I’ve gotten versions of this question recently from bankers and investment-analyst clients.
It’s certainly messy. There are multiple countervailing trends in the macro economy that make this a complex picture. Rapid shift in rate environment has changed the mix in usecases for embedded finance, credit and BNPL models are more challenged, while high deposit yields create new opportunities in treasury products. When I talk to platform providers in embedded finance I hear that yes, deals are still happening but there’s definitely been a mix shift in customers and usecases over the last year.
Prominent bank failures in the US and Europe are not helping anyone either. These are further having a further adverse chilling effect on both bank liquidity and regulatory scrutiny. On the risk appetite side, there is a real danger of ‘baby with the bathwater’ as regulators and bank directors may be prone to look at anything creative as a risk rather than as potential innovation. Regulators are going to be leaning into their ‘protect the banking system’ mandate rather than the more open minded, lets stimulate competition and innovation.
US Banks are facing potential capital calls to replenish the FDIC reserve. Traditional deposit liquidity is chasing yields to money markets further pressuring liquidity. The yield curve and the lending market are upside down.
Embedded finance is also dependent on partnerships/customers with fast growing fintech startups, banking-as-a-service platform integrators and the like. But a significant share of fast growing fintechs over the last few years may have grown too fast, over raised, and could be now short of continuing capital. Expect to see a lot of consolidation and thinning out in the BaaS and neo-fintech space through the rest of the year.
And yet… Where there is turmoil there is opportunity. An 50-80% haircut in valuations create opportunities for acquisition, and an enormous about of smart, capable talent on the beach. It’s a buyers market for banks or well-enough capitalized bigger brands in fintech.
And yet… all these headwinds are intrinsically temporary. AI, new payment rails, working open banking, digital-issuance continue to fuel huge new opportunities and usecases across verticals. The overall trend towards embedded finance is a powerful long term cyclical trend. As software continues to transform every industry, payments, capital and finance _needs_ to be more closely embedded in all the SaaS platforms, marketplaces and apps that business (and consumers) now use every day. Banks that take advantage of temporary market downturns to invest in embedded finance stand to benefit enormously through the next economic cycles.
Note: The following post is an elaboration on a recent advisory conversation I help with some institutional investors in the payments space. If you'd like to book me for a consultation or other engagement, check my offerings here.
Here’s the thing, practical, large scale deployments of AI have been used in payments fraud detection since the 1990s. In fact, payments fraud has long been seen as one of the obvious killer apps and ready-adopters for every stage of AI, from neural nets taking over from rules based systems in the 90s. Growth of ecom and attendant fraud, drove payments adoption of machine learning and supervised then unsupervised models through the 00’s, then deep learning and reinforcement learning through the 2020s.
So are large language models and generative AI just more of the same. Well, I think there is reason to argue that this time could be different.
a) Generative AI is not just for the good guys. Watch for a step function acceleration in the volume, effectiveness and new threat vectors for payments fraud. Especially smaller merchants, institutions and processors are going to be increasingly dependent on vendors to keep up in the arms race.
b) Generative AI is not just for the payments business. Businesses of all sizes stand to be benefiting from generative AI providing new value to almost all functions finance, ops, marketing, sales etc. But most mid to small size business will be buying solutions that integrate AI, and AI benefits from as much contextual data it can use and understand about the business. So advantage here to the ongoing super-trend integrated SaaS platforms like Shopify, Square, vertical platforms like Toast and platform-enablers like Stripe. Vs monoline providers like legacy PoS providers or legacy payments acquiring/processing.
Generative AI product opportunities in payment fraud detection
Pattern Recognition and Anomaly Detection: Large language models can be trained on transaction data to understand normal patterns and recognize anomalous transactions. I’d expect these improvements to be moderately incremental, not disruptive. But LLM ability to understand complex patterns could potentially allow them to identify sophisticated fraud strategies that simpler models might miss.
Synthetic Data Generation: Generative AI models can be used to create synthetic transaction data that mirrors the properties of real transaction data. This synthetic data can be used to train other machine learning models for fraud detection, particularly in cases where there may be limited examples of certain types of fraud. Actually, being able to test any code in fintech against realistic production data has always been a pain. Either you are potentially putting real sensitive PAI/PII info at risk or you just not testing realistically. Producing better synthetic test data for fintech could be a whole new product line or startup idea in itself.
Narrative Generation for Alerts: Large language models can generate detailed, understandable narratives describing why a particular transaction was flagged as potentially fraudulent. This could make it easier for human analysts to understand and act upon the alerts generated by the system. Why did your bank flag and just call you to confirm that ‘suspicious’ transaction? Maybe they don’t even know, gen AI could hypothetically help here with more specific and customized messaging both for internal testing/optimization or for improved customer communications.
