We are in the middle of a supposed economic downturn that looks likely to test the coffers of every company, spanning across industries and geographies. Net revenue retention has never been as critical as today, particularly in the rapidly growing and highly competitive fintech industry.
Fintech is fresh from a bull market, particularly from an investment perspective, with the share of venture capital dollars rising from under 5% in 2011 to over 22% in 2021. In this backdrop, the B2B market has consistently outpaced the B2C market for this metric (125% to 94%).
To ensure that their customers in the US fintech market can be retained, service providers in the B2C space must not cut corners - from a technology, security, compliance, and user experience perspective.
This is because one of the biggest impediments to rapid growth for fintechs has been the volume, breadth, and frequency of fraud losses these companies experience over time.
Fraud In Fintech: A Brief History
In the early days, while finding product market fit, they frequently turn into the hotbed for fraudsters who often (rightly, we might add) conflate new products with those with insufficient guardrails or risk and compliance infrastructure.
Further along in the growth journey, these fraud vectors evolve to higher degrees of sophistication, while also carrying greater degrees of financial risk for the fintechs with fast-growing clientele. The hushed-tone whisper in fintech and financial services is that sophistication levels of fraud vectors within your app or service are a badge of honor, even if a slightly uncomfortable one. The general consensus is that fraudsters only attack that which is inherently valuable.
With this being said, a potential solution to these fraud rings has been around and known to the industry for a long time. An Early Warning-style data-sharing consortium between fintechs can help mitigate at least some of these fraud loss issues. The original Early Warning (EW) solved this need in the banking industry, ensuring that banks stayed a few steps ahead of their fraud losses.
An important caveat here is that EW was owned and operated by the seven most prominent banks in the US, offering them large volumes of data and executive alignment between critical leaders at the banks, driving faster product adoption and carrying with it inherent consumer trust.
However, the concept of sharing data that is made available to fellow fintech companies does not appeal to these organizations for several reasons, some of which are below, and are later addressed in detail;
- Privacy and security concerns, in the era of GDPR and it’s siblings worldwide
- Competitive risks
- A lack of trust in a single third party to properly encrypt, store and manage the data itself
- Misaligned incentives for each participant fintech company.
Collaborative Efforts Across Multiple Industries
Collaboration in Tech
In a wide variety of industries over the past few decades, companies that solve different problems along the customer value chain have come together to address industry challenges and thereby create greater value for their collective clientele.
Oftentimes, incumbent industry challenges cannot be addressed by a single provider due to some or all of the following reasons:
- Lack of in-house expertise and/or staffing in one or more areas
- A product or feature gap in a singular provider’s service
- Geographical limitations, introduced through either
- Legal and regulatory restrictions
- Product localization issues
- Improper or non-existent product distribution channels
- No willingness to take on potential liability in the face of long-standing issues
Collaboration in Other B2C Industries
Over time, many industries have proven that collaborative technological advancements can be mutually beneficial:
- Automobile: The Car Connectivity Consortium was established to help develop deeper integrations between car Engine Control Units (ECUs) and cutting-edge smartphones. The Board of Directors of CCC includes individuals from charter member companies Apple, BMW, General Motors, Honda, Hyundai, Panasonic, Samsung, and Volkswagen.
- Finance: Historically, this has been one of the pioneering industries in cross-company collaboration. The world of finance, banking, and now fintech is littered with examples of consortiums with varying degrees of success: Mastercard’s MATCH, Early Warning, and SBFE for small business lending. For obvious reasons, our focus in this blog post will be on finance and fintech products.
- Further, regulated consortium products also exist, driven by a combination of government and leading private firms - the US Department of Housing and Urban Development has plenty of examples to call out here.
- Healthcare: Akin to finance, healthcare has been collaboratively innovating to drive the future of human health forward. The Medical device innovation consortium is one such example, bringing industry titans together to aid the great work being done by Libre, Dexcom, and so on to bring to market new ‘connected’ health devices.
Challenges for Data-Sharing Platforms
As exciting as this concept is, success in collaborative projects is hard to come by. Here, we talk through some of the well-known challenges in the development, management, and maintenance of consortium products.
