Business Lending
Intuit Originates $452M in Business Loans in FY Q3 2024, Has Excellent Portfolio Performance
May 27, 2024
Intuit generated $452M in business loans in its recent fiscal quarter ending April 30th. That was down slightly from the $469M in the quarter before it. Apparently the performance of its business loan portfolio has been excellent. Not only did the company say that “past due amounts were not material” but it also said that the allowance for losses on these loans was also immaterial. Similar to the prior quarter, this segment of Intuit’s business did not even come up once during the earnings call.
Intuit’s business loan originations are roughly on pace with Shopify Capital’s, at somewhere in the neighborhood of $2B a year. Both companies benefit from a sticky core product that their customers use. In the case of Intuit it’s the Quickbooks bookkeeping software.
Intuit’s CEO, Sasan Goodarzi, opened the quarterly earnings announcement by saying that AI is changing the world. “The era of AI is one of the most significant technology shifts in our lifetime and our strategy to be the global AI-driven expert platform is delivering significant benefits to our customers and strong results across the company,” Goodarzi said. “I’m proud of our innovation and performance, and because of our momentum, we are raising Intuit’s revenue, operating income, and earnings per share guidance for the fiscal year.”
Shopify Capital MCA, Loan Origination Growth Appears to Slow Down
May 9, 2024Shopify Capital, the funding arm of Shopify that provides merchant cash advances and loans to merchants on its platform, experienced no increase in these related receivables in Q1 compared to Q4 2023. The company typically records significant growth in this figure each quarter. Shopify used to broadcast its origination figures far and wide in each quarterly earnings report and call but has since gotten shy about this segment of its business and no longer discloses originations. Instead, its balance sheet line item for “Loans and merchant cash advances” is virtually all there is to go by now and they were listed at $815M in Q1 vs $816M the prior quarter. This, of course, only reflects anything they’ve kept on balance sheet and could be a misleading indicator if those receivables are being sold off or taken on by a third party.
Shopify’s major rival, Amazon, never disclosed origination figures for its Amazon lending program, and in March announced that it was discontinuing its in-house lending program altogether after a 12-year run.
Shopify is still among the largest online small business lenders in the US.
Square Loans: $1.32B Funded in Q1, Expands to Japan
May 2, 2024
Square Loans, a subsidiary of Block, originated 129,000 small business loans for a total of $1.32B in the first quarter.
“Strength in banking gross profit was driven by continued strong demand for loans and healthy repayment trends,” the company said. Loss rates also remained consistent with historical ranges.
The company also expanded its business loan program to Japan and it has so far exceeded their expectations.
“Clearly, quick access to funds and a seamless product experience are true differentiators relative to existing financing options for SMBs in Japan,” said Block CFO Amrita Ahuja.
Separately, Block CEO Jack Dorsey spent an inordinate amount of time talking about Bitcoin in the quarterly shareholder letter, his entire message in fact.
It opened up with the following quotation: “Why the hell are you all spending so much time on bitcoin?”
“We get this question a lot. We’ll use this quarter’s letter to answer it,” Dorsey wrote in response.
Enova Has Big Q1, Sees Strong SMB Market
May 1, 2024
Enova originated $960M in small business loans in Q1 2024, setting what is believed to be a new quarterly record. During the earnings call, Enova CEO David Fisher said that confidence in the economy and consumer spending was driving the SMB market forward.
“Our small businesses aren’t concerned about inflation,” Fisher said. “Strong consumer spending and the ability to increase prices are offsetting that. And we are seeing stable performance in that portfolio.”
In fact, the company expects yield on the SMB side of its business to increase in the short term.
“We’ve just shifted more towards kind of the middle to upper end of our APR range for the SMB products,” said Fisher. “And so with those higher APRs from slightly higher defaults – so you’ll see over the next few quarters just slightly elevated compared to historic level default rates in the SMB business and eventually slightly higher net charge-offs as a percentage of ARR. But what will come along with that, is higher yields and higher revenue. And so the ROEs on those products, those originations are looking really, really good.”
Enova also expressed the value it’s gotten out of marketing its products on TV.
