Initial Disclosure: After extensive research, we have taken a short position in shares of Block, Inc. (NYSE: SQ). This report represents our opinion, and we encourage every reader to do their own due diligence. Please see our full disclaimer at the bottom of the report.
Update 3/26: Language regarding the net loss of Afterpay and Block was updated to clarify the pro forma combined nature of the figures. [Pg. 125]
Block, Inc. (SQ), founded by entrepreneur Jack Dorsey, is a Silicon Valley darling, offering payment and mobile banking services for merchants and consumers.
The company, then named Square, began operations in 2009 and emerged with a disruptive idea: a tiny card reader that could plug into a smartphone’s headphone jack to easily enable artists and vendors to take credit card payments.
From there, the company developed tablet-style point-of-sale systems, a market that grew immensely, resulting in strong competition including from companies like Toast and Clover. Once the point-of-sale market adapted to Block’s disruption, the company looked elsewhere to keep its growth story alive.
In 2013, a month following PayPal’s acquisition of Venmo, Block launched Square Cash, later rebranded Cash App. It aimed to compete with Venmo by providing financial services to consumers, starting with a peer-to-peer mobile app where users could send and receive money.
In 2014, following the surge of the peer to peer lending market, Block began offering short-term loans to its merchant base, with Block receiving a percentage of every transaction until the loans were repaid. [Pg. 5] [1,2,3]
In 2018, following bitcoin’s spike in price and popularity, Cash App allowed users to move funds in their Cash App wallet into Bitcoin.
Prior to 2020, the merchant services side of Block’s business drove the company’s profitability. As of the end of 2019, merchant services accounted for $1.39 billion in gross profit, compared to the consumer-facing Cash App, which accounted for only $457.6 million of gross profit.
That changed during the pandemic, as many merchant businesses locked down and individuals activated millions of Cash App accounts to receive government stimulus and unemployment payments.
By the end of 2019, Cash App had 24 million monthly active users, according to the company’s Q4 letter to shareholders. [Pg. 2] By the end of 2020, Cash App reported 36 million monthly actives, which has since grown to 51 million. [Pg. 2]
The explosion of user growth resulted in higher gross profit. By the end of 2020, Cash App gross profit reached $1.2 billion, a 170% growth rate from the prior year, compared with merchant services gross profit of $1.5 billion, an 8% growth rate from the prior year.
During the company’s Q3 earnings call in November 2021, Jack Dorsey explained how Cash App is an ideal platform to introduce new services to customers because of its low customer acquisition costs, owing to its viral appeal:
“So, we have these incredible viral loop and network effects in peer-to-peer, and now we get to look forward towards being more of a commerce front end.”
In September 2022, Block CFO Amrita Ahuja cited the company’s purchase of buy-now-pay-later company Afterpay as an example of this strategy, saying it created “an incredible opportunity for us, particularly when you think about leveraging that capability across Cash App 80 million annual actives.”
Investors are now betting that Cash App’s growing millions of users will create a ready market for Block’s future high-margin financial products.
“Block expects Cash App Commerce to be one of Cash App’s primary gross profit growth drivers in the coming years and is investing accordingly,” Credit Suisse said after a Q3 2022 meeting with Block.
Analysts have highlighted the reliance on Cash App as the key driver of Block’s stock going forward.
“In our view, performance of the Cash App business remains the most important driver of the stock,” Bank of America said in an October 2022 report.
As of March 23rd, 2023, 23 sell-side analysts had a “Buy” rating on Block shares, 5 had a “Hold” rating, and only 2 had a “Sell” rating, according to MarketBeat.
The company’s promise has drawn in popular investors like Cathie Wood, whose ARK Funds hold a combined $651.5 million in Block stock, comprising just over 5% of the manager’s holdings, according to Cathie’s Ark, a site that tracks ARK’s holdings.
Block’s revenue declined ~1% in 2022 versus the prior year. [Pg. 69] On a GAAP basis, Block posted a net loss of $540.7 million for 2022. Analysts expect Block will lose $208 million in 2023, according to FactSet estimates. Block’s 2022 annual report warned:
“We have generated significant net losses in the past, and we intend to continue to invest in our business. Thus, we may not be able to maintain profitability.” [Pg. 25]
Cash App, which analysts have said is the most important driver of the stock, has demonstrated signs of stagnation with slowing inflows and account growth.
Despite its revenue slowdown, current unprofitability, its warning of future unprofitability, and signs of stagnation at Cash App, investors have awarded Block valuation multiples that price in an expectation of rapid growth. The company trades at an EV/EBITDA multiple of 60x and a 2023 forward P/E ratio of 40x on “adjusted” earnings, according to FactSet.
By comparison, Block competitor Paypal trades at an EV/EBITDA multiple of 16.6x, and 15.1x adjusted 2023 earnings, suggesting 62%-72% downside for Block were it to trade in line with its peer.
On a tangible book basis, many fintech competitors such as Affirm, Robinhood, SoFi and Upstart trade between 1.6x to 2.1x, whereas Block trades at ~13x tangible book. Even Paypal, which has grown revenue and generated a GAAP profit every year since re-emerging as a public company, trades at a 25% discount to Block on this basis. A re-rating closer to the peer average would represent 77.5% downside for Block.
To make up for these fundamental realities, Block has extensively relied on non-GAAP adjustments to report growth despite weakening metrics.
Block transformed its $540.7 million GAAP loss for 2022 into a $613 million non-GAAP profit, by adjusting out costs, including over $1 billion in 2022 share-based compensation, according to financial information from the company’s website.
Block’s reliance on non-GAAP adjustments to report profit has increased substantially over time.
We are entering a period where the endless hype and unrealistic valuations of past years are beginning to face the financial reality of higher interest rates.
We expect this macro headwind, combined with the other issues outlined below, will result in the contraction of Block’s exaggerated claims of profitability and generous valuation multiples.
Founder Jack Dorsey has described Block’s business as having a “purpose of economic empowerment.”
The company says it has chosen to serve the “unbanked” and “underbanked”, segments of the population that do not engage in traditional banking due to weak or non-existent credit scores, distrust of banks and high fees.
In 2017, Dorsey described how Block planned to continue servicing the underbanked through Cash App:
“So, from a high level, we want to make sure that we continue to build services for an underserved market. That has been what has really tied the company together for the past — close to 9 years now.”
The effects of that strategy are apparent. A September 2022 Pew Research Center survey shows that Cash App has targeted low-income and minority consumers.
Block says it provides uniquely easy access to sending and receiving funds, by removing friction from the system and “adding some magic”:
“Our focus is really observing what our customers are doing,” Dorsey said of the company’s approach in 2018, “and then taking as much friction out of that as possible while adding some magic at the same time.”
Cash App’s frictionless approach lets users join with just an email or a phone number.
With its principled mission and easy to use Cash App payment platform, Block has gained a reputation as an innovator and one of the most well-known publicly traded fintech companies.
By contrast, what we found is that the company’s payment system does not seem to offer a discernible edge over its key competitors like PayPal/Venmo, Zelle, or Apple. Rather, it seems to have simply embraced non-compliance as a tactic to grow its user base.
Our research shows that Block has embraced a traditionally very underbanked segment of the population: criminals.
Cash App’s embrace of non-compliance begins by making it easy for users to get on the platform, easy for them to get back on the platform if their accounts are closed, and easy to remain anonymous or operate under blatantly false identities.
As one former said about signing up for Cash App:
“It’s wide open. And if I was a criminal, I would have done it.”
Another former compliance employee of a Cash App partnership told us, “every criminal has a Square Cash App account.”
There is even a gang named after Cash App: In 2021, Baltimore authorities arrested members of the “Cash App” gang, who were charged with distribution of fentanyl and cocaine in a West Baltimore neighborhood, according to a Baltimore news report, and criminal records.
