Tom Purves – Product Management, Fintech & AI

Note: The following post is an elaboration on a recent advisory conversation I help with some institutional investors in the payments space. If you'd like to book me for a consultation or other engagement, check my offerings here.

Here’s the thing, practical, large scale deployments of AI have been used in payments fraud detection since the 1990s. In fact, payments fraud has long been seen as one of the obvious killer apps and ready-adopters for every stage of AI, from neural nets taking over from rules based systems in the 90s. Growth of ecom and attendant fraud, drove payments adoption of machine learning and supervised then unsupervised models through the 00’s, then deep learning and reinforcement learning through the 2020s.

So are large language models and generative AI just more of the same. Well, I think there is reason to argue that this time could be different.

a) Generative AI is not just for the good guys. Watch for a step function acceleration in the volume, effectiveness and new threat vectors for payments fraud. Especially smaller merchants, institutions and processors are going to be increasingly dependent on vendors to keep up in the arms race.

b) Generative AI is not just for the payments business. Businesses of all sizes stand to be benefiting from generative AI providing new value to almost all functions finance, ops, marketing, sales etc. But most mid to small size business will be buying solutions that integrate AI, and AI benefits from as much contextual data it can use and understand about the business. So advantage here to the ongoing super-trend integrated SaaS platforms like Shopify, Square, vertical platforms like Toast and platform-enablers like Stripe. Vs monoline providers like legacy PoS providers or legacy payments acquiring/processing.

Generative AI product opportunities in payment fraud detection

1. Pattern Recognition and Anomaly Detection: Large language models can be trained on transaction data to understand normal patterns and recognize anomalous transactions. I’d expect these improvements to be moderately incremental, not disruptive. But LLM ability to understand complex patterns could potentially allow them to identify sophisticated fraud strategies that simpler models might miss.
2. Synthetic Data Generation: Generative AI models can be used to create synthetic transaction data that mirrors the properties of real transaction data. This synthetic data can be used to train other machine learning models for fraud detection, particularly in cases where there may be limited examples of certain types of fraud. Actually, being able to test any code in fintech against realistic production data has always been a pain. Either you are potentially putting real sensitive PAI/PII info at risk or you just not testing realistically. Producing better synthetic test data for fintech could be a whole new product line or startup idea in itself.
3. Narrative Generation for Alerts: Large language models can generate detailed, understandable narratives describing why a particular transaction was flagged as potentially fraudulent. This could make it easier for human analysts to understand and act upon the alerts generated by the system. Why did your bank flag and just call you to confirm that ‘suspicious’ transaction? Maybe they don’t even know, gen AI could hypothetically help here with more specific and customized messaging both for internal testing/optimization or for improved customer communications.
4. Improved Phishing Detection: AI models could be used to analyze the text content of emails, SMS, or other communication channels to detect phishing attempts related to payment fraud. The models could be trained to recognize the subtle linguistic cues that indicate a message is a phishing attempt. Especially relevant when you consider how generative AI is also going to powering more sophisticated phishing in the hands of adversaries. This area is going to be a case of generative AI continuing to fuel an arms race on both sides of fraud. Possibly fraud/security and platform vendors here are really the only true winners in the long run.
5. Adaptive Fraud Strategies Detection: Large models seem to be surprisingly good at performing well even when pushed beyond their original training set. As fraud strategies constantly evolve, large language models with continual learning can adapt over time, understanding new tactics used by fraudsters and adjusting their detection mechanisms accordingly. Again, an important consideration when gen AI is also going to be helping the bad actors be more creative, productive and hypertargeted.
6. Multi-modal Fraud Detection: Combining text, transaction data, and potentially other types of data (like user behavior data), large language models can aid in creating a more comprehensive view of user activity and detect intricate fraudulent patterns more accurately.
7. Contextual Analysis: Generative AI models can help in understanding the contextual information around transactions. For example, they could analyze the text of a customer support chat to understand if a transaction was disputed by the customer, even if the dispute isn’t formally recorded in the transaction database.

More Adjacent Usecases and themes

1. Improving Customer Support and Interaction: Large language models can automate and enhance customer interactions, providing immediate, accurate responses to customer inquiries. This can expedite the resolution process for disputes and chargebacks, making the process more efficient for both the consumer and the merchant or bank. But would you buy a generative service just for payment/fraud related interactions? More likely, integrated platforms that combine payments with the rest of a business CRM might be the winners here.
2. Automating Evidence Collection: AI can help automate the process of gathering and analyzing data related to a dispute or chargeback. This can provide faster resolution times and more accurate outcomes, reducing the time and cost involved in handling these cases. This one again could be a whole new product or startup idea. Imagine an integration between gong (the SaaS that automatically captures and transcribes all cs/sales conversations) and Visa’s Verifi (a service that helps resolve disputes before or after they become chargebacks). Generative AI could be so good at resolving common disputes of what a sales agent allegedly promised vs what a customer received.
3. Predicting Disputes: AI models could potentially predict disputes and chargebacks based on transaction patterns, allowing for proactive measures to prevent or mitigate these cases. Maybe not a unique usecase for generative AI vs traditional ML/AI techniques. However, the increasing ease of access to models and custom training, could make all sorts of AI usecases easier to put in the hands of more users.
4. Tailored Resolution Strategies: Based on historical data and ongoing learning, AI could tailor dispute resolution strategies, ensuring that the most effective methods are used for each individual case.