“We’ve gotten heavier and heavier in TV,” Fisher said. “That’s been an area of success for us for sure relative to say five to seven years ago, and I think certainly relative to our competitors. And then digital I think has improved for us in ways that we probably wouldn’t have guessed a few years ago. And a lot of that growth I think is kind of taking share away from leads. I think leads has continued to shrink as the share of the total, which was fine, we’d like to control our own destiny.”
The Long Running Mysterious Fraud in the Small Business Finance Industry and How to Defend Yourself
May 1, 2024The submitted deals are real. The merchants are real. Everything checks out until suddenly it doesn’t. The merchants block the payments and find out they’ve been scammed.The funders find out they’ve also been scammed. But it’s too late because the money is gone and the fraudsters disappear without a trace.
deBanked reviewed hundreds of court documents, emails, and websites in preparation for this story and spoke with multiple people familiar with the matter, though only one would agree to go on record. Here’s the story of how the scam works and what you need to know to defend yourself.
It was a textbook merchant interview call. The business owner answered the questions succinctly and convincingly. He knew his stuff and sounded confident, like somebody who wanted to just finish the process and get the underwriter to issue a final approval on his funding application. His accent said little about where he was from. It sounded like it could be Mid-Atlantic or perhaps lower New England, just a regular business owner on Main Street USA.
“It sounded a little nasal, right?” said Alex Shvarts, CEO of FundKite, after playing the recording for me to judge.
The tone of the voice did actually sound unusual after thinking about it. Something was off about the call and that was the only tell. For the person on the other end of the phone wasn’t who they claimed to be. It would later be debated if they had used voice changing technology, one of many layers of obfuscation that had been put in place to cover up what is quickly becoming the scheme of the decade.
FundKite had signed up a new broker and promptly received two deals from them. On this particular one the paperwork attached to the application was real. This was a real business and these were their real documents. But the real owner of the business had no idea that any of it had been used to apply for funding with FundKite.
In a typical identity theft scenario, a scammer gets a lender to send the loan proceeds to a bank account that is controlled by the scammer, keeping the victim completely in the dark that their identity is being used for the fraud until much later when a default occurs. But in this case the scammer intended to have a funding company send money to the victim’s actual bank account. It’s a twist that understandably makes it very difficult for the funding company to later believe that the merchant’s identity had been stolen since they were the ones receiving the proceeds. But once the business has been funded, the scammer executes the next step in the scheme, convincing the business owner to send the money to them. If that sounds like a whole lot more work to make this heist successful, then you have no idea how many layers of deceit are in play and the scale at which it’s operating.
It started sometime around 2019 (maybe even earlier) and is still happening to this day across the industry. The scammer uses stolen identities to incorporate businesses, followed by using those entities to open up bank accounts for them. One account is used to impersonate being a lender and another to impersonate being a broker. They first get to work by being the fake lender and register a domain name that closely resembles and could be mistaken for a real lender they’re trying to impersonate. According to records obtained by deBanked, domain names challenged via UDRP and seized as part of an ongoing investigation into the fraud reveal that the scammers also use stolen identities to register the domains, making the real buyers untraceable.
The objective of having these fake domains in the first place is to contact existing real borrowers of the real lender and to pass themselves off as the real lender. It’s a classic phishing scheme.
There’s various theories as to how this is done, but there’s a possibility that public records are sufficient for the scammer to accomplish this step. A reverse UCC search can reveal the names of a lender’s customers and the time in which they received a loan. From there, big data or cursory internet searches are enough to obtain the contact info of those borrowers. This type of list building is nothing new and fairly common in the data business.
The scammers then email the borrowers from the fake domain, purporting to work for their real lender, and give them the great news that positive repayment history has afforded them the reward of being able to refinance their loan at a lower rate.
It is generally good practice to check the domain name of a sender, even though that itself is not foolproof, but an incorrect one, especially one that resolves to a “404 Error Not Found” page, should be a sufficient indicator that these emails are coming from an impostor, yet business owners still fall for it, perhaps because they recognize the name and find the offer consistent with their expectations.
In one case that deBanked reviewed, the opportunity was presented to refinance a double digit APR loan down to as low as 4% with the same lender. When the victim was asked during a deposition if that number had struck him as suspiciously low, he said it did not, especially considering his belief that he had “excellent payment history” and that he felt like it made sense to get a break after all the stresses of covid.