Beyond the gang named after Cash App, numerous department of Justice indictments detail how Cash App is used by gangs, including the notorious Sinaloa cartel, to distribute drugs like fentanyl and methamphetamine. [1,2,3]
In one example, a criminal complaint against an alleged meth distribution ring describes how Cash App is commonly used by gangs to transfer illicit drug proceeds:
In May 2020, Block CEO Jack Dorsey spoke at a JPMorgan investor conference about how Cash App was making its way into popular culture through thousands of mentions in hip hop music:
“We have a very mainstream customer for Cash App. And evidence of this is – I talked about this on the call, maybe on the stage before, but the number of hip-hop songs that include the phrase Cash App or even named Cash App is pretty incredible. I think it’s over 1,000 or 2,000 right now.”
At JPMorgan’s 2021 conference, Dorsey again told investors about the large number of songs named after Cash App and described how music had become a way to share with others how valuable the app is to them personally, providing them with “so much utility.”
A review of songs mentioning Cash App shows that the artists are not generally rapping about Cash App’s smooth user interface and robust software integration toolkit.
Instead, lyrics describe how easy it is to move money through Cash App to facilitate fraud, traffic drugs, or even pay for murder.
Block promoted the video for 22Gz’s song “Cash App” which described a turf war in which the artist pays hitmen through Cash App to murder his opposition, then stuffs their bodies in trash bags. The video opens with the artist showing his Cash App as he makes a ‘throat-slitting’ motion.
The song proceeds:
“I had a gun in my backpack.
Blicky, the blicky, run down, where that stash at?
I pay them hitters through Cash App.
Shooters like Mitchell, put holes in his snapback.
We stuffin’ bodies in trash bags.”
Block apparently embraced the PR, sponsoring a cash giveaway to promote the video, according to the producer of the video—481 people responded to the contest announcement on YouTube.
AKLO Studios, the producer of the video, confirmed to us that Cash App was the sponsor.
We reached out to Cash App studios to see if we could get a more complete list of songs it has sponsored and have not heard back as of this writing.
Cash App takes a leading role in supporting criminals involved in human trafficking, according to the Polaris Project, a leading non-profit organization that tracks and combats human trafficking and sex exploitation in the U.S.
“…when it comes to sex trafficking in the U.S., by far the most commonly referenced platform is Cash App.”
Cash App responded by saying it rejects all payments tied to sex trafficking and other crimes, according to the same article.
But a reading of numerous indictments by the Department of Justice, which detail Cash App’s use to facilitate sex, including with minors, seems to refute Block’s response. [1,2,3,4,5,6] As just one example, a December 2021 Department of Justice press release details how a North Carolina man paid underage victims through Cash App for sex acts:
Once again, the signs were hard to miss. Beyond the slew of indictments referencing Cash App, numerous songs describe Cash App as the preferred option to pay for illicit sex, including songs named after the app itself. [1, 2, 3, 4, 5, 6]
According to a former compliance employee, they repeatedly saw patterns indicating Cash App’s use in sex trafficking:
“You see a lot of Lyft or Uber rides late, always late at night like between 11:00 PM and 5:00 AM, multiple rides in one night, things like that.”
“You’ll see things like hotel purchases, and you’ll see (the device) travelling. So it’ll go like Cleveland, Ohio, and like a Motel 6 and then Columbus, Ohio, and Holiday Inn and then the next day they’re in Cincinnati, and then the next day they’re in Kentucky, and then they shoot over to Virginia, and you watch it travel.”
Block seemingly chose to ignore the signs, instead refusing to “unbank” users regardless of the circumstances.
The acceptance of illegal activity on Cash App, along with lax policies around user account creation, seems to be part of Block’s growth strategy.
Based on more than a dozen interviews with former employees involved in Cash App, pressure from management has resulted in a pattern of disregard for Anti-Money Laundering (AML) and Know Your Customer (KYC) laws.
The result has been a proliferation of fake accounts that facilitated scams, resulting in Block benefitting from increased transaction-based revenue along with inflated user metrics.
Multiple former customer service reps we interviewed described how Cash App’s user data has been inflated by single individuals that have numerous associated accounts, sometimes numbering in the hundreds. Often these were associated with blacklisted accounts banned for fraud or other policy violations.
The byproduct of Cash App’s approach to permitting duplicate and scam accounts is that it has reported inflated active user counts for years.
Cash App’s number of transacting active users – or account holders that make use of 1 or more Cash App service in a given time period – is a closely watched metric. [Pg. 7] It forms the foundation of Block’s claims to have a strong network effect and ability to cross sell new products and services to its user base. The company recently reported 80 million annual transacting actives, and 51 million monthly transacting actives. 
According to Block’s 2022 Q1 financial statements:
“Growth in monthly transacting actives on Cash App and customers’ level of engagement with our products and services on Cash App are essential to our success and long-term financial performance.” [Pg. 19]
We asked one former Cash App employee how common it was to see Cash App accounts have a dozen or more account connections, a scenario in which Cash App accounts would be overcounted:
We also asked if the former employee believed this indicated that Cash App was reporting inflated account numbers:
Cash App has used customer management software that helps visualizes how user accounts are linked by various pieces of data, according to former employees. 
Many look like the one below, a fairly standard relational diagram with the account under review at the far right represented by a triangle with a black dot inside.
That account is connected to dozens of others by a shared Social Security number, phone number, email address, bank account, or device.
Former customer service reps shared screenshots taken last year to demonstrate the vast number of connections between supposedly distinct accounts.
Per the legend in the CRM program, each ‘gray triangle’ represents a unique “Cash Customer”.
The connections in this example suggest that accounts can be linked to the same person, with the individual setting up and abandoning accounts or maintaining many accounts at the same time, or a combination of both, according to former employees.
One former customer service employee estimated that 60%-70% of the accounts they reviewed during a typical shift would have more than a dozen linked accounts. Another two former employees estimated 40% and 75%, respectively.
Those densely packed connections are a red flag for fraud, a former employee said:
“The people that you see that just have like 10 or so other accounts tied to them, it’s, you know, the assumption is that they must be doing something, you know, risky.”
Such accounts indicate that a person may have created multiple accounts based on stolen information, that they were moving money through a series of accounts to disguise its origin, or that they had been kicked off the system and returned multiple times for policy violations such as trying to defraud other users or the company.
Some accounts had hundreds of other account links. A third former employee summed it up:
“I mean honestly, we would all joke and we would just call it like ‘the web of lies.”
Cash App has different levels of access and features based on how much information a user provides—the starting point requires just an email address or phone number.
During Block’s Q2 2017 earnings call, Jack Dorsey explained how the company relies on automated technology to assure the safety of its platform:
“We’ve used machine learning and data science to manage risk since the beginning of Square. We’re constantly looking for ways to make our services more automated and more self-serve, and machine learning is perfect for that.”
Dorsey explained that due to its superior technology, “we’re able to onboard individuals to Square Cash with just a ZIP Code and an email address or phone number.”
The process allows virtually anyone to join the platform as well as to send and receive funds with others on the platform.
It was always a risky proposition, according to a former compliance employee, who said Block insisted that phone numbers were the modern-day equivalent of Social Security numbers.
“Banking isn’t all that different than it was 100 years ago,” the former employee told us. That’s why reasonable compliance requires collecting more information than a phone number or email: “I need to find you if you ripped me off.”
The company continues to allow people to set up its most basic account by providing only a phone number or email and a zip code.
Cash App stresses that a bank account is not required to join:
By basing accounts on email addresses or phone numbers, Block created a system in which users could join the platform multiple times, even after getting kicked off for fraud.
A former employee explained that getting kicked off Cash App was just a temporary problem:
“It wasn’t like, TSA’s No-Fly list. You know it was kind of like the account will get closed and then they’ll try it again and maybe get to use it for a little while longer, until, you know, maybe the next account gets closed.”
The screenshot below shows an account can be active even though it has previously been tied to problematic accounts.