The Threat Environment side of generative AI

1. Ever More Sophisticated Phishing Attacks: Large language models could be used to craft highly sophisticated phishing emails, text messages, or other communications that convincingly mimic the style of legitimate communications from banks, employees/bosses, friends or other trusted parties.
2. Impersonation: These models could be used to generate realistic chat or voice messages, potentially impersonating bank officials or customer service representatives, leading to social engineering attacks.
3. Data Mining: If given access to sensitive data, large language models could potentially be used to mine that data for personally identifiable information (PII), either to develop hyper-targeted attacks or defeat security questions based on personal information
4. Bypassing AI-Based Fraud Detection: If fraudsters can gain an understanding of how an AI-based fraud detection system works, they might be able to use large language models to generate transaction patterns that avoid detection.
5. Deepfakes: More advanced AI systems could potentially be used to create realistic video or audio ‘deepfakes’. While not a direct risk to the payment process itself, this could facilitate fraud or identity theft that could indirectly impact the payments industry.
6. Automated Hacking Attempts: Large language models, given their ability to understand and generate human-like text, could potentially be used to automate certain types of hacking attempts that rely on exploiting human vulnerabilities, such as password guessing or social engineering attacks.
7. A whole new generation of ‘script kids’: Generative AI is just very powerful at helping anyone learn to code and some models may be released or leaked without adequate (or any) safeguards around generating malicious applications

Software has long been supposed to be eating the world. Stripe was kind enough to invite me to their annual stipe ‘sessions’ event, in person for the first time since 2023. And you might of thought of Stripe as a payments company. But the reality is they really position themselves as a software-first and they definitely have a plan to eat there way into every segment of the economy if they can. Here are my (lightly editorialized) live notes of everything Stripe focused on today.

• Payments, checkout and advanced features (including some that start to dis-intermediate card networks)
• Stripe for building platforms and marketplaces in every vertical (go forth developers and acquire/service/support all the small businesses for us!)
• Billing and finance automation (Stripe for bigger business and backoffice integration)
• Bonus: How Stripe is using generative AI

Stripe, as always, is selling based on eliminating engineering implementation and management costs, solving common painpoints, auth and fraud rates. But certainly not on price. Pricing has not been mentioned. This has always been their value prop, you may pay a little more in variable but you save in fixed costs (and time to market) of attempting to roll anything as sophisticated yourself.

Increasingly stripe is aiming up-market. Investing in enterprise feature sets for big volume customers. For the little guys, it’s all about enabling the aggregators. Specifically vertical platforms that can go out and acquire/service all the SMBs by industry with highly integrated and niche-specific software stacks, w/o Stripe having to do that themselves. 

On Payments

Payments are what Stripe calls the ‘through line’ of everything they do. Stripe is touting the simplification and elimination of engineering costs of maintaining a sophisticated payments page and checkout flow. Stripe optimises complex things like adding new global payment methods, global address autocomplete and verification etc. You pay for this in variable vs fixed costs of building in house.

Now for the new news. Stripe’s ‘link’ for cross-site one click checkout to a bank account. Now, take it from someone who ran Visa’s one click program… one click great, but again would be better if this was an open standard rather than locked-in to Stripe ecosystem. How they solve cross-site cross-site 3rd party cookies, and cross-app privacy sandboxing is unclear.

‘Link’ also enables not just card, but also pay by bank. So there’s a whole end-run around card networks. And a vehicle for Stripe to lean on future RTP rails in the future potentially. Big announcement is that Uber has now adopted Stripe link.

Uber: We say paying with link to enable pay with bank accounts as something we want to use around the world. 

Other payment reveals:

Stripe is saying that companies that shift to stripe payment elements (customizable checkout page widgets) grow topline by 10% as well as cut engineering maintenance cost. Where is that 10% coming from? They don’t break it down. Hard to guess what other conveniently confounding variables might be at work there too.

Next up stripe s700. It’s a slightly-chonky white phone/pos hybrid device. Probably runs a custom android? Apparently it can do table side ordering, but they didn’t emphasize that use case. Otherwise, the device looks… fine?

Enhanced issuer Network. Here again. Stripe is going over the top of the network sharing risk scores directly with issuers, claiming 8% fraud 1-2% auth rates. This is potentially a huge trend, again potentially disintermediating the card networks. But with the same drawbacks, will it scale for issuers to manage custom/proprietary data pipes to every major card processor?

Tap to phone! Stripe is also demoing contactless-on-glass. Finally, no more dongle required if you are okay to just accept tap-to-pay. Works on an iPhone. pretty cool and long time coming to the payments world.

