-end grab bag
This post will briefly address the Chime IPO announcement, the CFPB Zelle litigation, and a follow-up insight on Digital Currencies
Introduction
As my new year’s gift to you, the sum of the parts is still shorter than my typical slog:
Chime announced it will file for an IPO which gives me an opportunity to correct a comment I made in the Neobanks post a few weeks ago
The CFPB filed a lawsuit against Zelle and its biggest members for their alleged failure to fight fraud
The new administration may be more open to Digital Currencies; I had an insight on this topic I wanted to share
Each discussion will be short, so, I won’t be writing my usual up-front summary.
Chime IPO
Chime filed confidential paperwork as an initial stage to going public. Press reports suggest a 2025 IPO. I can’t wait to see the S-1, to support or refute my Neobank take. I will of course write on that once the S-1 is available.
While I stand behind my conclusions from a few weeks ago, I did make one conceptual mistake that I should own up to. I said that Chime was disadvantaged from a scale perspective because it outsourced so much of its infrastructure whereas Varo had most of that infrastructure in-house. In retrospect, that was bad thinking.
Chime & Varo both likely outsource a good part of their IT to Fiserv or FIS. Those processors structure their contracts to confer a scale benefit to their clients. These are called “tiered-volume” price schedules.
In tiered-volume pricing, the outsourcer sets out a series of volume thresholds. Above each threshold, incremental volume is charged a lower unit price. The cumulative effect traces out a classic scale curve for average cost. This is standard practice. For example, if you read the Marqeta 10Q, they point out similar impacts with their service providers. Shame on me for not catching myself as I have negotiated these kinds of price schedules in the past.
What that means is that Chime unit costs should decline as they grow, which will widen their gross margins over time. If volume grows enough, it could produce profits. Of course, if volume declines the reverse happens – unit costs go up and profit declines. The S-1 will reveal all!
CFPB suit against Zelle & the Big 3
This could be a tempest in a teapot as the incoming administration will likely appoint a new CFPB head who may or may not pursue this litigation. But we have several weeks to go, so it is worth analyzing.
The litigation alleges that the banks and the Zelle network (EWS) did not do enough to prevent “fraud”, and even when “fraud” was reported, didn’t do enough to remediate. The lawsuit claims that JPM, BAC, & WFC cost their customers a cumulative $870M from inception through 2023. This exaggerates the situation.
This cumulative loss seems large but is spread over huge dollar transfers and 6 years. The lawsuit points out that Zelle sent over $450B in the first half of 2024 alone. Even if all those losses happened in a single year it is less than 10bp of transfers. But losses seem to be a six-year total. The lawsuit doesn’t say if the annual loss rate is declining or not.
I expect the loss rate is declining even as aggregate losses go up because Zelle is still growing at 25-30% annually. My guess is the 2024 loss rate is low single-digit bps. That is remarkably low by payments network standards. I would also hazard that the three banks CFPB targeted have among the lowest loss rates in the network – they just have the highest aggregate losses because their volumes are so high – 75% of all Zelle transactions are from the Big 3 according the CFPB complaint.
Further, I used scare quotes around “fraud” for a reason. What the CFPB calls fraud is actually three different phenomena: ATO (Account Takeover fraud), scams, and customer errors. As I understand Reg E, the issue is whether the transaction was Authorized or not; Only in ATO is the transaction usually unauthorized, and even then it isn’t always the case. The other two categories are usually authorized but later regretted. If that understanding is correct, the $870M is substantially overstated.
Authorization is different across each of the three “fraud” types:
In ATO, the sending bank may have an issue with cyber controls. A third-party may have hacked a customer’s account and then emptied it. This may also happen via social engineering rather than hacking, but the impact is the same and the bank should bear responsibility. These transactions are clearly not authorized.
It also could be that the customer shared their banking credentials with a trusted third-party like a spouse, child, caretaker, financial advisor, etc. and that third-party then stole from the customer account using the real sign-on credential. This is called second party fraud: the customer willingly authorized a trusted third-party to act on their behalf, but that third-party turned out to be untrustworthy. Bank Terms of Service generally prohibit sharing credentials.