One former employee explained that Cash App did not ban based on Social Security numbers and users could easily come up with new phone numbers or email addresses to get back on the platform. This system applied not only to basic Cash App accounts but to accounts with a Cash Card, Cash App’s prepaid card:
“Cash App will not deny you based on your Social Security number. So, they’ll deny you on your e-mail or your phone number, but if you get a new phone number or a new email, you can come back through to get the card because you’re not blocked by your Social Security number, so you can come right back in.”
None of this is news to scammers—the ability for users blacklisted for fraud to easily get back on the platform is so widely known that it is once again reflected in pop culture.
In 2020, an artist called Teejayx6 released a song titled “Cash App”, which focuses on various methods of scamming, including lyrics about how easy it is to get back on the platform after having an account blacklisted:
“They banned my Cash App because I sent a thousand transactions…I just bought another phone and made a Cash App”.
Another sign of illegitimate account creation can be seen in the number of Cash App users who are impersonating others on the platform.
A search for Cash App account holders with the name “Jack Dorsey” turns up numerous accounts, including a number with “cash tags” that could be used to mislead and scam other users.
These include “$CUSTOMERSERVICE2022” and “$dailysweepstakes”.
The name “Elon Musk” also appears on dozens of obvious fake or scam Cash App accounts.
We found 50 Cash App accounts under the name “Donald Trump” in late November, including ones with “cash tags” such as “$donaldtrump24” and “$TrumpApproveDonation”.
Donald Trump’s official campaign donations appeared to be processed through the “Winred” platform, which doesn’t allow “P2P” payment options, suggesting that any Cash App accounts collecting donations for Trump are fraudulent.
It was easy for wrongdoers to impersonate some of the most well-known and high-profile people in the world. This also seems to be the case for regular users, who have filled social media forums like Reddit and the Better Business Bureau (BBB) with complaints about identity theft, account hacks and fake user scams. [1,2,3,4]
Cash App’s Terms of Service state that users agree to provide accurate information when setting up their account, and to assure that any information added to the account is “true and accurate.”
The terms explicitly state that users “may not select a $Cashtag that misleads or deceives others as to your business or personal identity or creates an undue risk of chargebacks or mistaken payments.”
Cash App makes no mention of deceptive screen names, and it allows users to change these names and their photo in a few simple steps. Users can obfuscate their personal identity without notifying Cash App or having any changes made to the platform’s internal data.
To test this (1) we created two Cash App accounts (2) changed our outward facing personas to Elon Musk and Donald Trump and (3) successfully exchanged funds.
Taking it a step further, we ordered a Cash Card under this alias to see if Cash App’s compliance would take issue with the obvious irregularity. They promptly mailed us a Donald J. Trump Cash Card.
Cash App has been exceedingly slow to take any measures to remedy instances of fraud on its platform, even in high-profile situations.
Reverend Bartholomew Orr, the pastor at Brown Missionary Church in Southaven, Mississippi, lost hundreds of dollars to phony Cash App accounts, according to media reports.
In June 2022, Orr discovered that he wasn’t receiving money sent by parishioners. He learned that parishioners were directing their money to scam Cash App accounts set up to impersonate his account.
On the day Fox News interviewed Orr about the situation, the counterfeit accounts continued to be active on Cash App.
We spoke by phone with Pastor Orr who said that when he initially approached the company, he was told it would expedite an investigation, but nothing happened:
“I don’t think they actually did anything.”
“When I saw that it was still going on, I called them back, and addressed it, and they said they were going to expedite it again. This particular time, of course, I involved the news, as well as Congressman Steve Cohen’s [R-Tenn.] office.”
The scam accounts disappeared several days later, but neither Pastor Orr nor his parishioners received any of the money sent to those accounts and Orr doesn’t expect they ever will:
“They are saying that whenever someone sends money via Cash App, you know, if you sent it to the wrong person, you just sent it to the wrong person.”
Block’s disclosures have referenced the issue of “transacting active” account metrics deviating from the number of genuine users on its platform. But its vague disclosure suggests that “transacting actives” may be mildly overstated or even understated—basically insinuating that it is a ‘wash’:
“Certain of these accounts may share an alias identifier with one or more other transacting active accounts. This could represent, among other things, one customer with multiple accounts or multiple customers sharing one alias identifier (for example, families).” [Pg. 7]
We believe the explanation is a farce. Cash App could easily provide a more precise estimate of actual unique people that use the platform. After all, the company collects social security numbers, bank information, and other unique information for many of its users.
We think Block simply chooses not to report more accurate user information because reporting inflated user metrics helps inflate its stock.
Beyond reporting an inflated “transacting actives” metric, large numbers of duplicate and scam accounts can distort another key metric – customer acquisition costs – which Block management uses to showcase its efficiency versus traditional banks.
In March 2021, Block’s CFO Amrita Ahuja explained how Cash App acquires new users for less than $5 each:
“We saw as a customer acquisition cost across those areas of $5 in ‘20 – of less than $5 in 2020. And that’s against the backdrop of our network growing by 50% year-over-year to 36 million monthly actives. That less than $5 is much smaller than what a traditional financial institution would pay.”
Ahuja explained that Cash App achieves this low cost due to network effects, because “a customer can bring a new customer into Cash App at little to no cost for us” by inviting them to engage in a Cash App transaction.
In May 2022, Block’s Cash App Lead Brian Grassadonia explained that while user acquisitions costs had doubled to $10, the metric still represented an advantage for Cash App over traditional banks:
“We acquired each new transacting active in 2021 for $10 on average. This is a fraction of what other financial applications across our industry typically pay and a miniscule fraction of what traditional financial institutions have historically paid to acquire a new customer.” 
We strongly suspect Block’s reported cost of acquiring each new “transacting active” account is misleadingly low because single individuals may set up dozens or hundreds of accounts, including fake or scam accounts.
The CFPB has been investigating Block since August 2020, according to recent court records. Block only specifically disclosed the investigation to investors 1.5 years later, in its annual report release in February 2022.
Beyond slow-walking disclosure to investors about the existence of the investigation, the company has been “slow-walking” the investigation itself, according to the CFPB.
Contrary to those disclosures, court records show that the CFPB investigation is focused largely on Block’s handling of fraud. Specifically, whether the company:
In November 2022, Block Inc was ordered to comply with the CFPB’s demand for information, and produce responsive documentation by January 5th, 2023. The CFPB investigation remains active as of this writing.
Even when higher levels of identity verification were required – like when users applied for Cash App’s prepaid debit card – the onboarding process remained lax.
Prepaid cards, such as those issued for Cash App, were determined to fall under the same customer identification requirements as bank accounts. [Pg. 4] Yet, Cash App management resisted this requirement, according to multiple former employees:
“That was an argument along the way, and Square – you’re supposed to give your entire nine from the customer, collect that… However, Cash App only collects the last four.”
Another former employee confirmed:
“We didn’t have the full Socials.”
The former employee stories are corroborated by litigation records, including a 2021 consumer fraud case against Block. In July 2021 in that case, a Cash App Engineering Manager submitted a sworn affidavit detailing the step-by-step process for receiving Cash Cards, which included entering only the last 4 social security digits. A plaintiff’s affidavit in the case confirmed the same.
Rather than require all 9 digits of a user’s Social Security number, Cash App ran the incomplete information provided through a third-party identity check company called IDology to determine whether the information belonged to a unique individual, according to a former employee.
Why skip this basic legal requirement? A former employee told us:
“They didn’t want to verify the customers. They didn’t want to be nosey.”
Asking too many questions conflicted with Block’s “frictionless” banking, as described by Block’s CFO Amrita Ahuja during an investment banking conference in 2020:
“Our ambition here is to provide the values and the services that people get today from traditional financial institutions and to do that in a seamless, easy-to-onboard, frictionless, consumer-friendly way as possible.”
That laissez-faire approach was risky—some friction is desirable, such as ‘friction’ that interrupts fraud. According to a former employee:
“I felt that we were like super lenient with like, the requirements to join the platform, and then it was just like, ‘Oh, we wonder why we’re seeing fraud happening.’… that’s because it’s super easy to defraud this company and to join the platform.”