Improved Phishing Detection: AI models could be used to analyze the text content of emails, SMS, or other communication channels to detect phishing attempts related to payment fraud. The models could be trained to recognize the subtle linguistic cues that indicate a message is a phishing attempt. Especially relevant when you consider how generative AI is also going to powering more sophisticated phishing in the hands of adversaries. This area is going to be a case of generative AI continuing to fuel an arms race on both sides of fraud. Possibly fraud/security and platform vendors here are really the only true winners in the long run.
Adaptive Fraud Strategies Detection: Large models seem to be surprisingly good at performing well even when pushed beyond their original training set. As fraud strategies constantly evolve, large language models with continual learning can adapt over time, understanding new tactics used by fraudsters and adjusting their detection mechanisms accordingly. Again, an important consideration when gen AI is also going to be helping the bad actors be more creative, productive and hypertargeted.
Multi-modal Fraud Detection: Combining text, transaction data, and potentially other types of data (like user behavior data), large language models can aid in creating a more comprehensive view of user activity and detect intricate fraudulent patterns more accurately.
Contextual Analysis: Generative AI models can help in understanding the contextual information around transactions. For example, they could analyze the text of a customer support chat to understand if a transaction was disputed by the customer, even if the dispute isn’t formally recorded in the transaction database.
More Adjacent Usecases and themes
Improving Customer Support and Interaction: Large language models can automate and enhance customer interactions, providing immediate, accurate responses to customer inquiries. This can expedite the resolution process for disputes and chargebacks, making the process more efficient for both the consumer and the merchant or bank. But would you buy a generative service just for payment/fraud related interactions? More likely, integrated platforms that combine payments with the rest of a business CRM might be the winners here.
Automating Evidence Collection: AI can help automate the process of gathering and analyzing data related to a dispute or chargeback. This can provide faster resolution times and more accurate outcomes, reducing the time and cost involved in handling these cases. This one again could be a whole new product or startup idea. Imagine an integration between gong (the SaaS that automatically captures and transcribes all cs/sales conversations) and Visa’s Verifi (a service that helps resolve disputes before or after they become chargebacks). Generative AI could be so good at resolving common disputes of what a sales agent allegedly promised vs what a customer received.
Predicting Disputes: AI models could potentially predict disputes and chargebacks based on transaction patterns, allowing for proactive measures to prevent or mitigate these cases. Maybe not a unique usecase for generative AI vs traditional ML/AI techniques. However, the increasing ease of access to models and custom training, could make all sorts of AI usecases easier to put in the hands of more users.
Tailored Resolution Strategies: Based on historical data and ongoing learning, AI could tailor dispute resolution strategies, ensuring that the most effective methods are used for each individual case.
The Threat Environment side of generative AI
Ever More Sophisticated Phishing Attacks: Large language models could be used to craft highly sophisticated phishing emails, text messages, or other communications that convincingly mimic the style of legitimate communications from banks, employees/bosses, friends or other trusted parties.
Impersonation: These models could be used to generate realistic chat or voice messages, potentially impersonating bank officials or customer service representatives, leading to social engineering attacks.
Data Mining: If given access to sensitive data, large language models could potentially be used to mine that data for personally identifiable information (PII), either to develop hyper-targeted attacks or defeat security questions based on personal information
Bypassing AI-Based Fraud Detection: If fraudsters can gain an understanding of how an AI-based fraud detection system works, they might be able to use large language models to generate transaction patterns that avoid detection.
Deepfakes: More advanced AI systems could potentially be used to create realistic video or audio ‘deepfakes’. While not a direct risk to the payment process itself, this could facilitate fraud or identity theft that could indirectly impact the payments industry.
Automated Hacking Attempts: Large language models, given their ability to understand and generate human-like text, could potentially be used to automate certain types of hacking attempts that rely on exploiting human vulnerabilities, such as password guessing or social engineering attacks.
A whole new generation of ‘script kids’: Generative AI is just very powerful at helping anyone learn to code and some models may be released or leaked without adequate (or any) safeguards around generating malicious applications
Software has long been supposed to be eating the world. Stripe was kind enough to invite me to their annual stipe ‘sessions’ event, in person for the first time since 2023. And you might of thought of Stripe as a payments company. But the reality is they really position themselves as a software-first and they definitely have a plan to eat there way into every segment of the economy if they can. Here are my (lightly editorialized) live notes of everything Stripe focused on today.
Payments, checkout and advanced features (including some that start to dis-intermediate card networks)
Stripe for building platforms and marketplaces in every vertical (go forth developers and acquire/service/support all the small businesses for us!)
Billing and finance automation (Stripe for bigger business and backoffice integration)
Bonus: How Stripe is using generative AI
Stripe, as always, is selling based on eliminating engineering implementation and management costs, solving common painpoints, auth and fraud rates. But certainly not on price. Pricing has not been mentioned. This has always been their value prop, you may pay a little more in variable but you save in fixed costs (and time to market) of attempting to roll anything as sophisticated yourself.