Stripe aggregating the aggregators- Stripe Connect / BaaS

Stripe connect is supposed to be a generalized way to embed money movement and integrated payments. Vertical software platforms are now powering almost all corners of the economy. Platforms that use connect get to market faster, make more money and improve retention. Apparently. Now, I’ve struggled with stripe connect in the past, especially dealing with exceptions, keeping track of failed billing events and state management for customers.  Announcing updates to connect to allow more customization, basically and Stripe Elements for connect?

Also new: stripe is allowing vertical platforms to also include plugins. Like a xero plugin for payments platform for contractors. 

The meta story here is that Stripe is leaning in to the verticalization of software platforms.

Then adding in additional financial services primitives like instant payouts, card issuance, treasury and lending.

On your platform, you can further enable your sellers with tap to pay on iphone and android for super small sellers. E.g. as an electritian using a hypothetical platform for contractors.

Stripe issuing has issued 100M+ cards so far with Issuing. Thats a good number. 

Stripe doesn’t want the CAC and support overhead of actually doing business with every seller our there. They’d much rather equip vertical SaaS developers to go out and distribute all this stripe stuff. Building the killer into every industry niche you can think of. Examples where studio management tools for yoga teachers, a marketplace for home contractors, a creator marketplace for 3d printable minifigs and so forth.

Lastly: Stripe Billing – Revenue and Finance Automation

Problem- a lot of stress on backoffice for global billing. As someone who’s run big SaaS businesses myself, I will freely concede how bizarrely hard it is to just reliably charge your customers every month. 

Connect they tout handles now recurring billing, 1-off invoicing, global tax, accrual accounting, payments  reconciliation.   

These are all legit pain points. I have historically used whole third party solutions like Chargebee to manage recurring billing above Stripe. Apparently managing lots of pricing plans over time (another definite painpoint in SaaS when you are constantly iterating in pricing and special relationship deals) is now more flexible w/ Stripe.

Bonus: How and where Stripe is using generative AI so far

Now they have LLM ai that auto generates SQL queries, even if you don’t know code. The LLM is trained on the SQL tables in your payments data. Scenario: CEO pings CFO hey show me biggest  customers who still have unpaid invoices from last month, no rush, just let me know in the next 15min.” The CFO asks the AI which then in the live demo, figured out the intent of the question, the right sql query, ran the query and gave an answer. So this one demo got a biggest round of applause of the keynote

Second case, Stripe is already using LLM to power developer documentation too. They’ve refined a GPT model against all their docs that can answer developer questions. Another good usecase we’ll see more companies using soon.

Are people using GPT4 successfully in real commercial products yet? Is OpenAI’s latest/greatest API a good hire?  A recent timely Ask HN discussion hacker news this week poses this question. Go read the whole thing, or here are my meta-take-ways for anyone trying to build with GPT4 right now.

The model can do useful work today
Some interesting feed across a mix of viable usecases: generating marketing copy and sales emails, to “Correcting or filling missing information in structured data” or Correcting or filling missing information in structured data, or data extraction like from websites or documents, or for internally searching for company information.

But… Availability and performance is a challenge
OpenAI’s APIs aren’t always reachable and response times are variable. Do work around managing for retries, or fallback to other processes if OpenAI is not available. Rate limits are a challenge too, and the process for appealing those is going to be difficult with the current level of demand.

Mix GPT4 and 3.5 versions for speed and Cost considerations
GPT4 is the most accurate but also the slowest and more expensive per call. But you can also try mix and match for usecases where 3.5 is good enough or as a first pass. Test and optimize. At MainStreet, we had good success using basic GPT3.5 to generate super-specific customer help and training material. E.g. “draft a help center article on how [general finance concept] might apply to expenses for [specific job role category] in [customers specific business vertical]. We’d generate this kind of content offline, then review it before publishing. Even with manual review, the speedup vs generating a broad set of help content from scratch was enormous.

Keeping human review in the loop or being clear/transparent with your users
Either it seems people are mostly using GPT internally, where quality of output just has to better or more scaleable than a previous process. Or folks are building apps that explicitly expose the AI to their customers, but adding value through a novel UI or domain-specific assistance with prompting. The ‘copilot’ modality when coding or creating is already a proven commercial model and incredibly popular. Will some equivalent work for banking, investing or financial management apps? It will be interesting to see how easily all of this extends into more regulated or professional/fiduciary responsibility domains. But with the right controls, transparency and model-refinement, it will get sorted out.

Key Takeaway: The big cloud vendors will probably make all this better, just be prepared to pay. The business case here is pretty clear for Azure, Google and AWS et all. Offering, enterprise grade availability, as well as data privacy for custom-trained/refined LLM models is going to be huge business. I could also see opportunities major vertical-oriented players offering something similar. Bloomberg has announced their GPT model for Finance. I’d like to see what Stripe or Visa do for models trained on payments, or models for retail banking, lending, accounting, insurance etc.

Relevant links:

Ask HN: Who has deployed commercial features using GPT4?
Open AI API docs
Microsoft Azure OpenAI services
Google Cloud AI (Note Google Bard API is still closed and invite-only)
Amazon AWS Generative AI Announcement (Announced April 13/2022)
Bloomberg GPT (Announced March 30)

_{image credit: Midjourney “A robot works in an office, ai, paperwork, midcentury modern”}