As of our own testing in June 2022, Block required only the last 4 digits of the social security number in order to sign up for the Cash Card.
As of our recent check in March 2023, however, the company looks to have made a recent change that now requires the full 9-digit Social Security Number in order to secure a Cash Card:
The new prompt recognizes that the full Social Security number is a legal requirement, seemingly an admission of past illegality. The change, which is a positive one, also seems to foreshadow more future compliance steps.
It also raises questions about what Cash App has done to vet all the individuals who were allowed to join the platform during all the years when the company’s process failed to comply with the law.
According to former employees, Cash App took 8 years to focus on trying to untangle the mess of interconnected users and determine an accurate user count, despite the importance of the metric for investors.
Former employees described how the issue is more difficult to solve now that it has gotten out of control. One former employee said that not every linkage suggests two accounts are operated by the same person and that connected accounts don’t always indicate fraud.
Sometimes distinct users get linked due to numerous people signing up for the service through a single device, such as a library computer or a phone that might change hands several times, inaccurately connecting the various owners.
One former employee said they personally set up a second Cash App account to track wedding expenses and said it was common for people to have more than one account to for different purposes such as businesses or personal reasons.
The high ratio of accounts per user means investors are not getting a precise view of users, another former employee with a Cash App partnership told us:
“When you turn around and have people that are setting them up fraudulently and pulling them off and setting them up and pulling them off, and setting them up, pulling off, you know, it just inflates their numbers.”
Cash App focused on creating a group – called the “Identity Team” – to try to deal with the issue of duplicate accounts, according to a former employee who left in the spring of 2022:
“There is a move towards trying to tie a single identity with multiple accounts and trying to I guess get a more accurate view of how many true users there are on Cash App.”
Given Cash App’s fraud problem, it would be helpful if Block management made it easy to track fraud expenses at the company. Instead, Cash App fraud losses are rolled into broader and questionably relevant expense categories, making it impossible for investors to isolate the cost.
Losses related to Cash Card transactions, along with losses on the merchant side of its business such as fraudulent chargebacks, are appropriately included in Block’s “transaction and loan loss” operating expenses. [Pg. 58]
Meanwhile, losses on peer-to-peer Cash App transactions disappear into the unlikely category of “Sales and Marketing” expenses.
Block explains that because its core peer-to-peer money transmission service is free, most expenses are connected to encouraging use of the platform:
“In addition, services, incentives, and other costs to customers that are not directly related to revenue generating transactions are recorded as sales and marketing expenses, as the Company considers these to be marketing costs to encourage the use of Cash App.” [Pg. 93]
“These expenses include, but are not limited to, Cash App peer-to-peer processing costs and related transaction losses, card issuance costs, customer referral bonuses, and promotional giveaways …” [Pg. 58] (emphasis added)
A former Cash App employee explained that Block views covering fraudulent transactions as a public relations exercise:
“You don’t want to see the company involved in this type of (fraud) issue because it’s not good press … there were like a few articles written at some point in 2020 or 2019 … They were like exactly reporting this and it’s not something that it’s nice to read.”
Not only have Cash App users suffered losses due to fraud on Cash App’s platform, so has Block, which, according to former employees, is waging a losing battle against fraud.
One former employee said their manager explained that Cash App couldn’t make money because of the costs associated with trying to contain fraud:
“I know that we were told … that [Cash App] pretty much just bleed cost based on all of the stuff that the risk team has to do to stop account take overs and all like the fraudulent Cash App scams and all of that kind of stuff that that goes on. We were told that it’s pretty much like running the heat, but with the window open.”
Another former customer service representative told us that around half of all the calls they took during a typical shift were from users they believed were trying to commit fraud, often by disputing charges on their Cash Card for goods or services they likely received:
“I’m working to weed out the 40 to 50% of fraudulent activity accounts that I’m working with daily.”
They added that not all of the fraud was organized professional criminal activity. Much was rampant low-level fraud against the platform:
“I’m not saying like all of them were hardcore gangsters, you know, but it was at the very least people buying things online and saying that they didn’t.”
Cash App frequently acquiesced, at one point automatically refunding any disputed card charge of less than $25, the same former employee told us. Representatives began to recognize users who regularly charged food deliveries to the card and then demanded their money back:
“I wish I ate as good as this girl does.’…This woman is legitimately eating lunch on us every freakin’ day.”
Another former employee told us:
“I felt like the debit card fraud, that that was kind of on a consistent path higher my entire time there.”
Such was the state of Cash App heading into 2020. Overrun with identity theft, open to business for fraudsters and criminals, often unwilling to respond to pleas for help from users, futile demands for restraint from compliance employees, and obscuring its fraud problems to investors.
It was at this time that Block took on the critical role of moving billions of taxpayer money during the pandemic.
COVID-19 posed an existential threat to Block’s business. Prior to the pandemic, over 65% of Block’s revenue came from merchant-heavy “transaction-based” fees. [Pg. 75] With small businesses shut down nationwide in an effort to ‘slow the spread’ of the virus, Block faced a collapse of its core revenue base.
In response, the company shifted its focus to Cash App’s potential use in pandemic relief. Federal COVID relief legislation known as the ‘CARES Act” was signed into law on March 27, 2020. The law provided payments that included expanded unemployment insurance benefits for those affected by the COVID-19 pandemic.
One day before the CARES Act was signed into law, Dorsey tweeted that Block was prepared to help distribute government money immediately, emphasizing its focus on customers without bank accounts.
Dorsey tweeted: “the technology exists to get money to most people today (even to those without bank accounts).…US government: let us help.”
Cash App soon began offering the service, prompting users to sign up around April 10, 2020. On that day, Dorsey tweeted how Cash App could be used to access government money instantly, stressing yet again that users didn’t need a bank account.
Around 11 million people activated the direct deposit feature on their existing Cash App accounts or set up new deposit-enabled accounts within weeks of Dorsey’s tweet, helping Block report strong metrics at a critical time. During Block’s May 7, 2020, earnings call, Dorsey described Cash App’s soaring user growth:
“In April, obviously, the government stimulus provided us an opportunity to help folks receive their money much, much faster. And our teams did work, as we mentioned, with our partner banks to expand the 3 million direct deposit accounts we had in February to 14 million.”
Funds flooded Cash App’s system, according to a former customer service representative: “It wasn’t a fire hose. It was just like a dam breaking open. I mean, it was just incredible.”
Dorsey’s offer to “help” speed those payments, came at a steep cost to users. Block charges a fee of 0.5% to 1.75% for speeding payments that otherwise take 1-3 business days. The translates into a roughly ~205% APR.
The user growth and associated revenue sent Block shares surging from a low of $32 in March 2020, several days before Dorsey’s offer, to $243.40 a year later, a gain of more than 660%.
Dorsey’s Tweets urging users without bank accounts to receive government money through Cash App served as a siren song for scammers.
Problems emerged just weeks after Cash App accounts began receiving their first government payments, which would eventually include stimulus payments, unemployment payments, rental assistance, and child tax credits.
A former employee explained that Cash App received pushback as states began to realize the magnitude of COVID relief fraud taking place:
“We would just come in one day, open all of our systems, and we would literally get an email that says, ‘We’re going to get a ton of pushback today. North Dakota has, you know, 20,000 accounts that are literally just being pulled back today. You know another state has 100,000 that are being pulled back today.’ So, I mean, we knew that it was going to be a horrible day based on what states, you know, found what fraud that day.”
Pandemic Unemployment Assistance (PUA) was particularly vulnerable to fraud as it was intended for self-employed and gig economy workers who verified their own eligibility for benefits, according to security firm ID.me which published a report on pandemic fraud called “Calculating the Road to Losing $400 Billion Dollars”. This contrasted with standard unemployment insurance, paid to individuals whose status was easily verifiable through their former employers.
