Block knows you have questions and doesn’t have good answers

Block, which was recently targeted by short sellers at Hindenburg Research, is believed to be still evaluating its legal options. However, it has published a statement on frequently asked questions by investors, which it would like to answer. Unfortunately, none of the questions it wants to answer are, “How did you not realize you are issuing a cash card to an obviously fake Donald Trump?”

There’s a lot in the Hindenburg report that essentially blames Block for failing at fraud prevention. To demonstrate this, Hindenburg changed the names of his accounts to “Donald Trump” and “Jack Dorsey,” and they could still send and receive money. They even got a debit card under the Donald Trump name!

My question was now personal, How could that happen? However, Block didn’t feel like answering that question! Here’s what it replied instead:

• Why should a Cash App customer have multiple accounts?
• How many accounts have passed your identity verification program?
• How much of Cash App’s business comes from these identity-verified accounts?
• How does your identity verification system work?
• Is your approach to compliance different from others?
• How many scam and illegal activities do you have in your system?
• How is Cash App’s peer-to-peer risk loss reflected in your finances and how has it evolved over time?
• How much have you invested in your compliance program?

So we’re finding that some customers have multiple accounts because they want multiple accounts, that customers can transact up to $1000 in 30 days without verifying their identity, and that Block “believes[s] that our approach to compliance is consistent with other financial services platforms.”

However, there are a few things I want to focus on, and one of them has to do with this 30-day transaction limit. It seems like it would be trivial for scammers to create an account, hit their 30 day max and switch to a new account? This doesn’t actually refute a Hindenburg claim.

But what’s even weirder is this:

Over time, as customers become more engaged with our platform or want to use additional products such as the Cash App Card, send money from their stored Cash App balance or transact with higher dollar amounts, they will need to complete our IDV [identity verification] Procedure.

The existence of Hindenburg’s Donald J. Trump money card suggests that this is either not true, the answer is kind of hazy (i.e. you need multiple products to trigger the verification wire), or that something is fundamentally wrong with the identity verification process. Block doesn’t speak to this, and it seems like an odd omission!

The answer to the scam question is kinda even stranger. Yes, fraud is common anywhere there is money – it’s one of the reasons you know your customers and money laundering laws exist in the first place. However, when estimating fraud, Block uses its “Denylist” which prevents transactions. Hindenburg’s claim is essentially that Block’s deniers should be bigger. Block responds by saying that his denylist accounts for 2 percent of all transactional accounts. That doesn’t disprove anything Hindenburg claimed. Nor does it speak to the claims in the Hindenburg Report.

And when it comes to peer-to-peer fraud, a key allegation in the Hindenburg report, we get a similar trick:

This number has remained at or below 0.20% of both applicable peer-to-peer payment volume and total inflows over the past five years. While we saw an increase in 2020, we’ve driven improvements since then, and in 2022 Cash App’s risk loss recorded in sales and marketing was 0.14% of applicable peer-to-peer payment volume and 0.12% of total inflows.

Okay, but how do we know block counts correctly? Again, the Hindenburg suggestion is that Block fails at work – so relying on its own internal numbers to refute that… doesn’t refute it!

There’s something else that raised my eyebrows:

The 44 million verified accounts represented approximately 39 million unique social security numbers as of December 2022 (we use the social security number as a logical, unique identifier to estimate the number of identities in this analysis).

So, some social security numbers have multiple verified accounts. Secure! And you did indicate in their 10-K that a customer can have multiple accounts. Fine! But here is my question which is not directly answered and related Exactly to the Donald J. Trump card: Does the name on the account have to match the name associated with the social security number? I ask because there are many social security numbers for sale on the dark web. The statement doesn’t say it.

One more thing I noticed:

The company’s compliance investments have grown more than twice as fast as total gross profit, and compliance investments have also increased significantly as a percentage of our total operating expenses.

The question here is, “How much have you invested in your compliance program?” And Block does not answer. Somewhere in a budget there is a number for it, and yet we don’t see it! Instead, we’re told that compliance investments “have grown at twice the rate of total gross profit.” It’s very easy to double the size of something small and I have no idea what time frame this growth took place.

The thing about this non-answer is this Block posed the question himself in a press release of his own. It’s not like I showed up on the sidelines with my fedora and a press pass and asked CEO Jack Dorsey a hard-hitting question he wasn’t prepared for. This question could easily have been left out and not avoided. This is shocking to me!

Anyway, based on that, I’ll be surprised if Block files the lawsuit he threatened. Block has promised this will be discussed on his upcoming earnings call, and I really hope the analysts rake them over the coals because that statement is a nonburger. Bypassing Hindenburg isn’t the same as disproving her claims – did Block really think no one would notice? Perhaps Dorsey is a fool in more ways than just the title.