The scammers generally communicate with perfect English over email but will also do phone calls. They use Google voice numbers in the area code that match up with the real lender. deBanked called an older one that had been used and nobody picked up. They might use the name of a real employee at the lender or create a fake one, going so far as to generate a paper trail online that shows the name of that person working for the lender.
Once on the hook, they ask the victim to submit lengthy documentation over email so that the refinance can be reviewed. These are typically documents like tax returns, bank statements, a copy of a driver’s license, A/R and/or A/P schedules, etc. After that the scammer moves on to the next phase, using the phished documents to apply for loans or merchant cash advances. This is where the scammer’s fake broker entity comes in.
These fake brokers tend to pass a background check because they rely on stolen identities that are clean, the business entities they’ve created under them are real and match up, there’s a tax ID, there’s a bank account in their name, and there’s no sketchy stuff about them on the internet. They even have a website, again registered with the fake identity, that often looks like or is an outright exact copy of another broker’s website. Even a diligent funding company can be duped despite a background check. Once the fake broker is signed up with a funder, the phished merchant data is submitted but with the scammer’s phone number and email address. Oftentimes the deal amounts are large. deBanked reviewed several cases related to this scheme that ranged in size from $200,000 to $600,000.
Since all the merchant information is legit, the merchants tend to get approved. The scammers are also adept at pretending to be the merchants in an interview phone call with an underwriter, like the one I listened to previously. They can even guide the merchant through a funder-mandated bank verification under the illusion that it’s all related to their current lender for the refinance. If any questions arise about the mention of another financial company name, it’s explained away as an affiliate partner or related vendor that they use.
Once the scammer is confident the funds are coming, they tell the merchant the refinance has been approved and that there is a narrow window to complete the final steps. As part of this they send a lengthy legalese-filled digital contract with an e-sign for the fake refinance that looks exactly like their real lender’s, again reinforcing how legitimate the whole thing feels.
Once complete, they’re told that a large wire will be arriving in their account, which will actually be from the funding company they don’t know about. In a normal refinance, a lender might withhold a portion of the new loan to apply to the outstanding balance, but in these cases the victims are told that they have to receive the full amount of the funds from their lender first and then wire the outstanding balance of the loan straight back to the lender. The merchant nets the difference if there is any left over. This round-trip transaction is communicated as being their way of managing their accounting, an excuse that again seems to come across as plausible to those that think they’re dealing with their trusted lender the whole time.
In the earlier iterations of the scheme, the name on file for the bank account to wire the funds to would look almost identical to their lender’s name. When the victim sends the wire to pay off their outstanding loan, they are completely unaware that they have just wired funds to a scammer and that the entire thing had been a very elaborate ruse. It’s not until days later when their account starts getting debited by a funding company they have never heard of as part of an agreement they had never entered into do they become alerted that something is amiss. By then it’s too late. Doubly too late if the funder has also wired the fake broker a commission for putting the whole deal together in the first place.
Although the scheme can yield several hundred thousand dollars at a time, it ultimately results in the loss of their fraudulently opened bank accounts as the funders respond with an investigation that can include litigation and/or a report to law enforcement. That means the scammers have to open new accounts under new stolen identities. That’s easier said than done, which is perhaps why last year they apparently improvised on this step. They don’t need to open bank accounts for the fake lenders anymore.
Instead, according to at least three examples reviewed by deBanked, they’re more recently asking the victims to wire the funds to the general deposit account of a cryptocurrency exchange. If this sounds like it would be too obvious, consider that it has worked. The wire forms, which look identical to the earlier versions, are only different in that they contain a different account name to send the funds to. The lender’s logo can still be found on the top.