States quickly began to realize that many PUA claims they were processing were filed using stolen identities and sought to claw back funds. A former employee told us:
“The first time we spoke to Arizona, they were at like a half a billion dollars [in fraudulent transactions].”
“Washington right away was like $200-and-something-million. These were right away, so we’re talking like June .”
The US Department of the Labor Office of the Inspector General (OIG) testified in March 2022 that a total of $163 billion in improper pandemic unemployment insurance payments were made across all states. [Pg. 6] Other estimates put the fraudulent payments as high as $400 billion.
While a full reckoning of the loses may never be known, states are beginning to come to grips with the damage. We filed public records requests with various states to learn about their efforts to identify unemployment payment fraud and recover funds from financial institutions.
A data sample obtained via a public records request with Ohio showed that Cash App’s partner bank Sutton Bank, received around $956 million of all the PUA funds distributed in that state, making Sutton the 5th largest processor overall.
The data indicated that “Square” – the parent company’s name at the start of the pandemic – was identified with Sutton Bank.
Sutton Bank received payments for 32,120 claimants that were later determined by the state to be “disallowed” over suspicions of ineligibility including for reasons of fraud.
By comparison, that’s nearly 8x the 3,884 disallowed claimants paid by Huntington Bank, the top processor of PUA payments for Ohio at $1.9 billion—double the amount Sutton Bank processed.
The Ohio data indicated that of the claims flagged as suspicious— and either paid or halted – 31,726 were from applicants using a Sutton Bank account that had been used by at least one other claimant.
In comparison, the Ohio data show just 3,390 transactions flagged as suspect – whether paid or not – that involved applicants using a Huntington Bank account used by another applicant.
As we show further below, Block ignored both internal and external warnings that multiple individuals using the same bank account number to receive government funds was a brazen red flag of fraud.
The Massachusetts’ Department of Unemployment Assistance responded to our public records request with correspondence showing that Sutton Bank was the second largest bank in terms of suspect payments.
At one point, People’s Bank, acting on behalf of the state, attempted to retrieve $50 million from Sutton, or roughly 10% of the total suspect funds it was seeking to retrieve.
Suspect payments sent through Cash App partner Sutton Bank were 82% higher than those of JP Morgan, and 108% higher than Wells Fargo, according to the Massachusetts data shown in the table above. These far larger suspect payments, routed through Sutton, were despite the fact that J.P. Morgan and Wells Fargo had 4x to 5x more deposit accounts than Cash App direct deposit-enabled accounts, according to figures listed on FDIC filings. [Pg. 51] [Pg. 51]
The only bank with more problematic transactions than Sutton Bank was Bank of America, which had slightly more than double the suspect transactions of Sutton Bank, but 8x the number of Cash App’s direct deposit-enabled accounts in 2020, according to FDIC filings. [Pg. 50]
In short, Massachusetts data makes clear that Cash App’s partner bank was disproportionately processing suspicious COVID-relief transactions.
We also received a response to a public records request with the Washington State Employment Security Department for “records related to confirmed or suspected identity/imposter fraud committed between March 8, 2020, and September 4, 2021”. We received a breakdown of fraudulent payments by bank routing number.
A Secret Service bulletin and research report by security firm Agari detailed how the state was subjected to an attack orchestrated by a single massive Nigerian scam ring called “Scattered Canary”, which ran transactions through Green Dot Bank and related Go Bank. Those banks topped the list of fraudulent payments.
Outside of that, Cash App’s partner bank had more suspected fraud losses than any other banks, including significantly larger banks like Wells Fargo and JP Morgan.
Sutton Bank accountholders received more than double the suspected fraudulent payments of accountholders at Wells Fargo and JP Morgan Chase combined, a total of $29,442,879, according to the data.
While pandemic-related fraud was an issue across the banking system, our investigation indicates that obvious lapses in Cash App’s compliance processes facilitated its disproportionate pandemic-related fraud.
Rather than responding to warnings regarding these lapses, Block management mostly ignored them in the interest of preserving its growth engine, despite the consequences to taxpayers, according to interviews with former employees.
The biggest pandemic compliance failure by Cash App was the company’s willingness to allow multiple individuals to receive payments into a single account, according to numerous former employees.
“There was a lot of pushback on name matching because according to NACHA and ACH rules, you don’t have to name match, but if you recognize there’s a problem and this account is getting unemployment payments from 7 different states in 72 different names, there’s a problem.”
Another former employee recalled alerting management, to no avail:
“Hey guys. There’s all these name mismatches. You have John Smith from Indiana going into an account named Fred Flintstone living in California, how does it make sense?”
The issue came up constantly as employees tried to figure out how to deal with accounts getting multiple unemployment payments from across the country, according to the former employee.
“Some people were taking multiple months to get their money and when checks were coming in they were (for) $8,500 and so people were going out there and they’re stealing, you know, hundreds of these and they’re going into one account.”
A former employee of the Cash App partnership described checking to see if competitors like Chime were allowing name mismatches while Block “refused” to implement a ban:
“I’m on their (competitors) websites every day, looking at their terms of service. What did they change? What did they do to stop the fraud? The one thing Chime did was they said, ‘Look, if you want to send an ACH, the name of the beneficiary has to match the name of the account holder or it doesn’t go through.’ Square refused to do that.”
Historical web captures of the Terms of Service for Chime show that the service made clear that the name on deposits must match the name of the accountholder.
Rather than address the problem, Cash App executives came up with bizarre scenarios for why such transactions might be legitimate. Possible explanations included Cash App accounts being used as joint accounts for numerous individuals across multiple different states, according to a former employee:
“How does it make sense? … The arguments were stupid. ‘Oh, they’re joint because these people can’t get an account.’ Well, that’s why we have the Cash App… The Cash App—it doesn’t matter. It’s for the un-bankable.”
The benefits of ignoring compliance were obvious, as one former compliance employee noted:
“The bulk of the fraud, which initially started in March of 2020, and oddly enough, it coincides with Square’s stock increasing 200% between March 2020 and October 2020, and it dropped off significantly after the pandemic payments stopped.”
Cash App also failed to use a compliance measure that would have required address verification before the card could accept ACH payments, according to former employees.
Typically, card issuers require that users be mailed a card and activate the card before use.
This simple precaution can thwart identity thieves as cards are frequently ordered using the address of the identity theft victim. The victim would then be the one who needed to activate the card, which would halt the scam. A former employee explained:
“So, if I open the account in your stolen identity and you’re getting a physical card, you’re getting the physical card because you’re the victim, but you have no idea what’s going on.”
But such fraud prevention measures once again create “friction”, slowing down Cash App users’ immediate access to funds. During the pandemic, when payments and users were exploding, this would have threatened to slow down growth.
A second former employee said they realized this compliance measure was not in place after complaints about unordered cards began to flood Cash App and Sutton Bank. When compliance investigated, it was clear the accounts were active and had already received suspect payments:
“The card was getting shipped to that person. The cards weren’t being activated. That’s when we realized Marqeta shut the feature off and (found) there was (already) fraud on the accounts.”
A third employee said the company also allowed cards to be sent to addresses not on file, a change that allowed scammers to redirect cards away from the addresses of identity theft victims:
“I believe there was a huge influx of customers just complaining about like, cards being stolen, and being delivered at the wrong address. So that’s when they were like, ‘well okay let’s just be a little bit more lenient and allow these customers to get them [Cash Cards] sent to different addresses’, and in my opinion, I do think that enabled for a lot more fraud…”
Once again, a key Cash App compliance gap was celebrated in a popular song about how easy it is to scam with Cash App. The song “Precise” by Money Man describes filling mailboxes in an Atlanta neighborhood with Cash App cards:
“I’m the reason why the block hot.”
“Ima put a Cash App card in every Pine Hills mailbox.”
“If I get locked up, I’m runnin’ my cell block”
Before a new Cash Card account was approved, information provided by the applicant was run through a verification process overseen by third party security firm, IDology, which searched for indications that phony or stolen identities were being used to set up accounts, a former employee explained.
