3 Fintech News Stories
#1: Plaid’s Fraud Prevention Endgame
What happened?
Plaid announced a new product:
Today we’re launching Plaid Protect: a real-time fraud intelligence system that helps detect and prevent fraud from the moment a user first interacts with your app or service. By drawing on fraud signals across a billion devices in the Plaid network, Protect goes beyond what any single company can see – surfacing fraud patterns that exist between linked bank accounts, connections to financial apps and services and more. Protect brings together two powerful components: ML-powered risk scores and fraud attributes with an intuitive dashboard built for fraud operations.
So what?
You can think about this product as the endgame that Plaid has been working towards in the fraud space, since it acquired Cognito in 2022.
Many of the opening moves in that game weren’t, by themselves, especially innovative. ID scanning, liveness detection, device and IP address reputation, and behavioral biometrics are now table-stakes features. ACH risk assessment is useful for pay-by-bank use cases, but it’s not unique. And lots of fintech companies in the fraud space have been trying to replicate EWS’s success with fraud data sharing consortiums.
Protect is different. It fuses together all of the different signals Plaid sees (identity information, anonymous session and user data, reported fraud cases, etc.) into a single risk model — what Plaid calls its Trust Index — anchored around a data asset that very few companies have access to: bank account and transaction data.
That last part is what makes Protect different from other ML-powered fraud risk models.
Fraudsters continually leverage new channels, technologies, and trends in consumer behavior to develop attacks that can evade the defenses of banks and fintech companies. This necessitates a constant game of cat and mouse between fraudsters and financial institutions.
However, the one thing that all fraudsters have in common is bank accounts. No matter what scam they’re running or vulnerability they’re targeting, at the end of the day, they all need bank accounts to deposit their ill-gotten gains into. And because bank accounts are difficult to acquire (because of banks’ KYC requirements) and difficult for fraudsters to make look legitimate (simulating the normal inflows and outflows of a consumer or business bank account would be expensive and time-consuming), they represent a comparatively small universe to anchor a fraud risk model around.
The result, according to Plaid, is a flexible service that can operate in a completely anonymous manner (utilizing device IDs and IP addresses), but which becomes progressively more effective as more data (PII, bank transaction data, etc.) is collected as the end user progresses through the transaction. This service can be used to identify elevated risks for a wide variety of fraud types (account takeover, synthetic identity, first-party, etc.) and drive dynamic step-up verification interventions and back-office investigations.
Color me intrigued.
#2: Apple Just Rewired Digital KYC
What happened?
Apple announced some interesting changes to its operating systems.
First, support for passports is coming to Apple Wallet:
In iOS 26, Apple is implementing a new Digital ID feature that builds on integration for Driver’s Licenses in the Wallet app. Starting this fall, Apple Wallet will allow iPhone users to add a U.S. passport.
And the ability for third parties to leverage Apple Wallet for ID verification will now be extended through web browsers:
Apple is adding a “Verify with Wallet on the Web” option in iOS 26 that can use a state-issued license or Digital ID to verify age and identity in a private and secure way. This is already an option in apps, but Apple is expanding it to the web through support for the W3C Digital Credentials API and the FIDO CTAP protocol.
So what?
Most of the news coverage of these announcements focused on the passport news, and specifically the ability for travelers to use the digital version of their passports for security screenings at airports for domestic travel.
That’s nice (I still don’t have my REAL ID), but the much bigger news is the extension of Apple’s digital ID capabilities through web browsers. That will be a game-changer.
Think about it in the context of the digital account opening experiences offered by banks and fintech companies. A consumer applies for an account. At the beginning of the application flow, they are presented with the option to “verify with Apple Wallet”. If they are using a browser on an iOS device, it immediately prompts the user to share the required identity data from Apple Wallet, using Face ID or Touch ID for authentication. If the user is using Safari on a computer, the user’s iPhone will be automatically prompted for authentication. And if the user is using a browser on a non-MacOS/iOS device, they will be presented with a QR code to scan with their iPhone to complete the authentication process and provision the required identity data from Apple Wallet.
That’s a pretty slick experience (for anyone with a compatible iOS device) compared to the standard digital KYC process, which typically requires users to manually scan their IDs and capture a selfie video for authentication and a liveness check.
And remember, the identity data that is being shared by Apple from the wallet is both highly secure (it’s stored in the secure element on the device, Apple only shares the necessary data elements, and the data is always encrypted) and highly reliable (verifiers can cryptographically prove the data really came from the State DMV or State Department and hasn’t been altered).
