Block knows you have questions and doesn’t have good answers


Block, recently targeted by short sellers at Hindenburg Research, presumably still is explore legal options. However, it has released a statement on frequently asked questions from investors it is eager to answer. Unfortunately, none of the questions it wants to answer are “How did you not notice you were spending an ATM card on an obviously fake Donald Trump?”

There’s a lot in it the Hindenburg reportt, essentially accusing Block of falling for the work of fraud prevention. To demonstrate the point, Hindenburg changed the names of his accounts to “Donald Trump” and “Jack Dorsey,” and they could still send and receive money. They even got a debit card under the name of Donald Trump!

Now, personally my question was, How could this happen? Block didn’t feel like answering that question though! Here’s what it replied instead:

  • Why would a Cash App customer have multiple accounts?
  • How many accounts have gone through your identity verification program?
  • How much of Cash App’s revenue comes from these identity-verified accounts?
  • How does your identity verification system work?
  • Is your approach to compliance different from others?
  • How much fraud and unauthorized activity do you have in your system?
  • How is the Cash App’s peer-to-peer risk loss reflected in your financials and how has it evolved over time?
  • How much have you invested in your compliance program?

For example, we discover that some customers have multiple accounts because they want multiple accounts, that customers can transact up to $1000 over a 30-day period without identity verification, and that Block “believes[s] that our approach to compliance is consistent with that of other financial services platforms.”

However, there are a few things I want to focus on, and one of them has to do with that 30-day transaction limit. Seems like it would be trivial for scammers to create an account, hit their 30 day max and move on to a new account? This does not disprove any of Hindenburg’s claims.

But what’s even weirder is this:

Over time, as customers use our platform more or want to use additional products such as the Cash App card, send money from their balance stored in the Cash App or transact with higher amounts, they are required to fill in our IDV [identity verification] process.

The existence of Hindenburg’s Donald J. Trump cash card suggests that either this is not true, the answer is somehow vague (i.e. you need multiple products to trip the verification thread), or that something is seriously wrong with the identity verification process. Block doesn’t argue with this, and it seems like a weird omission!

The answer to the fraud question is one way or another even stranger. Yes, fraud occurs wherever money exists – that’s part of why you know your customer and anti-money laundering laws exist in the first place. But when estimating fraud, Block uses its ‘denylist’, which prevents transactions. Hindenburg’s claim is essentially that Block’s deny list should be bigger. Block responds by saying that the denial list is 2 percent of all transacting accounts. This does not disprove anything Hindenburg has asserted. Nor does it address the allegations in the Hindenburg report.

And when it comes to peer-to-peer fraud, a key allegation in the Hindenburg report, we get a similar evasion:

This figure has remained at or below 0.20% of both applicable peer-to-peer payment volume and total inflow over the past five years. While we saw an increase in 2020, we have made improvements since then, and in 2022, the recognized risk loss of the Cash App in sales and marketing was 0.14% of applicable peer-to-peer payment volume and 0.12% of total inflow.

Okay, but how do we know that Block counts correctly? Again, the Hindenburg suggestion is that Block falls on the track – so relying on your own internal numbers to disprove that…don’t disprove it!

There’s something else that raised my eyebrows:

The 44 million verified accounts represented approximately 39 million unique social security numbers as of December 2022 (we use the social security number as a logical, unique identifier to estimate the number of identities in this analysis).

So some social security numbers have multiple verified accounts. Certainly! And they did reveal in their 10-K that one customer can have multiple accounts. Fine! But here is my question, which is not directly answered and related precisely to the Donald J. Trump card: Does the name on the account have to match the name associated with the social security number? I ask because, you know, there are a lot of social security numbers for sale on the dark web. The statement doesn’t say it.

Something else struck me:

The company’s compliance investments have grown more than twice as fast as total gross profit, and compliance investments have also increased significantly as a percentage of our total operating expenses.

The question here is, “How much have you invested in your compliance program?” And Block does not answer. There’s a number for this somewhere in a budget, and yet we don’t see it! Instead, we are told that compliance investments have grown “twice as fast as total gross profit”. It’s very easy to double the size of something small, and I have no idea what time frame that growth took place.

The thing about this non-answer is that Block asked the question himself in his own press release. It’s not like I showed up wearing my fedora with a press pass in the brim and CEO Jack Dorsey asking a stubborn question he wasn’t prepared for. This question could easily have been omitted rather than evaded. That is shocking to me!

Anyway, based on this, I’ll be surprised if Block files that lawsuit it threatened. Block has promised more discussion on this on his upcoming earnings call, and I really hope analysts rake them over the coals because this statement is a citizen of nothing. Talking past Hindenburg is not the same as refuting their claims – did Block really think no one would notice? Perhaps Dorsey is a dunce in more than just title.