The decision to open an account was based in part on an IDology score reflecting consistency in the data.
One scenario that would lower a score but not trigger an automatic rejection, in the former employee’s experience, was an old address on an application, despite the possibility that the applicant may have obtained it as part of a data breach at the time the address was current.
The process also let unrecognized phone numbers through, according to the former employee, opening the door to identity thieves verifying an account using their own phone while still creating the account with stolen information.
Multiple applicants residing at the same address was another scenario that did not cause an application to be rejected outright, according to a former employee:
“One issue that was never identified…is multiple accounts with the same address. So, excluding apartments or college dorms, there would be accounts with the same address. So, 123 Main Street, and there would be, for example, 125 accounts at that same address and the address was a single-family home”.
The former employee summed it up:
“There are really no controls with them. It’s like the wild, wild West.”
The “Wild West” approach was once again reflected in pop culture, making the signs hard to miss.
On September 11, 2020, rapper Nuke Bizzle released a song called “EDD”, in reference to California’s “Employment Development Department”, which distributed pandemic unemployment relief.
The song focused entirely on how easy it was to steal COVID relief funds from the government, with lyrics referencing the approach of using multiple names at the same address:
“If you got the name and number, I got the addy, we can put somethin’ together…Unemployment so sweet, we had 1.5 land this week”
The song was accompanied by a later music video that included scenes of Bizzle and his partner hunched over their computers and phones working on scams.
The lyrics focused on the ease of stealing from the government electronically:
“You mean to tell me I can just wait on an email and get certified for a 20 (thousand)?
Damn, this shit here better than dealin’ (Yea)
Turned me to a scammer, quickly (Yea)”
On September 23, 2020, less than 2 weeks after the release of Bizzle’s musical confession, he was arrested on charges of fraud. Upon his arrest, officers found 8 COVID relief debit cards in his possession, 7 of which were in the names of other people, according to media reports citing prosecutors.
In the indictment, the only electronic peer-to-peer payment processor mentioned was Cash App, which Bizzle had used to facilitate a portion of the alleged fraudulent payments.
Bizzle pleaded guilty and was sentenced to over 6 years in prison.
On July 6, 2020, the Secret Service and the U.S. Department of Labor OIG issued a bulletin warning about “an extensive criminal scheme” to use stolen identities to collect unemployment payments and detailing concerns about just the types of transactions that Cash App was routinely overlooking.
The Secret Service warned about account holder names and ACH remittance names not matching; payments made by states to account holders who resided out-of-state; and multiple payments for multiple individuals going into the same account – all red flags of fraud which Cash App appeared to have ignored.
By October 13, 2020, the Treasury Department’s Financial Crimes Enforcement Network (FINCEN) was also warning about red flags of unemployment insurance fraud.
Again, the warnings focused on multiple individuals receiving payments in the same accounts, recipients receiving payments whose names were not listed on an account, and payments by state agencies to individuals who appeared to reside outside of that state.
A letter obtained via a public records request with the Massachusetts’ Department of Unemployment Assistance described how People’s Bank was working to recover fraudulently obtained funds for the state.
The fraudsters likely made use of Cash App’s instant deposit feature to extract the stolen funds immediately, resulting in a revenue boost for Block while ensuring that the government could not claw back the fraudulent funds.
A former employee of the Cash App partnership described the company’s failed attempts to retrieve funds lost to suspected fraud:
“We would send out an in-app message that basically just says, ‘Your account is now in the negative. Please make a deposit.’ And then, we leave it at that. The ones that are sophisticated, so the fraudsters that are sophisticated enough to have linked another fraudulent account, because that’s usually how it happens, they would have already cashed out and be long gone.”
Around January 2021, ~10 months after Cash App began accepting government payments for its users, Block implemented a software application intended to block government ACH transfers when those transactions appeared suspicious, according to former employees.
While it was an improvement on Block’s previous thin efforts to safeguard taxpayer money, the system continued to allow the worst red flag – Cash App accounts receiving payments for multiple individuals. One former employee told us:
“They still would allow multiple name mismatches in an account. They still said it was OK. They kept saying, ‘name match alone does not equal fraud’.”
Another former employee said Cash App eventually starting using its software to flag name mismatches but then decided to allow 1 name mismatch before blocking payments.
“They would allow that one payment to go through. And then the next one would be blocked.”
Scammers quickly figured this out, leading to the creation of even more Cash App accounts as they set up accounts for each transaction.
“Well, the fraudsters figured that out. They would just do one and done. They knew the next one would be declined so they would move on.”
Despite everything, management has had little to say about fraud when speaking to investors. Earnings call transcripts we reviewed turned up 0 mentions of “fraud” between 2019 – 2021, and only 2 mentions of fraud in 2022.
Those 2 mentions came from Jack Dorsey, who ironically praised the company’s track record of managing fraud on Block’s Q4 2021 earnings call held in March 2022 (emphasis added):
“So, we have limits in place to manage all these things, and a big goal for us is to make sure that we’re looking for opportunities to increase those and to, at the same time, maintain all of the risk controls and fraud and continue to do what we’ve done so well over the years.”
Block booked transaction-based revenue, regardless of whether the transactions were fraudulent, and reported blockbuster user growth, regardless of whether the users were genuine or engaging in illegal activity.
Revenue from subscriptions and services, largely composed of fees charged to Cash App users and merchants who accept the Cash Card, surged during the pandemic. They increased to $2.7 billion at the end of 2021, from $1 billion at the end of 2019, representing 170% growth.
A mass proliferation of fraudulent accounts, caused directly by Block’s own compliance gaps, likely helped propel Block’s surge in reported revenue, along with its high pandemic “monthly transacting active” user counts and lower “customer acquisition costs”.
Growth in these metrics were richly rewarded by investors. Between March 20, 2020, to August 5, 2021, Block’s stock rose more than 639% from $38.09 to $281.81, peaking at a market cap of over $120 billion.
Even as billions of fraudulent transactions were being processing through Cash App’s platform, Block insiders were hitting the exit to the tune of more than $1 billion in insider stock sales between March 2020, the beginning of the pandemic and December 31, 2021.
During the peak of the pandemic stock spike, Jack Dorsey made 25 sales near Block’s all-time highs.
In general, Block Insiders increased the size and volume of their sales at just the right time, as the stock rose heading into early 2021.
Today, Block trades about 74% lower than its highs, with a market cap of $44 billion.
Cash App has convinced investors that it is an innovator and a disruptor. Our review of its key products indicates that it has simply followed the footsteps of most other financial services companies with a focus on predatory pricing, avoiding consumer protection regulation, or simply offering mundane “me-too” services in a competitive field.
Block fails to disclose even the most basic economic elements of its Cash Card business, including Cash App’s reliance on “interchange fees”.
For years Block has limited its disclosure of interchange fees to just a single line of text in its annual reports, with no numbers included:
“Square earns interchange fees when individuals make purchases with Cash Card.” [Pg. 10]
In 2022, Block’s disclosure provided little additional color:
“We also earn interchange fees when a Cash App Card is used to make a purchase” and “interchange fees are treated as revenue when charged.” [Pg. 65]
Despite Block’s opacity on the subject, an October 2022 report by Credit Suisse estimated that “spend”, a segment it said was largely made up of Cash Card interchange fees, accounted for $892 million, or ~35% of 2021 Cash App revenue.
We suspect we know the reason behind Block’s opacity on the subject.
In 2010, Congress capped interchange fees under the Durbin Amendment to the Dodd-Frank Act to help ensure the fees were “reasonable and proportional to the cost incurred by the issuer.” The Durbin amendment provides an exemption for small banks, i.e., when the card issuing bank has less than $10 billion in assets. [Section 235.5]
Block hardly fits that definition of “small”, with $31 billion in assets, per its most recent annual filing. [Pg. 4]
Yet the company skirts the interchange fee cap, increasing the fees on a typical retail transaction by anywhere from an estimated 1.27x to 5x, imposing that inflated cost on many of the merchants and small businesses it claims to be helping. 
