Hello TWIF UK & Europe friends,

Ok so I said there wasn't going to be a newsletter this week but I couldn't help myself.

Below is a quick highlight of some of the biggest news pieces over the past week combined with an op-ed piece about Pay.UK's recent Fraud Detection Pilot from Nico at Tunic Pay.

👍 👎 Have feedback or news to share? Let me know on Twitter and LinkedIn.

Challenger Banking 🚀

🇪🇺 German neobank N26 has had its growth limits lifted by German regulator BaFin.

🇬🇧 Revolut is to allow its employees to cash out shares in a deal worth $500m with Morgan Stanley. It also introduced savings accounts and expanded its international transfers to 14 new payment corridors.

🇬🇧 Finance super app Curve is to launch a competitor to Apple Pay after Apple has been forced to open up access to its NFC chip.

🌍 Latam neobank Nubank has launched travel eSims with Gigs and added crypto transfers.

🌍 Spend management solution Ramp is adding new premium rewards through a partnership with global rewards network Ascenda.

Digital Assets ₿

🌍 PayPal's stablecoin is available on Solana.

🌍 Coinbase made another attempt to appeal a judge's ruling in a case against the SEC.

🌍 Ripple donated $25m to a crypto Super PAC.

🌍 Mastercard has piloted a Crypto Credential network to enable cross-border 2P digital asset transactions between Latam and Europe.

🌍 President Biden vetoed a bill that would have overturned a controversial SEC bulletin that established accounting standards for firms custodying crypto.

Traditional Banking 🏦

🇬🇧 HSBC is announcing new HQ at Hudson Yards in New York. It also released a Payment Pre-Validation API to provide account validation and name matching to reduce payment failures.

🇬🇧 TSB customers faced an outage.

🇬🇧 NatWest has bought some of its shares back from the government.

Fintech Infrastructure 🚧

🇪🇺 BaaS provider Dock Financial's German entities have filed for insolvency.

🇪🇺 B2B BaaS provider Merge secured an EMI licence in France.

🇬🇧 Starling Bank's core banking product Engine has integrated with open banking platform Ozone API.

🌍 Open banking provider Yapily has integrated with embedded finance API adaptor mmob.

🌍 Risk management provider Oscilar and digital identity verification solution Socure have partnered.

Payments 💰

🇪🇺 Mangopay launched a new AI powered fraud solution.

🇬🇧 Form3 is to provide Currencycloud with account verification technology.

🌍 In an unsurprising move, Capital One and retailer Walmart are parting ways and ending their credit card agreement.

🌍 PayPal is building an ad platform to deliver personalised offers and give merchants better spend performance.

Op-Ed from Nico Barawid at Tunic Pay

Yesterday Pay.UK announced results from a recent data-sharing pilot that are both exciting and obvious. Exciting because scams are proliferating, and any measure to reduce harm is very welcome; obvious because after a year of discussions, the conclusion is that multiple industry participants acting in concert can solve a pernicious problem better than each individually can.

The problem is urgent. In the UK, the number of reported financial scams grew 12% in 2023 to >230k cases, representing almost £500m of losses. And these are simply the reported incidents; bank fraud officers estimate that these figures are underreported by a figure of 3:1 to 10:1, since consumers currently don't have a strong incentive to file a report. However, starting October, the PSR has mandated that financial institutions must reimburse victims for scam losses in excess of £100 up to £415k. Unsurprisingly, the industry is expecting that the number of reported cases will rise dramatically now that consumers have a strong incentive to come forward.

Casual analysts like to point to the explosion of generative AI as the root cause of scams. However, the intractability of this specific type of fraud can, in many ways, be actually attributed to something much more boring: the shortcomings of the underlying infrastructure for real-time payments. Real-time payments—unlike card payments—are instant and irreversible, and as such, are massively effective fraud vectors for scammers. Further, the UK's real-time payments rail is built on a primitive interbank messaging standard (ISO 8583), ironically because it was the first 24/7 instantaneous payments scheme globally. ISO 8583 has been used by the card networks since the 1980s; its small payloads carry minimal information with limited application to fraud detection and prevention. By contrast, India's UPI or Brazil's PIX use modern, extensible data exchange formats and their payload can be much richer. It's like the UK is trying to use the beloved Nokia brick for a Zoom call while India and Brazil are on the latest iPhone. 

How messaging protocols affect the bottom line is not new to my Tunic Pay co-founder Nicky Goulimis and me. She co-founded—and I was the first to join—Nova Credit, the world's first cross-border credit bureau. We both spent years on the very riveting task of parsing through data libraries to build borderless financial identities nearly a decade ago. Not many people know that some countries’ bureaus have undergone a quiet data revolution that transformed access to credit. Take Serasa in Brazil: until recently, it was primarily a "negative-only” bureau, meaning that individuals only appeared in the database to the extent they had delinquent marks on their record. This meant that if they had many years of on-time ("positive") payments on their loans, their record would be equivalent to someone who had never opened a loan. A presidential decree in 2019 changed this, and access to credit widened. This same trend happened in several countries around the world.

In many ways, the fraud world is still stuck in “negative-only” land. With few exceptions, data-sharing is relegated to a regime of blacklists: entire businesses have been built on sanctions screenings and collating known bad actors. But fraud teams at banks, like credit underwriters, do not see the world as black-and-white; they make determinations as to the shade of gray, without effective tooling to do so.

The pilot that Pay.UK announced yesterday is also not the full answer. The way the pilot worked was that a small number of banks shared customer data with three fraud vendors, who then built fraud detection models with all the data. They then backtested those models against each bank's individual data. Unsurprisingly, this analysis showed that the models using the joint data were better at detecting fraud than when the models were trained merely on each bank's individual data. The issue is that the resulting fraud overlay that the industry can use is actually little more than a score derived on the data—rather than the data itself. And yet insiders have intimated to us that all of Pay.UK’s work to advance New Payments Architecture and publish specs on data sharing standards are indefinitely paused.

But scams are ultimately a challenge of data asymmetry. A sending bank banks the victim, a receiving bank banks the perpetrator, and neither side has complete visibility into the risk characteristics of the transaction. Each side might be able to triangulate whether the other customer has appeared on a blacklist, but certainly not the core identity, behavioral, or financial characteristics that predict trustworthiness or malfeasance. And so, similar to how positive data in the credit reports in Brazil led to increased lending, we think data pipes need to be built between banks to protect real-time payments.

The UK was world-leading in rolling out 24/7 real-time payments in 2008. The mandatory reimbursement legislation entering into force later this year will also be world-leading, both in its protection of consumers, but also in its absoluteness as an instrument of that protection. The UK financial sector has an opportunity to be market-leading here in implementing a data-sharing layer that is built around the contours of today's payments. Pay.UK and the industry need to be more ambitious in building data-sharing protocols to address scams and divorce the current correlation of faster payments with faster fraud.

👍 👎 Have feedback for us? Let us know

Follow me on Twitter and LinkedIn for more fintech content

See you next week!