Privacy and Security Concerns, in the Era of GLBA, GDPR, and Their Siblings
Deep understanding of evolving privacy laws is not very common in fintech companies, resulting in the enlistment of independent or partner privacy counsel to ensure that this area of the business remains well managed. In the US, the closest we have to an overarching privacy law is the Gramm-Leach-Bliley Act (GLBA).
This applies to the disclosure and use of any non-public personal information (NPI) by a financial institution (FI). This information includes PII (Personally Identifiable Information) that is either provided to the FI by the consumer, made available during or as a consequence of transactional activity, or is obtained by the FI for verification in any other form (a bank obtaining their client’s FICO report would be an example of this). Two categories of rules underpin the GLBA.
- Privacy rule: Enforces the provision of privacy notices to end customers, with certain opt-out disclosure privileges inbuilt.
- Safeguards rule: Enforces the development of a written InfoSec (Information security) program for all FIs.
In the current data-heavy millennium, consumer privacy is hotly debated, with the biggest tech companies facing harsh consequences for non-compliance with laws such as the General Data Protection Regulation (GDPR) in the EU and subsequent local implementations in the US such as the CCPA (California Consumer Privacy Act).
With this in mind, data sharing into a consortium often raises eyebrows within fintech - in part stemming from evident and severe security or privacy risks and (in no small part) due to a hesitation to fall afoul of nascent laws that are not widely understood.
Other laws that play into FIs’ minds - the FCRA, the Red flags rule, and the HIPAA if consumers’ healthcare data is involved in any shape or form.
An obvious but worthwhile topic to add in here is the threat of competition - in the backdrop of aggressive growth and competition, even more so in the era of cautious investor funding, fintech consumer companies are constantly looking over their shoulders at what products and services their competitors are launching, regardless of how established or otherwise, they may be.
Switching costs are at an all-time low for fintech consumers, with most services migrating to automated and app-based, meaning it takes a competitor minutes to poach a customer from their fellow fintech, should they identify the right customer segments and needs. The clamor in the industry for credit and debit card programs is a prime example of this.
Lack of Trust in Third Parties to Properly Encrypt, Store, and Manage Data
Briefly stepping back to the above world of privacy - a big reason consumer tech companies paid hefty fines in recent years is the notion that “Data is the new currency,” - resulting in consumers feeling aggrieved that big tech sold their data to maximize their own profits.
In the same vein that consumers are no longer lax about sharing data with third-party vendors, websites, social media companies, and others, fintech businesses need to be even more risk-averse, as they could run into financial and also reputational risk.
To create a successful data-sharing consortium, any third party would need to gain the trust of tons of businesses which is a gargantuan task. Most concerns against third-party vendors are the fear of affiliate marketing, data breaches, misaligned incentives between vendor and participant. Finally, a concern is a lack of controls for the processor or holder of their end consumers’ data. These hurdles must be overcome for any vendor or service provider to succeed in this endeavor.
Misaligned Incentives for Each Participant Fintech Company
The term fintech has long since evolved to become an umbrella term that could describe a myriad of services. A quick look at Unit21’s clientele gave us a few categories: Banking, payments, payroll, BaaS, lending, brokerages, crypto exchanges, and crypto service providers.
Expecting each fintech that may belong to one or more of these categories(and beyond) to pool data to identify fraud, while altruistic, is unrealistic. The reason for this primarily is that each of these industry verticals are focused on different challenges at any given moment of time. For example, Banking-as-a-Service (BaaS) is being re-evaluated by the OCC, and crypto is stuck in a regulation race.
Despite being in the same industry (broadly), neither of these companies' top priorities currently align. Throughout the history of this industry, these types of misaligned priorities have existed, and as we know:
Misaligned priorities = Misaligned incentives
With that said, finding common ground between these sets of problems is a significant challenge to overcome. The below high-level issues persist
- Inefficiencies due to competing internal priorities for members
- Resource discrepancies in small vs. large members
- Legal or operational issues
- Fear of losing company or product USPs
Unfortunately, these are issues that cannot be resolved overnight with a one-size-fits-all approach or a magic wand solution.
Structural changes at the very base of these problems are paramount in enabling successful collaborative work streams, which is why in our next segment, we'll talk about Web3 and how new technologies can be used to level the playing field.