To qualify, Cash App selected Sutton Bank to issue its prepaid debit card. Sutton Bank is a small bank under the Durbin exemption definition and appears on the Federal Reserve’s list of “Institutions Exempt from the Debit Interchange Standards.” [Pg. 154]
While Sutton Bank is considered the issuer of Cash App’s pre-paid debit Cash Cards, thereby earning the exemption, the bank’s role is minimal, with Cash App providing marketing of the card, onboarding of users, and customer support. Sutton makes this clear on its website, which thoroughly disclaims its role and responsibilities relating to Cash App, only focusing on the Cash Card itself.
In short, Sutton Bank seems largely used as a means for Cash App to fit the requirements for Durbin exemption, thereby allowing it to gouge merchants with higher interchange fees.
On July 29, 2021, Block competitor PayPal revealed in its quarterly filing that it had received subpoenas and requests for information from the U.S. Securities and Exchange Commission (“SEC”) about whether the interchange revenue on its debit cards complied with regulations. [Pg. 110]
“We have responded to subpoenas and requests for information received from the [SEC] relating to whether the interchange rates paid to the bank that issues debit cards bearing our licensed brands were consistent with Regulation II of the Board of Governors of the Federal Reserve System, and to the reporting of marketing fees earned from the Company’s branded card program.”
PayPal shares closed 6% lower on the day of the disclosure, which also coincided with its earnings release.
Unlike Block, PayPal has stated in its filings since 2015 that its interchange fees are subject to regulatory risk. [Pg. 10]
Given that Block and PayPal both seem to avoid interchange fee caps with a similar approach, we submitted a FOIA request to the SEC to see if Block was also the subject of a similar investigation.
We filed a FOIA request using the same language PayPal uses in its filings to describe the SEC’s requests for information. The SEC’s response stated that certain documents related to Block’s reliance on the exemption and related marketing fees were unavailable because they had been compiled for “law enforcement purposes.”
Note that this disclosure alone does not confirm whether Block itself is under investigation. We have filed an appeal to learn more information and have thus far not received a response. We have also reached out to Block and have not yet received a response.
Another key contributor to Cash App revenue is its “instant deposit” feature, which Credit Suisse estimated contributed 31% of total Cash App revenue in 2022, according to their analyst note from October 2022.
At Block’s Investor Day presentation in May 2022, Block’s head of Cash App, Brian Grassadonia, explained that Block pioneered the service and described sending funds via instant deposit:
“The experience was magic and we knew it was something that people desperately needed.”
Block’s Instant Deposit feature boils down to a basic electronic funds transfer. A former employee debunked the notion of it being “magic” software in the context of its use for COVID relief payments:
“A lot of people see it more as a as a kind of software or infrastructure advantage on (the) fintech side, but in the actual sense of things, it is because we are ready to fund people the money so that we can get that money back.”
One benefit of Instant Deposit, from a scammers point of view, is the ability to move funds out of the system quickly, before complaints are lodged by the sender and before Cash App or Sutton Bank can perform any real scrutiny of the transaction. Once funds leave an account via Instant Deposit, they can be withdrawn at the receiving account within minutes.
Block charges a fee of 0.5% to 1.75% for receiving Instant Deposit transactions, a rate that is comparable or worse than numerous peers and competitors offering similar instant deposit & instant pay features:
|Bank of America||Yes||0%||Link|
Payment company TheClearingHouse, which is owned by the largest banks in the world, launched a Real Time Payment (RTP) network 5 years ago—over 285 banks and credit unions, including some of the largest in the world, are already participating as of November 2022.
On March 15th, 2023 the Federal Reserve announced it will launch FedNow in July, a service that “will enable every participating financial institution, the smallest to the largest and from all corners of the country, to offer a modern instant payment solution”.
In short, Block’s “Instant Deposit” business amounts to little more than an expensive feature offered by numerous competitors and charging rates that are likely to erode or nearly entirely disappear over time.
BNPL is a short-term financing option allowing consumers to pay for purchases in several installments, technically a short term “interest-free” loan, subsidized by charging the merchant a fixed fee and charging consumers late fees if they don’t pay on time.
Brian Grassadonia, Lead of Square’s Cash App business, told investors on August 1, 2021, the day the Afterpay acquisition was announced (emphasis added):
“The addition of Afterpay to Cash App will strengthen our growing networks of consumers around the world, while supporting consumers with flexible, responsible payment options…”
Afterpay does not need to perform credit checks or income verification, typically required for traditional loans, due to technicalities such as charging “fees” rather than interest and limiting the length of its loans to 8 weeks.
Jack Dorsey praised Afterpay’s benefits to consumers when the deal was announced:
“Square and Afterpay have a shared purpose. We built our business to make the financial system more fair, accessible, and inclusive”.
Afterpay’s approach to making the financial system “more fair” seems to be by enticing low or no-credit consumers into purchases they can’t afford and subjecting them to debt and fees they weren’t expecting.
Media reports indicate that the type of consumer seeking to finance small purchases, who may not even have income or credit, may be the same consumer most in need of protection—the very rules Afterpay avoids.
Block insists that using Afterpay to finance purchases is somehow not “just another form of debt”.
Block suggests that because Afterpay only charges fees if a payment is late that it does not “push customers into long-term debt at high interest rates.” It also refers to its late fees as being “low and capped”.
The reality is that Afterpay’s late fees can reach an APR equivalent as high as 289%, worse than the most punitive debt products.
Further evidencing that Afterpay is a loan, we can turn to Block’s own financial statements, which classify Afterpay payments as loans.
The company’s “consumer receivables” are represented by “amounts due from consumers for outstanding installment payments on orders processed on the Company’s BNPL platform,” per its 10-K. [Pg. 120]
The above table also shows about $ 153.7 million in Afterpay receivables that are past due, representing about 7.6% of all loans outstanding. 
From a financial perspective, the Afterpay acquisition looks to be a dud. Prior to Block’s acquisition, Afterpay reported remarkably low delinquency rates. Those have surged following the acquisition, according to a report citing Fitch Ratings data:
“In the U.S., Fitch Ratings reported that delinquency rates for BNPL provider Afterpay jumped from 1.7% to 4.1% between June 2021 and March 2022, while the delinquency rates for significant credit cards remained unchanged at around 1.4%”.
The spiking delinquencies and credit losses, which affect consumers of the product, seem to undermine Block’s claim that it is a responsible consumer product subsidized by fees from merchants.
Regulation is bearing down on Afterpay in its native Australia and in the U.S.
In February, 2023, the Australian Securities and Investments Commission submitted a statement to the Australian Treasury Department supporting “onerous regulation” in the BNPL sector, as reported by the Australian Financial Review. Moody’s vice president Stephen Tu was quoted on the pending regulation:
“In Australia, the once fast-growing BNPL sector is facing scrutiny…More regulatory burdens will result for all BNPL providers, including Afterpay”.
On November 17th, 2022, The U.S. Department Of Treasury released a report focused on non-bank consumer lenders, which states (emphasis added):
“Treasury recommends that the CFPB review its authorities to consider if and how the agency might provide direct supervision of larger non-bank consumer lenders, including BNPL and installment loan providers.“ [Pg. 115, Section 5:4.21]
On March 2nd, 2023 the CFPB released a study on the usage and demographics around BNPL. It underscored how BNPL lends to those who tend to be significantly less creditworthy and more prone to use BNPL as an option of last resort:
“…BNPL borrowers were, on average, much more likely to be highly indebted, revolve on their credit cards, have delinquencies in traditional credit products, and use high-interest financial services such as payday, pawn, and overdraft compared to non-BNPL borrowers.
“Lower credit scores lead to higher interest rates on traditional credit products, which make Buy Now, Pay Later loans with no interest an attractive alternative that many borrowers seek.”
The release of the report was accompanied by a statement from CFPB Director Rohit Chopra, who made clear that additional regulations are coming for BNPL, which contrary to Block’s insistence, is “like other forms of credit”:
“Since Buy Now, Pay Later is like other forms of credit, we are working to ensure that borrowers have similar protections and that companies play by similar rules.”
For BNPL borrowers to have equal protections, BNPL companies like Afterpay would need to follow the same suitability / credit check procedures and reporting that credit card companies follow. This would add to the administrative and compliance burdens on BNPL providers and likely significantly curtail loan growth.
Traditional bankers walk around in suits and ties, making them relatively easy to spot in the wild. This is a helpful feature for normal people who can then treat them with appropriate skepticism, knowing that bankers often work overtime to take advantage of people, avoid regulation, and extract money from the government.
By comparison, Jack Dorsey cloaks himself in tie-dye t-shirts and a guru beard, all while professing to care deeply about the demographics he is taking advantage of.
It has been an effective modern marketing approach—Dorsey has been celebrated by regular people, Silicon Valley elite, and investment bankers alike on his path to becoming a muti-billionaire.
But a close look at Block shows that it has not actually changed the game—like traditional financial services companies, its key focus seems to be on dressing up predatory loans and fees as revolutionary products, avoiding regulation and embracing worst-of-breed compliance policies in order to profit from its facilitation of fraud against consumers and the government.
The company seems to be betting that the consequences will either be a ‘cost of doing business’ or at the very least, come later.
Either way, we expect the luster will wear off and investors will realize that Block is really a money-losing, undifferentiated loan & fee originator. Like many of its peers in fintech and banking, it will eventually trade closer to its net tangible book value.
In the meantime, Dorsey and top executives already sold over $1 billion in equity near the top, ensuring they will be fine regardless of the outcome for everyone else.
Use of Hindenburg Research’s research is at your own risk. In no event should Hindenburg Research or any affiliated party be liable for any direct or indirect trading losses caused by any information in this report. You further agree to do your own research and due diligence, consult your own financial, legal, and tax advisors before making any investment decision with respect to transacting in any securities covered herein. You should assume that as of the publication date of any short-biased report or letter, Hindenburg Research (possibly along with or through our members, partners, affiliates, employees, and/or consultants) along with our clients and/or investors has a short position in all stocks (and/or options of the stock) covered herein, and therefore stands to realize significant gains in the event that the price of any stock covered herein declines. Following publication of any report or letter, we intend to continue transacting in the securities covered herein, and we may be long, short, or neutral at any time hereafter regardless of our initial recommendation, conclusions, or opinions. This is not an offer to sell or a solicitation of an offer to buy any security, nor shall any security be offered or sold to any person, in any jurisdiction in which such offer would be unlawful under the securities laws of such jurisdiction. Hindenburg Research is not registered as an investment advisor in the United States or have similar registration in any other jurisdiction. To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable, and who are not insiders or connected persons of the stock covered herein or who may otherwise owe any fiduciary duty or duty of confidentiality to the issuer. However, such information is presented “as is,” without warranty of any kind – whether express or implied. Hindenburg Research makes no representation, express or implied, as to the accuracy, timeliness, or completeness of any such information or with regard to the results to be obtained from its use. All expressions of opinion are subject to change without notice, and Hindenburg Research does not undertake to update or supplement this report or any of the information contained herein.
 The quote is sourced from a transcript from Block’s appearance at Goldman Sachs’ Communacopia + Technology Conference held in September 2022 (for readers paywalled from the above link).
 Block only recently acknowledged that its employee stock-based compensation is a real expense that it would need to account for in its non-GAAP metrics going forward, leaving a substantial hole to fill.
 Quote from Square Inc.’s Q3 2017 earnings call (for readers paywalled from the above link).
 Quote from Square Inc.’s Q3 2018 earnings call (for readers paywalled from the above link).
 The quote is sourced from a transcript from Block’s appearance at JPMorgan’s Technology, Media and Communications conference held in June 2020 (for readers paywalled from the above link).
 The quote is sourced from a transcript from Block’s appearance at JPMorgan’s Technology, Media and Communications conference held in June 2021 (for readers paywalled from the above link).
 Block, as a money services business, is subject to the requirements of AML laws. Block does not have direct obligations under KYC laws although its bank partners do.
 The quote is sourced from a transcript from Block’s appearance at Goldman Sachs’ Communacopia + Technology conference held in September 2022 (for readers paywalled from the above link).
 Teejayx6 pioneered a hip hop subgenre called “scam rap”/ “scammer rap” where he raps about identity theft, credit card fraud, and other scams. Local Detroit media reported that in addition to his music, Teejayx6 also sells a “Fraud Bible”, an online directory categorizing various scams, which has an entire sub-directory titled “Cash App Method”. The ability for blacklisted users to get back on the Cash App platform with new information like a debit card or phone number is also widely reported on consumer forums (example).
 Note that Cash App users are prompted at sign up and throughout the app that they can receive $15 for inviting new friends, an amount higher than the $5-$10 claimed customer acquisition costs.
 The “Identity Team” appears to fall under a broader department called “Health”, according to job descriptions for the team. [1,2] The job descriptions say the “Health” group said the department’s purpose is to “build products and features to detect and prevent the improper use of Cash App across all of our core product areas” and that the group would seek to limit “access for bad or otherwise unauthorized actors.” (Also see: Cash App Health Engineering Team)
 Block charges a fee of 0.5% to 1.75% for speeding the payment, which normally takes 1-3 days. Taking the midpoint of the fee (1.125%) and midpoint of the number of days (2) this would equate to a simple APR equivalent rate of ~205%.
 Several state unemployment agencies, including those in Illinois and Maryland, told us they were unable under state law to claw back payments without filing a lawsuit. Other states, including Minnesota, informed us they could not release any information that was part of a banking transaction without a court order.
 According to a former employee, the vast majority of government stimulus and unemployment payments processed by Sutton Bank were for Cash App customers, though fintech start up Albert may have accounted for a small amount of the volume.
 Massachusetts publicly released data on total fraudulent and suspect unemployment payments made in between April 2020 and January 2021, putting the figure at $687 million. Assuming Sutton maintained its proportional 10%, the activity would have accounted for around $69 million in problematic transactions.
 This search can be replicated by going to FFEIC’s website, selecting “call report”, filtering report date to “06/30/2020” and searching institution name “Wells Fargo Bank, National Association” and “JPMorgan Chase Bank, National Association”.
 The company provides no details regarding the interchange rate charged to merchants who accept the Cash Card, nor how that rate is shared between multiple partners, including Visa, Marqeta (its processing partner) and the official card issuer, Sutton Bank.
 The exception specifically states; “[The] Exemption for small issuers… [applies] if (i) The issuer holds the account that is debited; and (ii) The issuer, together with its affiliates, has assets of less than $10 billion.”
 We used a typical CPS/Retail transaction of $50 for fee comparison. Per the Visa rate table [Pg. 5] for prepaid cards: Exempt Interchange fees = ($50 * 1.15%= $0.58) + $0.15 fixed fee = $0.73 vs Standard Interchange fees = ($50 * 0.05% = $0.03) + $0.21 fixed fee = $0.23 resulting in an additional $0.50 fee per transaction being imposed on merchants.
 In addition to late fees, Afterpay users are also subject to overdraft charges on automated bank withdrawals if they don’t have sufficient funds in their accounts at the time the payment is processed.
 Afterpay’s terms state that “the aggregate sum of Late Fees associated with a particular order will not exceed 25% of the order value at time of purchase”. As an illustration, for a $96 purchase, of which $72 is financed through Afterpay, if the three payments are late there would be an $8 late fee on each of the payments resulting in $24 of fees. This is equivalent to a 289% simple APR, based on 42-day loan (6 weeks term for “pay in four”.) This calculation does not consider any outside overdraft bank fees that also may be assessed on each failed payment attempt, increasing fees to the user.
 This figure reflects total delinquent loans minus $229.4 million cash in transit as of 12/31/2022.