In one case, deBanked was able to obtain records that allowed for the funds to be traced. The scammer had the exchange convert the wired funds into Ether, to which the Ether apparently moved between three crypto exchanges before disappearing into a generic holding address of an offshore exchange with millions of transactions. Another dead end.
deBanked emailed one of the two exchanges it reviewed related to this scheme to ask about their customer KYC procedures but received no response. The other was not contacted to avoid tipping them off to a possible active investigation. The exchanges both have deposit accounts at US banks, both of which are known for their fintech relationships. Typically, crypto exchanges that take on US customers do rely on some level of KYC. It appears based on limited evidence so far that the crypto accounts opened up by the scammers are done under the stolen identities of the merchants so that everything matches when a wire comes in. This is where it gets murky because the scammers may ask the merchants to take selfies of themselves, ones that could include holding up their ID in their hand or holding a piece of paper with a specific written message on it as proof that it’s them. That a merchant might jump through these hoops on the belief that it’s all to secure a purported refinance with their existing lender requires some suspension of disbelief, though many online finance companies these days are requiring varying levels of customer identity verification.
The outcome, in any case, is that millions of dollars have been purportedly stolen over the course of several years. The scam has been directed at all sorts of funders, from the A paper players to the Z paper players. The merchants, as the original dupes that make this possible because they fall for a basic phishing scheme, are also left to pick up the pieces. The scammers may have even scammed another high profile scammer, at least according to documents reviewed by deBanked. There’s a brazen fearlessness to it all.
A main connecting link has been funders that will do large deals, hundreds of thousands of dollars in a single transaction. But that might be changing. Industry chatter more so than hard evidence suggests the web of intended targets might be growing and that thanks to innovations with AI and crypto, the scammers may attempt to use artificial identities for the brokers rather than real ones. A lot of the steps involving bank accounts and stolen identities are no longer as necessary, which means if you’re a funding or lending company and you’re reading this, you may be vulnerable.
Sources familiar with the matter say that it’s good practice to remind your customers about possible phishing risks and to keep them informed about what methods of communication you will use throughout the life of the relationship. This includes whether or not you might employ phone calls, emails, texts, or snail mail communications, and the precise sender information they should expect. This might limit the likelihood of your own customers from getting phished but there’s tactics you can use to prevent becoming the victim funding company as well.
According to Alex Shvarts, a good start is only conducting a merchant interview on phone numbers assigned to the business. “If it’s a cell phone we have to have a cell phone bill that verifies the owner’s information,” he says. Also, if the customer has a website, avoid communicating with them over a free email address like Outlook or Gmail or Proton Mail and instead direct all communications to an address on their company domain name, one you’ve confirmed is really theirs and not a boilerplate setup by the scammers to deceive you again. Other possible steps are to use live ID verification or a common tool like CLEAR, he suggests. Shvarts wouldn’t disclose some of the proprietary methods they’ve come up with so as not to tip off a scammer reading this.
When it comes to the broker, do proper due diligence. It’s been said that a fake broker may test the waters with a small deal first before submitting the large fraudulent one to generate a level of confidence that everything is on the up and up.
According to documents reviewed by deBanked, the scammers typically rely on a relatively bare bones website for their fake broker shop, a collection of borrowed templates and verbiage from other companies out there. It’s a rabbit hole that can lead one down many wrong directions, especially in an era when similar bare bone lead gen sites litter the internet by the thousands. Consider doing a FaceTime or Zoom call with the broker so that you can see if their face matches the identity that’s been provided!
The scammers have used different domain name registrars and hosting services. They may push for a weekly or monthly payment option so as to create lead time between when the victim wires the funds to them and when the first debit hits from the funder they’ve targeted for it. They seem to prey on merchants that have an outstanding business loan rather than an MCA because it makes the low in-house interest rate refinance all the more plausible. So if you see debits in an applicant’s bank account from any one of the more commonly known online business lenders, you should be thinking about this story and ways to make sure you are speaking with the actual business owner. Do they know who you are? Have they been offered a refinance? Do they even know who their broker is?
“When you first identify the fraud, notify law enforcement including the FBI,” one source familiar with the matter said.
California Launches its Own Business Loan Marketplace
April 28, 2024
It’s a sign of the times. State and federal organizations are launching their own business loan marketplaces to compete with the numerous ones that exist in the private sector. The latest is California which just launched its “Small Business Loan Match” tool.
“We created Loan Match to ease the process of finding trusted loans for California entrepreneurs, gathering dozens of lenders on one platform for a one-stop experience,” the site says. “All lenders have been pre-vetted and enrolled in IBank’s Loan Guarantee Program, which specializes in bridging the gap between responsible lenders and small businesses.”
