Mary Ann Miller
Fraud & Cybercrime Executive Advisor and VP of Client Experience at Prove
Two whistleblowers have made stunning allegations against Cash App, claiming that the company “had no effective procedure to establish the identity of its customers.”
Now the popular fintech payments app of 55 million users is under investigation by the Financial Crimes Enforcement Network (FinCEN), the U.S. Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC).
If the accusations are proven to be true, the Block, Inc.-owned fintech could be in hot water for operating as a potential hub for illegal activity. However, the implications could be much more dramatic and raise a few questions.
If a fintech could operate without such an important anti-fraud and anti-crime system in place for 10 years, would it be because our regulatory bodies might not be properly equipped to monitor the rapidly evolving fintech industry? What other fintechs might also be overlooking this critical consideration? And, which financial enterprises and institutions partner with those fintechs?
Why is identity verification so important?
If Cash App lacks a proper, accurate identity verification system, it would mean the digital door has been open for customers to easily engage in such crimes as money laundering and terrorism financing — for an entire decade. In fact, the whistleblowers presented investigators with Cash App transactions by criminal organizations known for illegally selling customers’ credit card data and personal information, offshore gambling websites that may not be used by American citizens, and even organizations that have been sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control.
Whistleblowers say the siloed nature of Cash App working with different banks for different services made it easier for their security shortcomings to go undetected by regulators. Lincoln Savings Bank, one such partner, has been in charge of identity verification for Cash App since 2016. However, the whistleblowers claim Lincoln Savings Bank’s due diligence standards do not meet industry requirements due to Cash App’s desire to make it easier to open accounts and generate more revenue.
If Cash App is found to be out of compliance with required compliance standards, there may be great repercussions for its parent company Block, Inc. and partners such as Visa, Inc. and Marqeta, Inc. The entire industry will be watching to see what happens next.
Fintechs and fraud risk
Unfortunately, fintech compliance issues like these are of no surprise to the fraud industry. Facebook’s infamous, former internal motto of “move fast and break things” is a widely adopted mindset across the world of tech. While it can be advantageous in terms of increasing speed to market and driving innovation, it can be a nightmare where regulations, compliance, and consumer protection are concerned. Fintechs enter the market with new, innovative, and nimble ways for consumers and businesses to make transactions, however, when these companies take shortcuts or lack the proper oversight, it puts customers, companies, governments, and the greater public at risk.
Bad actors can be savvy. When the digital door opens to no-holds-barred account-opening processes, criminals are likely to be the first customers to arrive. Cash App whistleblowers say the fintech has more rigorous due diligence processes in place now, but that they have not closed accounts that were opened before they improved the way they approach identity verification. In fact, the whistleblowers say existing Cash App accounts can be purchased on the internet. They used to cost $50 per account, but now they can go for $150 or more.
When identity proofing breaks down or isn’t taken seriously, it can lead to the creation of an entire ecosystem of foul play. Picture mule accounts operating across the industry, funding crimes against humanity, scams, cashouts, illegal
trades, and more. Unfortunately, what I see sometimes in the industry is that fraud experts at financial institutions notice these issues, bring them to attention, and then, no longer have a seat at the table.
When identity verification fails, it’s a C-level and board issue. Growth at all risks has serious consequences, and we may be seeing the start of those consequences now.
You can find prove HERE:
Share this on:
Follow us on: