Navigating the Minefield: Key Credit and Fraud Challenges Tech Companies Miss

Tech companies have transformed the financial landscape by providing faster, more accessible solutions for consumers and businesses. If you're a tech firm pivoting into lending or a fintech entering the space, you face a complex and rapidly evolving environment. Successfully navigating this transition requires a strong understanding of risk management—not just for regulatory compliance, but as a crucial factor for survival.

With over a decade of experience in the credit and fraud sectors, I help teams identify and mitigate risks through practical solutions that streamline processes, cut costs, and drive revenue growth. While tech advancements offer growth opportunities, they also present significant challenges. This article explores the critical challenges new lenders often overlook, emphasizing the need to balance innovation with caution. It raises essential questions that leadership teams must tackle to ensure lasting success in the ever-evolving and complex lending landscape.

Weak KYC and KYB Defenses: The Gaping Hole in Fintech Armor

KYC and KYB protocols are essential to prevent fraud and comply with regulations, yet many companies are falling short when it comes to executing these defenses properly. KYC and KYB go much deeper than a simple Drivers License, OFAC, or PEP list scan and surely it’s more than just an audit check mark to satisfy the board. With the fintech drive to make customer onboarding as quick and frictionless as possible, corners get cut while fraudsters feast on their weak spots.?

According to Middesk, some lenders are just simply naive to the depths fraudsters will go for a quick coin, let alone complex compliance requirements to protect themselves. Middesk highlights several common myths and misconceptions about KYC and KYB that contribute to delays in the onboarding process, subpar user experiences, and reduced customer conversion rates.

Here’s a wake-up call: fraud costs fintech companies about 5% of their annual revenue, according to the Association of Certified Fraud Examiners (ACFE). Even more alarming, a 2023 study by LexisNexis found that nearly half of fintech companies (46%) are only using one or two methods to verify new users during onboarding, compared to the multi-layered checks most traditional banks utilize (LexisNexis).

These implications are alarming. As identity theft cases surge, lenders have become prime targets. Any fintech lender that neglects robust KYC and KYB safeguards is essentially inviting bad actors to exploit their platforms.

Lack of Industry Knowledge: One Size Does Not Fit All

In the quest for rapid growth, many fintech companies are stretching themselves thin across various lending sectors—whether it’s personal loans, B2B alternative lending, or commercial real estate. While this diversification may appear strategic at first glance, on a deeper level it can reveal vulnerabilities and a lack of specific in-depth industry knowledge.?

Money out is easier than money in. A lack of product-market fit or an unprepared product pivot could very well be a fintech company’s kryptonite. If a strategic shift occurs, will your enterprise be able to handle this shift? How do you know?

For example, ask yourselves, has our strategy team thoroughly dissected the legal regulations surrounding this financial product? Are we fully aware of our collection and legal rights? What about the varying state usury laws—have we factored those in (check my article on predatory lending)? Do we have the necessary expertise with the Uniform Commercial Code? These are only a fraction of the critical questions you must be prepared to answer, because overlooking them could spell disaster.

Preparation is key; half the challenge lies in gearing up for battle before the war begins.

Be sure to think through law firms like SilvermanThompson who bring decades of experience in negotiating and drafting various agreements, involving loans, security agreements, intercreditor and subordination for legal frameworks.

Once you've navigated the legal landscape and are starting to consider lending, the next critical question is: Who will you lend to?

Unlike traditional banks that craft tailored credit models for each sector, many companies rely on generalized, one-size-fits-all credit risk models—or, worse yet, have no formal models in place. Additionally, they often fail to account for corporate affiliations in their assessments, leaving significant gaps in their credit analysis. This broad approach overlooks the unique risks associated with specific industries or the presence of bad actors.

According to CB Insights, a staggering 21% of fintech startups fail due to poor risk management. A notorious example is fintech lender OnDeck, which experienced a 70% default rate on its restaurant loans during the pandemic. While the pandemic undoubtedly played a role, the company’s failure to anticipate sector-specific risks was a crucial factor in its downfall (S&P Global).

Fintech companies such as Baselayer, Alloy, Taktile, and Provenir look to bring end-to-end identity risk solutions that help banks and fintech companies automate and manage their decisions for onboarding, ongoing fraud & AML monitoring, and credit underwriting.

Chasing Growth at the Expense of Risk Control

Here’s the reality of the fintech world: growth is often prioritized over everything else. Metrics like customer acquisition, loan origination, and portfolio size are the holy grail for venture capitalists, private equity, and stakeholders. Of course, while I acknowledge growth is important, investing in growth alone without proper investment in risk management is dangerous.

Fintech lenders tend to ramp up loan volumes without investing enough in risk defense. As a result, they end up with a ticking time bomb of defaults. A 2022 Deloitte report found that fintech lenders had 35% higher loan default rates than traditional banks (Deloitte). The culprit? An overwhelming focus on loan origination at the expense of sound underwriting and risk controls.

One of the biggest mistakes companies make is focusing on scaling before establishing a solid foundation for risk.?

A focus on scale without proper systems rely on manual processes, which may quickly become a bottleneck. With more volume comes more chances for errors and human capital fatigue.?

Consider the downfall of Greensill Capital. Once a fintech darling, they issued over $10 billion in risky loans before their spectacular collapse (NY Times). The reason? They expanded too rapidly, failing to strengthen their risk management and internal controls—a cautionary tale for anyone prioritizing growth over stability.

Third-party integration companies like Codat, Heron and Celeste aim to address operational inefficiencies in risk. These tech firms focus on streamlining the interpretation of financial data from business customers and their software.Their solutions excel in reducing manual data entry, improving document processing, and optimizing collections and legal operations.

Over-Reliance on Alternative Data: The Double-Edged Sword

One of the big selling points of fintech lenders is their use of alternative data—things like “Enterprise Resource Planning” (ERP) software, social media behavior, utility payments, and phone usage—to assess creditworthiness. In theory, this should allow lenders to reach underserved markets, but here’s the catch: many fintech companies aren’t validating this data properly.

Without careful verification, alternative data can lead to bad credit decisions. A 2023 McKinsey report highlighted this issue, revealing that 25% of fintech firms relying on alternative data saw higher-than-expected default rates within their first year (McKinsey).

You might be thinking, “but we have invested millions in building this ERP to increase customer retention and give us a deeper view into customer payments, shouldn't this increase the likelihood of getting repaid?”

At first glance, it might seem logical that customers who are deeply engaged with their ERP system—managing everything from accounting to supply chain to customer relationships—would be better equipped to meet their financial obligations, especially loan repayments. After all, more organized businesses should be more reliable borrowers, right?

Well, not necessarily…

In the case of Kabbage, a U.S. fintech lender that heavily relied on ERP and real-time business data for small business financing. Kabbage used information like cash flow from platforms such as QuickBooks and Xero to make rapid lending decisions. However, during the economic downturn in 2020, this reliance on ERP data without proper reconciliation proved insufficient. Many small businesses appeared financially healthy based on their ERP data but were actually on the verge of collapse due to deeper structural issues like financial data padding, long-term debt obligations, or weakening customer demand—factors that ERP data did not capture.

This failure ultimately contributed to Kabbage’s parent company, American Express, writing off over $900 million in cash advances. The case is a prime example how over-reliance on alternative data without deeper financial metrics can lead to significant misjudgments in underwriting.

Provenir, for example, simplifies access to alternative data in real-time to make accurate, more inclusive credit decisions, support improved customer experiences, and prevent sole reliance on ERP software.

Inadequate Fraud Detection Systems: Not Built to Handle Sophisticated Threats

While traditional banks often have layers of fraud detection systems in place, many fintech companies look to a north star of full automation and streamlined systems. This is great for speed and customer experience—but detrimental for detecting sophisticated fraud schemes.

Sardine mentions that rule-based systems play a crucial role in fraud defense and ever-evolving fraud schemes. These systems are excellent at identifying and tracking patterns that evolve. When new forms of fraudulent behavior emerge, rules can be updated to reflect these changes, ensuring the system remains effective.

Here’s an eye-opener: according to Juniper Research, online lending fraud could hit $3.6 billion by the end of 2024, with fintech lenders being a prime target (Juniper Research). Many fintech firms are ill-equipped to spot fraudulent patterns in real time, oftentimes without having the correct fraud systems in place or often acting on the fraud only after the damage has been done. This reactive approach is proving costly.

A 2023 PwC report found that 42% of fintech companies experience significant fraud losses within their first three years, some losing more than $10 million (PwC).

Consider fraud orchestration tools like Sardine, Oscilar, or Dodgeball to detect, intercept, and stop fraudsters before they can make a move.

Continuous Credit and Fraud Monitoring: The Essential Protection Lifeline

Let’s face it, managing risk in lending isn't just about putting safeguards in place at the start of a financing process. Ongoing credit and fraud monitoring is where the real battle is fought. It’s like having security cameras—not just at your front door but throughout your house. Fintech companies that skip this step are leaving their businesses exposed to unseen threats.

Businesses with active credit and fraud monitoring systems reduce fraud losses by nearly 42%, according to a 2023 report by PwC (PwC). It’s clear that continuous monitoring isn't just a safeguard—it's a competitive advantage.

Continuous monitoring can help lenders catch early warning signs—whether it’s a change in a borrower’s financial health or suspicious activity signaling potential fraud. It’s not just about detecting something after it happens; it’s about proactive risk management. Monitoring isn’t meant to slow things down, it’s there to keep the good borrowers in and the bad actors out, without disrupting the user experience.

Unit 21 allows you to analyze behavioral patterns, understand transaction anomalies, and use machine learning to detect oddities that might go unnoticed by manual processes.

The Bottom Line: Balancing Innovation with Caution

There’s no question that tech is reshaping the lending industry, but as companies push boundaries, exposure to these threats discussed amplifies. Obsolete KYC and KYB processes, lack of specialized industry knowledge, over-reliance on alternative data, and a singular focus on growth are all areas where many companies may fall short.

I’ve seen disastrous risk decisions from the top down firsthand, nobody is immune.

Companies must fundamentally rethink their approach to risk. One size truly does not fit all. Copying standard operating procedures from other lenders is not an edge, and it is not enough to say you have third-party integrations to simply check off a box. This is only the tip of the iceberg.?

In addition, here are some key questions every founding & C-suite team should ask:

• Are we truly prepared to lend—both on and off the balance sheet?
• Do we have the right people and systems in place?
• What is our risk appetite, and what's driving it?
• What does a robust lending and risk infrastructure look like on our roadmap? What are the key pain points and blockers?
• How do we define and execute true credit analysis?
• Can we prioritize migrating legacy users, rather than courting net-new users?
• What is our benchmark customer acquisition cost (CAC) from top of funnel to potential litigation?
• How can we balance CAC and customer experience with strong risk defenses?
• How are we tracking key metrics? Are our OKRs and KPIs sound, and how are we quantifying?
• Are our product and engineering teams equipped to build internal risk systems?
• What does successful scale mean to us, and how do we know when we're ready?
• Are we conducting vintage analysis? How should a proper A/B test be structured?
• Do we have a defined Credit Committee process and clear concentration limits?
• Are exception controls in place for decision-making?
• What does our post-mortem process look like when things go wrong?
• Are our risk teams regularly running both internal and external system audits?

Just to name a few….

While innovation and growth are essential, they cannot come at the expense of sound safeguards; otherwise, companies risk building their empires on unstable ground. The key lies in striking a balance between bold innovation and prudent caution. Anyone can give money away, but the true challenge is can you get it back? ?Tech companies looking to lend, that fail to adapt to this duality may ultimately find themselves ensnared by the very success they sought to achieve.?

Thanks for reading! If you have any feedback or questions, drop me a note here on Linkedin, would love to chat.