Increasingly stripe is aiming up-market. Investing in enterprise feature sets for big volume customers. For the little guys, it’s all about enabling the aggregators. Specifically vertical platforms that can go out and acquire/service all the SMBs by industry with highly integrated and niche-specific software stacks, w/o Stripe having to do that themselves.
Payments are what Stripe calls the ‘through line’ of everything they do. Stripe is touting the simplification and elimination of engineering costs of maintaining a sophisticated payments page and checkout flow. Stripe optimises complex things like adding new global payment methods, global address autocomplete and verification etc. You pay for this in variable vs fixed costs of building in house.
Now for the new news. Stripe’s ‘link’ for cross-site one click checkout to a bank account. Now, take it from someone who ran Visa’s one click program… one click great, but again would be better if this was an open standard rather than locked-in to Stripe ecosystem. How they solve cross-site cross-site 3rd party cookies, and cross-app privacy sandboxing is unclear.
‘Link’ also enables not just card, but also pay by bank. So there’s a whole end-run around card networks. And a vehicle for Stripe to lean on future RTP rails in the future potentially. Big announcement is that Uber has now adopted Stripe link.
Uber: We say paying with link to enable pay with bank accounts as something we want to use around the world.
Other payment reveals:
Stripe is saying that companies that shift to stripe payment elements (customizable checkout page widgets) grow topline by 10% as well as cut engineering maintenance cost. Where is that 10% coming from? They don’t break it down. Hard to guess what other conveniently confounding variables might be at work there too.
Next up stripe s700. It’s a slightly-chonky white phone/pos hybrid device. Probably runs a custom android? Apparently it can do table side ordering, but they didn’t emphasize that use case. Otherwise, the device looks… fine?
Enhanced issuer Network. Here again. Stripe is going over the top of the network sharing risk scores directly with issuers, claiming 8% fraud 1-2% auth rates. This is potentially a huge trend, again potentially disintermediating the card networks. But with the same drawbacks, will it scale for issuers to manage custom/proprietary data pipes to every major card processor?
Tap to phone! Stripe is also demoing contactless-on-glass. Finally, no more dongle required if you are okay to just accept tap-to-pay. Works on an iPhone. pretty cool and long time coming to the payments world.
Stripe aggregating the aggregators- Stripe Connect / BaaS
Stripe connect is supposed to be a generalized way to embed money movement and integrated payments. Vertical software platforms are now powering almost all corners of the economy. Platforms that use connect get to market faster, make more money and improve retention. Apparently. Now, I’ve struggled with stripe connect in the past, especially dealing with exceptions, keeping track of failed billing events and state management for customers. Announcing updates to connect to allow more customization, basically and Stripe Elements for connect?
Also new: stripe is allowing vertical platforms to also include plugins. Like a xero plugin for payments platform for contractors.
The meta story here is that Stripe is leaning in to the verticalization of software platforms.
Then adding in additional financial services primitives like instant payouts, card issuance, treasury and lending.
On your platform, you can further enable your sellers with tap to pay on iphone and android for super small sellers. E.g. as an electritian using a hypothetical platform for contractors.
Stripe issuing has issued 100M+ cards so far with Issuing. Thats a good number.
Stripe doesn’t want the CAC and support overhead of actually doing business with every seller our there. They’d much rather equip vertical SaaS developers to go out and distribute all this stripe stuff. Building the killer into every industry niche you can think of. Examples where studio management tools for yoga teachers, a marketplace for home contractors, a creator marketplace for 3d printable minifigs and so forth.
Lastly: Stripe Billing – Revenue and Finance Automation
Problem- a lot of stress on backoffice for global billing. As someone who’s run big SaaS businesses myself, I will freely concede how bizarrely hard it is to just reliably charge your customers every month.
Connect they tout handles now recurring billing, 1-off invoicing, global tax, accrual accounting, payments reconciliation.
These are all legit pain points. I have historically used whole third party solutions like Chargebee to manage recurring billing above Stripe. Apparently managing lots of pricing plans over time (another definite painpoint in SaaS when you are constantly iterating in pricing and special relationship deals) is now more flexible w/ Stripe.
Bonus: How and where Stripe is using generative AI so far
Now they have LLM ai that auto generates SQL queries, even if you don’t know code. The LLM is trained on the SQL tables in your payments data. Scenario: CEO pings CFO hey show me biggest customers who still have unpaid invoices from last month, no rush, just let me know in the next 15min.” The CFO asks the AI which then in the live demo, figured out the intent of the question, the right sql query, ran the query and gave an answer. So this one demo got a biggest round of applause of the keynote
Second case, Stripe is already using LLM to power developer documentation too. They’ve refined a GPT model against all their docs that can answer developer questions. Another good usecase we’ll see more companies using soon.