IBank, not to be confused with iBank, is the California Infrastructure and Economic Development Bank that was created to “finance public infrastructure and private development that promote a healthy climate for jobs, contribute to a strong economy and improve the quality of life in California communities.”
California follows New York City which launched NYC Funds Finder, the SBA’s Lender Match tool, the CFPB’s planned loan marketplace comparison tool, and Bank of America’s Access to Capital Connector.
Coming Soon: Domain Names as Loan Collateral
April 25, 2024
It’s called a DeFi Cash Advance, a collateralized loan with 1-30 day terms. It’s just one of many products created by Teller, a peer-to-peer lending platform that relies on smart contracts to facilitate the transactions. The key word is “collateralized” because the blockchain-tethered asset doesn’t necessarily have to be crypto-native per se anymore. Virtually any business owner with a website can offer up its online domain name as collateral for a loan thanks to rapidly developing blockchain technology.
“Essentially what Teller is at the core is basically like an OTC desk as a way to think about it because Teller doesn’t do any lending,” said Kieran Daniels, Growth at Teller.
Instead it’s done by peers which have historically used the platform to lend against very esoteric crypto assets that traditional commercial finance folks would probably roll their eyes at. But all that’s poised to change ever since a Silicon Valley-based startup called Namefi recently found a way to bridge regular old internet domain names to the ethereum blockchain. Namefi’s tech can turn any .com or similar internet domain into a real life NFT without any disruption to the underlying website it hosts. And once ownership of the domain name is governed by whomever owns the NFT, then voilà, it can be offered up as collateral for a loan on the blockchain.
The advantage of doing something this way is the efficiency in which it transforms a widely recognized digital asset, a domain name, into a liquid piece of collateral for a loan. For example, a loan can be made instantly just with a smart contract, it can be transferred to escrow (while still working the whole time) instantly, and also transferred to the lender in the instance of a default without any headache or hassle. The hard part, if one could even consider it hard, is that in order for the domain name to turn into an NFT, it has to be transferred from the owner’s current domain name registrar to the one operated by Namefi. This can be accomplished in less than an hour. It’s the exact same process as if one were to transfer a domain name from say Godaddy to Namecheap. Namefi does all the techy stuff that turns it into an NFT and the user can still manage their regular DNS settings via Namefi.
As mentioned previously, Teller is accustomed to other assets on its platform, things like “meme coins” and digital artwork, some of which use a technological token standard called ERC-721. That’s kind of where I ironically enter the story because I noticed that Namefi relied on the same standard when turning domain names into NFTs. And so without informing either Namefi or Teller of what I was up to, I turned a domain name that I owned into an NFT via Namefi and then used the Teller platform to set up and execute a loan transaction, resulting in a self-aggrandizing press release this past January about how smart I was for possibly doing the first domain name loan over ethereum in the world.
It was noticed. The outcome is that Namefi and Teller have been talking to each other since. On February 28, the two took to social media to announce a partnership.
Namefi is partnering with Teller (@useteller) to bring DeFi to your internet domains! Now lending with Namefi domains as collateral is made easy through this partnership.
As a result of the partnership, customers will be able to:
1. List DNS names gaslessly for liquidity: List… pic.twitter.com/nHJpkUKeXj
— Namefi.io 🍊 (@namefi_io) February 28, 2024
“We’re fully leaning into it,” said Daniels to deBanked, “we did a spaces [on X] with Namefi.”
“I think we’re just really bridging that gap for a lot of people right now and actually making that connection to say that ‘hey, NFTs aren’t just JPEGs, they aren’t just digital identity, they can have other forms of utility,'” said Alexander Walker, Ambassador at Namefi. “And there’s millions of people out there with domain names already.”
And that’s sort of the point. Everyone already understands domain names as a digital asset. The tech has just finally caught up to do that much more with them.
The typical challenge of any upstart peer-to-peer lending platform, however, is liquidity. As some readers may recall in the very early years of LendingClub and Prosper, hopeful borrowers would languish on those platforms while they waited for individual retail investors to pool together enough money to actually fund the full value of the loans. Teller has already come up with a solution for other assets it understands well, standing liquidity pools funded by peers or investors that will automatically lend against assets it recognizes. There would be a similar goal with certain categories of domain names.
“When you go to Teller, you’ll see Pokemon on ENS or 999s or certain collections of NFTs,” said Daniels of Teller. “So those are the more popular NFTs and so what Teller has done is created standing offers for those. So again, Teller isn’t the LP, but LPs can come in and add to that pool. And anyone with one of those categories can instantly get a loan or instantly borrow against that.”
Enter .coms into the fray.
“The bigger vision is right now when you go to Teller you see Tokens, NFTs, and ENS,” Daniels said. “We want to change that to Tokens, NFTs, and Domains. […] Once we integrate that and once we get set up, then we can really lean into it and grow it from there.”
The market is still mostly unaware that this technology is here. Early interest seems to be coming from domain name investors in particular, those that think about the standalone speculative or resale value of a domain name independent of any active business use. Valuations on that basis might be too small or risky for a commercial lender to get excited about. The real opportunity then perhaps is domain names that are actively in use where the corresponding website is driving revenue for a business or even generating it on site. In the digital era, it’d be reasonable to say that many businesses depend on their web traffic to generate hundreds of thousands or millions of dollars a year in annual sales. A domain name that is being used to make that all happen is theoretically worth much more than an unused clever sounding domain name. It’s also the sort of collateral that could be monetized by a lender familiar with the market of its borrower.
With 360 million domain names registered worldwide as of Q3 2023, there’s a large market at stake.
“Domains don’t have that liquidity as of yet,” said Walker of Namefi. “But we’re currently building out that infrastructure. And that’s what makes me really excited.”
Backdooring Deals? You’re a Loser
April 24, 2024
“Backdooring is just for losers,” says Thomas Chillemi, founder and CEO of Harvest Lending, a small business finance brokerage. “Like I think anybody who participates in it is just a loser.”
Backdooring, as colorfully referenced by Chillemi, is a colloquial term used widely across the industry to describe how leads, apps, or entire deals are stolen from brokers. The deal gets submitted through the front door and then leaks out the back door to an unauthorized third party. Chillemi sums it up as such: “backdooring is ‘I secured a lead, I secured a file in some way, shape or form. And that merchant is being contacted through my efforts somehow that I didn’t give permission to.'”
It’s a scenario that’s been top of mind at brokerages across the country for years, and it’s a problem that’s getting worse, according to sources that deBanked has spoken with.
“I would say backdooring is the worst of the worst right now,” says Josh Feinberg, CEO of Everlasting Capital, another small business finance brokerage. “I think as far as rogue employees go at direct funders, it’s the worst it’s ever been.”
Feinberg’s reference to “rogue employees” is just one such way that backdooring can occur. It can be an employee of a lender, management of a lender, an employee of the broker, a broker pretending to be a lender, and possibly in a worst case scenario even a cyber intruder like a hacker. Sometimes it’s a clandestine operation structured in a way to make it difficult for the broker to detect that their client’s file has been intercepted while other times backdooring is such a normalized function of one’s business that accepting a submission from a broker and then shopping it elsewhere to circumvent them is practically firm policy and done on an automated basis.
Some of the more seasoned brokers who are used to being on guard with what a lender intends to do with their file advise that their peers approach any proposed ISO agreement with a fine-tooth comb to establish what is or isn’t allowed. After all, if the agreement grants the lender the contractual right to backdoor the broker, is it really backdooring?
Others say the contract’s language can only carry the relationship so far.
“I only try to board up with people that seem to be good actors, but then you never know what an employee might do, right?” says Chillemi.
Whether it’s a jaded underwriter, a slick admin, or Bob in accounting who never says a peep, it only takes one individual to set eyes on an application to be in a position to transfer the information elsewhere for personal gain. deBanked examined this subject in years past and learned the lengths that rogue employees go through to extract deal data. For example, when one funding company blocked the ability to transfer data outside of the company’s network, an employee took photos of their screen with their phone. When the employer banned cell phones in the office in response, one employee wrote down deal data on scrap paper, threw it in the garbage, and then returned to the office building after hours to try and fish it out of the dumpster.
The absurdity of that visual alone implies there must be big bucks in the backdoor business. Indeed, according to screenshots forwarded to deBanked of what appears to be an underground Whatsapp group, backdoored deals are currently being marketed for sale with bank statements, social security numbers, and all. A single fresh backdoored file can go for $20 – $35 or buyers can purchase them in bulk, up to 600 at a time, for a discounted price.
