Block, recently targeted by short sellers at Hindenburg Research, is still presumably exploring its legal options. It has, however, released a statement about common investor questions it would like to answer. Unfortunately, none of the questions it wants to answer are “How did you not notice you were issuing a cash card to an obviously fake Donald Trump?”
There’s a lot in the Hindenburg report, which essentially accuses Block of falling down on the job of fraud prevention. To demonstrate the point, Hindenburg changed its accounts’ names to “Donald Trump” and “Jack Dorsey,” and they were still able to send and receive money. They even got a debit card under the name Donald Trump!
Now, personally, my question was, How could this happen? Block did not feel like answering that question, though! Here’s what it answered instead:
- Why would a Cash App customer have multiple accounts?
- How many accounts have gone through your identity verification program?
- How much of Cash App’s business comes from these identity verified accounts?
- How does your identity verification system work?
- Is your approach to compliance different from others?
- How much fraud and illicit activity do you have in your system?
- How is Cash App peer-to-peer risk loss reflected in your financials and how has it trended over time?
- How much have you invested in your compliance program?
Okay.
So we discover that some customers have multiple accounts because they want multiple accounts, that customers can transact with up to $1000 during any 30-day period without identity verification, and that Block “believe[s] that our approach to compliance is consistent with other financial services platforms.”
There are a couple things I want to focus on, though, and one of them has to do with that 30-day period transaction limit. It kind of seems like it would be trivial for scammers to create an account, hit their 30-day max, and move on to a new account? This doesn’t really disprove any Hindenburg allegation.
But what’s weirder is this:
Over time, as customers engage more with our platform or want to use additional products like the Cash App Card, send money from their Cash App stored balance, or transact at higher dollar amounts, they are required to complete our IDV [identity verification] process.
The existence of Hindenburg’s Donald J. Trump cash card suggests that either this is not true, the answer is fuzzy somehow (ie, you need multiple products to trip the verification wire), or that there is something deeply wrong with the identity verification process. Block does not speak to this, and it seems like a weird omission!
The response to the fraud question is, somehow, even weirder. Yes, fraud is common anywhere money exists — that’s part of the reason know your customer and anti-money laundering laws exist in the first place. But in estimating fraud, Block uses its “denylist,” which prevents transactions. The allegation from Hindenburg is, essentially, that Block’s denylist should be larger. Block responds by saying its denylist is 2 percent of all transacting accounts. This doesn’t disprove anything Hindenburg has claimed. Nor does it speak to any of the allegations in the Hindenburg report.
And when it comes to peer-to-peer fraud, a major allegation in the Hindenburg report, we get a similar dodge:
This figure has remained at or below 0.20% of both applicable peer-to-peer payment volume and of overall inflows for each of the past five years. While we saw an increase during 2020, we have driven improvements since, and, in 2022, Cash App risk loss recognized in sales and marketing was 0.14% of applicable peer-to-peer payment volume and 0.12% of overall inflows.
Okay, but how do we know that Block is counting correctly? Again, the Hindenburg suggestion is that Block is falling down on the job — so relying on your own internal figures to rebut that… doesn’t rebut it!
There’s another thing that lifted my eyebrows:
The 44 million verified accounts represented approximately 39 million unique Social Security numbers as of December 2022 (we use Social Security number as a logical, unique identifier to estimate the number of identities in this analysis).
So some Social Security numbers have multiple verified accounts. Sure! And they did disclose in their 10-K that one customer can have multiple accounts. Fine! But here’s my question, which isn’t answered directly and pertains precisely to the Donald J. Trump card: Does the name on the account have to match the name associated with the Social Security number? I ask because, you know, there are a lot of Social Security numbers for sale on the dark web. The statement doesn’t say.
One other thing stuck out to me:
The company’s compliance investments have grown more than twice as fast as overall gross profit, and compliance investments have also meaningfully increased as a percentage of our overall operating expenses.
The question here is, “How much have you invested in your compliance program?” and Block doesn’t answer it. There is a number in a budget somewhere for this, and yet, we don’t see it! Instead, we get told that compliance investments have “grown twice as fast as overall gross profit.” It is very easy to double the size of something small, and I have no idea in what timeframe that growth has taken place.
The thing about this non-answer is that Block asked the question itself in its own press release. It’s not like I showed up wearing my fedora with a press card in the brim and asked CEO Jack Dorsey a hard-hitting question he was unprepared for. This question could easily have been omitted rather than dodged. That’s shocking to me!
Anyway, based on this, I will be surprised if Block files that lawsuit it was threatening. Block has promised more discussion of this on its forthcoming earnings call, and I genuinely hope analysts rake them over the coals, because this statement is a nothingburger. Talking past Hindenburg is not the same as disproving their allegations — did Block really think no one would notice that? Maybe Dorsey is a blockhead in more than just title.
Read More
Elizabeth Lopatto