Leonid Bershidsky – Bloomberg
As a client of the German smartphone bank N26, I wasn’t surprised to read Thursday morning that it’s valued at $3.5 billion despite not yet being profitable. There is, however, a risk built into its business model — one that’s hard to separate from its appeal to customers like me.
Berlin-based N26 has no bricks-and-mortar presence, but enjoys important advantages over most traditional banks. Most ATMs charge no commission on N26’s debit cards. One can also instantly change withdrawal and spending limits through a smartphone app, or disable the card’s online and foreign use and then immediately allow it again. The N26 app also functions as a basic home-finance one, sorting expenses into categories. No wonder the bank has attracted 3.5 million customers and $470 million in venture funding from the likes of the Silicon Valley entrepreneur Peter Thiel and the Hong Kong business tycoon Li Ka-shing.
But I didn’t become a client just because N26 makes it easy to manage my account from a phone. I’m a Russian living in Berlin, and German banks can be slow to take on foreigners and many other new clients. They demand unnecessary paperwork, and one bank told me to come back in two weeks if I wanted an account. N26, by contrast, is welcoming. In Germany, it verifies new clients’ identities by way of a video chat. That beats traditional know-your-client procedures both for clients and for bankers. It’s quick, convenient and cheap. That’s how N26, founded in 2013 as a mobile interface and issued a banking license in 2016, has been able to expand so quickly.
The problem, of course, is that its bankers don’t really get to meet new clients. That creates a lively market in so-called bankdrops — bank accounts attached to stolen or fake identities. These are useful to people setting up fake online stores and to those selling illegal stuff. It’s not hard to find bankdrops for sale online for anything between 500 and 1,200 euros ($560-$1,350). In Germany, identities for bankdrops are sometimes stolen through websites offering cheap loans or other goodies that require identification.
N26 is often mentioned in connection with this type of fraud by the German police. In June, some traditional banks in the Volksbank network even temporarily stopped transfers to accounts at a number of smartphone banks, including N26 and its competitors Fidor, Revolut, bunq and Solarisbank, because of fraud complaints.
In May, Bafin, Germany’s financial supervisory authority, told N26 to improve customer due diligence and, among other things, to re-identify a number of existing customers.
The bank itself has insisted that its identification and verification procedures are sound and that they don’t cut any corners. And in fact, video verification can be as reliable as the in-person kind. It’s usually done by specialized companies that know the fraudsters’ tricks (for example, they’ll ask a client to bend a driver’s license to check that it’s really made of plastic, and they’ll want to see it at a certain angle to make sure the watermarks are there). These experts, who avail themselves of artificial intelligence to compare a document photo with a selfie, are probably better at verifying identities than bankers peering at dated ID pictures.
And yet as digital verification technology improves, so do techniques meant to cheat it. Besides, cops and regulators are often pretty conservative people who trust traditional methods more than newfangled technology. Intuitively, it makes sense that meeting a person provides more information about them than any kind of remote, digital interaction.
That creates a built-in risk for new lenders such as N26: What if regulators, worried about the flourishing fraudulent account market, ban remote identification? Such fears, after all, have already caused a number of countries to switch from vote-counting by machines back to hand-counting processes.
N26 uses a company called Safened to handle customer verification. Until recently, that firm operated under a U.K. payment-provider’s license, and since the U.K. is still a European Union member, the German authorities had to accept its identification of customers as sufficient. Safened obtained a Dutch license earlier this year in case the U.K. manages to leave the EU, but a regulatory hiccup easily could have sent N26 (and its competitors) scrambling for a new solution.
Banks such as N26 are the future. They aren’t saddled with enormous legacy operations, they use the latest technology, they’re agile and they’re potentially more profitable than traditional retail banks. But their business models rely on the assumption that regulators won’t be tempted to lash out at some of their innovative methods.
There’s a way to remove that risk when it comes to remote identification. ID requirements need to be written into international money-laundering standards. Then innovative banks will get a better idea of the maximum costs they face to be compliant, and traditional banks will be able to cut costs without fear of violating standards. In the end, though, the task of issuing citizens reliable digital ID that can be used for access to services — as in Estonia — falls to governments, not private institutions.