“Fresh Packs” apparently fetch more because the applicants may not have signed a funding contract with anyone yet and are theoretically more warm to doing a deal even if they’re not quite sure how the company approaching them got all of their information. And it’s this speed and efficiency of the backdooring happening that’s making things extra difficult for brokers. For Chillemi, he says the backdooring in earlier years would reveal itself when someone would try to call his customer a month or two after the fact. “Like even if it happened after two or three days that felt really fast,” he says. “But now, you’re talking hours, like these people have it within hours and I just don’t even know how anybody could really compete with that.”
Brokers, ready for this, developed a tactic that is still used today as a front-line defense mechanism. They replace the applicant’s email address and phone number on the application with ones they control, so that when an attempted backdooring occurs, the caller is unsuspectingly contacting the very broker they are trying to steal the deal from. The result? They’re caught red-handed.
“I got a text from somebody claiming that they worked at Fidelity,” says Chillemi. “They texted me a picture of my own application. They’re so brazen that they’re just texting the merchant… they thought they were texting the merchant.”
Not only was the Fidelity component a deception, but the mistake of texting the broker who was just waiting to catch them is causing the backdoor shops to evolve. New backdoor callers know the application contact info might be booby-trapped so they’re now skip-tracing the applicants on an automated basis and getting their real contact info and using that instead.
For Feinberg at Everlasting, he says the method of substituting out an applicant’s contact info is not something they do, though he’s aware that it’s done by others in the working capital space. He says that it’s not something that would really be tolerated in the equipment finance side of the industry which operates much cleaner with no backdooring, at least in his experience. The lenders there hate it and everyone involved needs to be able to communicate with the customer. It’s just the working capital deals where all these problems happen.
“It’s defeating, and it’s a very very difficult thing to diagnose,” Feinberg says. He adds that the feeling is worse when realizing that it has happened even when submitting to top tier A players. There’s no delay either. He says that the customer can be called literally within the same hour of submitting it, which puts them in an awkward position.
“They lose complete trust in our company,” Feinberg says. “And it makes it very difficult to be able to work with these clients.”
According to Chillemi of Harvest, “Most of the time what happens is the merchant calls us and says, ‘Now I’m getting all these phone calls people saying they’re working with you,’ and it’s just kind of like an embarrassment of where I’ve got to explain to this person that somebody at these companies leaked their information that wasn’t supposed to. And it just makes me look bad, right?”
Another owner of a large broker shop, who did not authorize his name to be used in connection with this story, says that while everyone’s mind immediately goes to the lending companies, the most common source of backdoored deals is actually from rogue employees inside the brokerages themselves. Whether it’s the rep backdooring their own deals to circumvent splitting commissions with their employer or someone else in the chain that has access to the data, his advice was that brokerage owners first need to look extremely inwards before pointing fingers outwards. Investing in proper security is critical, he says.
But assuming that base is covered, Feinberg says that brokers should do a background check on the lenders and interview them like a lender would interview a merchant for funding.
“We absolutely look into the agreements that we sign but a lot of due diligence happens just on the first phone call,” Feinberg says. “Just on the first phone call we can judge whether this is going to be a real lender…”
A key question to ask, he says, is how compensation works. And that’s because an individual lender will have a defined fixed system whereas a backdoor broker pretending to be a lender is subject to the different compensation structures they have at all their different lending relationships and would not be able to guarantee any fixed commission pricing to the broker they are trying to trick into submitting, that is if they are intending to pay them out a percentage of the deals they backdoor them on in the first place.
“Trust is the number one thing with us,” Feinberg says. “And if trust gets broken, then it’s over. So we really try to work with people that we know personally. And the way that we’ve met people personally is through trade shows, specifically deBanked events.”
Chillemi argues that someone who tries to make their living off of backdoored deals are not salespeople at all, but as he reiterates, losers.
“[the backdoor broker] knows he’s a liar,” says Chillemi, “He’s calling these people saying he’s an underwriter… he’s not strong, he’s not learning. They don’t know what they’re doing. They’re putting the lenders at risk.”