And while I expect that Apple will quickly add more state driver’s licenses as supported ID documents in Apple Wallet (it currently supports 9 states + 1 U.S. territory), the inclusion of passports creates a decent level of national coverage right away.
No surprise, then, that banks and fintech companies are already lining up to use Apple’s “Verify with Wallet on the Web” feature (emphasis mine):
Apple says that the first websites that will support the Verify with Wallet on the Web feature include Chime, Turo, Uber Eats, and U.S. Bank. The Arizona MVD, Georgia DDS, and Maryland MVA will add support for their digital ID apps.
#3: Merchants Don’t Have to Issue Stablecoins to Benefit From Them
What happened?
Large retailers and other merchants are exploring stablecoins:
Some of the biggest merchants are exploring how to issue or use stablecoins, potentially shifting the high volumes of cash and card transactions that they handle outside the traditional financial system and saving them billions of dollars in fees.
Walmart, Amazon. com and other multinational giants have recently explored whether to issue their own stablecoins in the U.S., according to people familiar with the matter.
Expedia Group and other large companies such as airlines have also discussed potential efforts to issue stablecoins, some of the people said.
So what?
OK, a couple of things here.
First, the Wall Street Journal headline — “Walmart and Amazon Are Exploring Issuing Their Own Stablecoins” — is a bit misleading. As the article goes on to say, they might choose to utilize stablecoins without issuing their own directly:
The companies have also weighed how to use outside stablecoins, some of the people said, even if they decide not to pursue their own. That could be through a consortium of merchants led by one stablecoin issuer, for example.
This seems the more likely route to me.
What the Wall Street Journal fails to mention is that large retailers and other merchants may not be able to issue their own stablecoins, based on the latest language in the GENIUS Act.
A recent amendment to the bill (Amendment 2307) added a clause that requires “a public company that is not predominantly engaged in one or more financial activities” to obtain unanimous approval to issue a payment stablecoin from the “Stablecoin Certification Review Committee”. That committee would be made up of the Secretary of the Treasury, the Chair of the Federal Reserve Board or the Vice Chair for Supervision, and the Chair of the FDIC.
I can’t say for sure, but it seems distinctly possible that Miki Bowman or Travis Hill (or his replacement) might side with banks over Walmart on the question of whether Walmart should be allowed to issue its own stablecoin (we’ve seen this movie before).
Of course, it doesn’t really matter. Merchants partnering with a regulated stablecoin issuer (either an established provider like Circle or a new one as part of a consortium effort) would get them roughly the same outcome, but without all the regulatory hassle. We are seeing that exact situation playing out with Circle’s partnership with/vassalage to Coinbase, and there are early signs of other such arrangements emerging (e.g., Shopify’s partnership with Stripe and Coinbase).
Finally, we should take a minute to give James Wester, Director of Cryptocurrency and Co-Head of Payments at Javelin, his flowers. He came on the Fintech Takes podcast months ago and sketched out this exact hypothetical scenario — stablecoins replace prepaid as the mechanism through which large retailers and non-finance brands operate closed-loop payments networks — based on his first principles analysis of what stablecoins are good at and where the gaps are in our current domestic payments ecosystem.
This is why James, in addition to his day job, is quickly establishing himself as Fintech Takes’ official stablecoin correspondent (on this note … watch out for this week’s Fintech Takes podcast!)
2 Reading Recommendations
#1: Gamblemerica: How Sports Betting Apps Rewired a Generation’s Relationship to Risk (by Kyla Scanlon) 📚
The most important finance-adjacent topic, covered by one of my favorite economic writers. MOAR!!!!!!!
#2: Stripe Acquires Privy: Building the On-Chain Banking Stack (by Chuk Okpalugo, This Week in Fintech) 📚
I haven’t seen that many folks explaining Stripe’s acquisitions of Bridge and Privy through the lens of BaaS (which is the obvious framing, from my POV). Chuk is an exception and he does a wonderful job in the lead story of this article explaining the “stablecoins are the new BaaS” thesis.
1 Question From The Fintech Takes Network
There are a TON of interesting questions being asked in the Fintech Takes Network. I’ll share one question, sourced from the Network, each week. However, if you’d like to join the conversation, please apply to join the Fintech Takes Network.
Would the CFPB be getting gutted the way it is right now by Russ Vought if the bureau had operated differently over the last four years?
This is obviously a counterfactual that is impossible to prove, but if you have any thoughts on it, please reply to this email or DM me in the Fintech Takes Network!