It is not always so clear cut. For example, If an adult child stole sign-on credentials, the transaction was not authorized, but if the parent gave the child control and the child abused the privilege, it was authorized. Making these distinctions is hard, but it sometimes isn’t the bank’s fault. It may also be that the child stole the money, but the customer claims they weren’t authorized even if they were.
In scams, the customer is conned into sending money to a third-party. The customer willingly sent the money using their real credentials so the transaction was indeed authorized. From very early on, banks warned users not to Zelle money unless the sender knows the receiver. More recently, at least some banks list common cons on the Zelle UI so customers are forewarned. Washington wants the banks to take liability for scams, but my understanding is that it isn’t legally their responsibility.
I was once conned out of $40 cash by a couple of guys who claimed they saw my car trailing smoke. They fiddled under the hood a bit and told me it was fixed. I later realized it was a scam – but they were good at it! Should I have a claim against my bank or the US Government, because I fell for a con? After all, they provided the original $40. That is equivalent to what the litigation is claiming.
The final category are pure errors, like “misdirects” where a customer mistakenly sends money to the wrong email or phone number and the recipient declines to return it. These used to be more common but the network has made technical changes to reduce them. But who should be responsible if it was the customer’s error?
The Lawsuit’s headline number is already a modest percentage of money sent, but it is even smaller when you pull out instances where the customer did something they were warned against. Of course, no one wants Zelle used as a fraud or scam vector, so what are the owners doing about it?
EWS recognized that any exploit has a “bad guy with a bank account” on the receiving end. The receiving bank either had a KYC failure or a good customer went bad (e.g., became a mule). So, EWS switched liability from the send-side to the receive-side. As a result, the receive banks investigate claims faster and close bad accounts. I even heard that Zelle fired some small banks who were not taking their receive-side responsibilities seriously enough.
I do not mean to excuse the banks for things they can prevent – they should pay for those. But banks can’t prevent customers from making mistakes; they can only make it harder to make mistakes and they can warn about common mistakes — but customers don’t always listen.
We’ll see if the new administration pursues this or resolves it in some other way.
Digital Currencies insight
I was researching the new administration’s take on Digital Currencies and decided to go back to the definition of a “Currency” as a way to frame my analysis. According to my research, a currency has three broad roles:
Medium of Exchange – A way to pay for things
Store of value – A way to protect and grow wealth
Unit of Account – A metric to compare the value of assets
While I was writing this up, I realized that each type of digital currency specializes in one of these roles, so collectively they cover the gamut:
Medium of Exchange: Stablecoins. Stablecoins are denominated in fiat currency at a one-to-one ratio. They are used to buy things, but the most common thing they buy is Cryptocurrency. That seems odd, but true. It can be challenging to buy Crypto with conventional payments methods, but easy to buy Stablecoins, so a common use case is to buy Stablecoins and then use those Stablecoins to buy Crypto. Use cases are expanding to other kinds of DeFi applications (Decentralized Finance)
Store of Value: Cryptocurrency. Crypto has become an asset class akin to commodities. They can be purchased in ETFs and Mutual Funds or directly from exchanges. They are rarely used to buy things as their value fluctuates, but tends to go up, so spending it today has a big opportunity cost
Unit of Account: Central Bank Digital Currencies (CBDCs). This is a bit of a stretch, not least because the US doesn’t have a CBDC. Where they exist, CBDCs are issued by a central bank and do not depend on private sector infrastructure. In my opinion, they will be adopted for institutional use cases like holding FX reserves or banks trading Fed Funds. CBDCs have the full faith and credit of the Treasury so they are guaranteed to be stable relative to fiat and risk-free relative to private digital currencies
It is interesting to me how blockchain technology allows each role to have a specialized digital currency. One of my favorite quotes is that there are “only two ways to make money in business: one is to bundle; the other is to unbundle” – Jim Barksdale. Apparently, the blockchain world plans to unbundle the US dollar!
Happy New Year!