Sept. 22, 2022 — As various government agencies and reports use slight inflationary easing to show the economy isn’t in such bad shape, there’s an unescapable chill in the air, and it’s not just winter. It’s the cold reality that living is less affordable than ever.

To track these trends, PYMNTS has partnered with LendingClub on the “New Reality Check: the Paycheck-to-Paycheck Report,” an ongoing series tracking how Americans at various income levels and in different demographics are affording — if just barely — the cost of living.

In a conversation with PYMNTS’ Karen Webster, LendingClub CEO Scott Sanborn pushed past recent marginal improvements to Labor Department inflation numbers, pointing to the fact that credit card balances are growing, delinquencies are rising and we don’t have the full picture.

What remains unspoken, he said, “is the way they report delinquencies is on their entire outstanding percentage of delinquent loans on their outstanding portfolio. The thing about credit cards is I think the average age of the balance is between five and seven years. You have this massive amount of balance that’s old, that’s very stable.”

While personal loan delinquencies are not apples to apples as a credit card comparison, he said that “if you look by vintage, the quarterly [credit] delinquencies are fanning like crazy, and none of them are talking about it.”

Portfolio delinquencies may look okay, but that’s a function of time and new balances which haven’t had time to hit issuers yet.

“Just compare the first six months of credit cards issued in Q2 of this year versus the first six months in any of the last 5 to 10 years,” he said. “They look remarkably worse, but nobody’s talking about it.”

Webster marveled at the fact that the Apple Card is being offered to subprime borrowers with scores as low as 620 to 660 given that backdrop. Sanborn sees that as an unavoidable buy-on terms trap that manufacturers/retailers like Apple are now stuck in.

He said, “As a retailer, the idea that somebody walks into the Apple Store and says, ‘I’d like to buy a new iPad,’ and you say, ‘No, I’m sorry, you can’t have one,’ that’s the business of extending credit. It’s super painful for people who aren’t in the business of credit.”

To keep that machine making sales and not declining brand loyalists, Apple and others are demanding and committing to approval rate minimums from their finance partners — in Apple’s case, Goldman Sachs — some of which end up in that delinquency pile.

‘A Fundamental Misunderstanding’

On the larger issue of perceptions around paycheck-to-paycheck living in America, the most recent New Reality Check study found that 59% of U.S. consumers lived paycheck to paycheck in July, down from 61% in June. However, on the 12-month view, it trended up from 54% in July 2021.

These consumers exist on a continuum of living check to check, from comfortably handling monthly expenses to struggling to meet rising costs, with more now falling behind. Asked why paycheck-to-paycheck consumers are often written off as “poor” or irresponsible, Sanborn sees decades of pile-on effects that erased hard-won benefits like pensions as the real culprit.

“There’s just a fundamental misunderstanding,” he said. “There’s room for interpretation on what does it mean to live paycheck to paycheck? And if what you think of living paycheck to paycheck is you use your paycheck to cover only 100% discretionary items and then you’re out, that is a definition. But the reality is, who’s to determine what’s discretionary?”

Learn more: How Did $1,400 Become the ‘New’ Average Emergency Expense?

Running down the list — transportation, dining, contributing to 401k and HAS plans — he said these could be considered “discretionary” as much as date night, underscoring the confusion.

Here again, Sanborn invoked perception versus reality. Noting that “$370 billion worth of deposits left the system — that’s a record, that is people tapping into their savings,” he said it’s also clear in retail sales trade-downs and rents that are now up 15% year over year.

“Back to this point of being poor and living paycheck to paycheck are not the same thing,” he continued. “Yes, the inflation over the last year has been acute, but over the longer arc of the last 20 years, cost of housing, cost of healthcare, cost of education are all going up exponentially, and over that entire 20-plus-year period, wages have only recently in the last two years started to move.”

Paycheck-to-Paycheck Living Hits Crisis Levels

His underlying point is that perceptions of paycheck-to-paycheck consumers are hopelessly outdated and misaligned with the financial realities of 2022, and even prior years.

Illustrating his point, he said, “If you are able to have a credit card that has a balance, you’re credit worthy. Equating it to whether it’s a lower income [individual] or lower credit quality is not accurate. The data does not support that. Why else would 54% of Americans have credit card debt that they do not pay off? If they had the capacity to pay it off, they would.”

In a move to give struggling consumers options, LendingClub acquired Radius Bancorp in 2021, adding savings accounts to its portfolio in a bid to help consumers boost their financial health.

Sanborn said, “We’re helping them legitimately find savings by offering one of the highest rates possible on the savings account in the country. That’s the commercial aspect. But the human aspect, the broader the policy aspect is we’re all talking about the climate crisis and that’s real. This is also a crisis, and it’s also real, and it is also happening. We have this massive bubble of people heading toward retirement that are not going to be able to afford retirement.”

Conceding that there’s no silver bullet solution, Sanborn believes housing, healthcare and retirement are three major areas deserving public-private action with urgency.

Courtesy of PYMNTS.com

Courtesy of Moebs $ervices, moebs.com

The result would be:

678.2 Million debit cards purchases of gas, groceries, dentist, etc., would be declined.
60 Million Americans’ ACH payments returned NSF for cell phones, auto loans, mortgages, etc.
$33.4 Billion of overdraft revenue would not be charged to the consumer.
111,000 financial institution employees would lose their jobs.

This is what the Consumer Financial Protection Bureau, not Congress, is considering doing. The CFPB reports to the President of the United States, not Congress.

What follows is Moebs $ervices’ Study on The Evolution of Overdrafts done in two parts.

This is Part I – the History of Overdrafts.
Part II – the Overdraft Solution is subsequently provided in the next issue.
(If you would like a copy of the full study now, email [email protected]).

The Evolution of Overdrafts
Study by Moebs $ervices, Inc. ©2022

Consumers make financial mistakes. Most are just ordinary errors while some are intentional and even fraudulent. Checking accounts, or transaction accounts, as the rest of the world calls them, suffer the brunt of these errors. The leading cause of these mistakes, or 77.4% of all service charges on deposits, are overdrafts.

These facts come from an extensive Overdraft Study by Moebs $ervices, an economic research firm.

An overdraft is defined as a credit, but not a loan by the Federal Reserve and other regulators. An overdraft is when a transaction account has a debit balance, or withdrawals (debits) mainly debit cards, exceed deposits (credits) mainly direct deposits of payroll or ACH credits.

Click here to read the full article

Related reading: Summary in CUToday.info “One Forecast: ‘Half of CUs Could Close”

Courtesy of Matthew Gracey-McMinn, Payments Journal

“We would like to text or call you with a code.” That familiar phrase usually means multi-factor authentication (MFA) is in play. It’s an added layer of protection that businesses are using to protect accounts, and it’s become commonplace at financial institutions to secure personal data. From banks to brokers to crypto wallets, there is an expectation that it is implemented by institutions. However, MFA is far from foolproof. Criminals can still find their way around it to carry out attacks.

The holy grail for hackers is to successfully takeover an account utilizing techniques such as credential stuffing. This requires the attacker to acquire a list of username and password pairs and then thrust the credentials onto login pages using bots. The speed and volume at which bots can fill in login forms helps the hacker find a winning credential combo quickly. The data used often comes from leaks, stolen device fingerprints, or session cookies sold on the dark web or marketplaces like Genesis Market.

So, suppose a criminal launches an attack that could be attempting millions of logins within a few hours. In that case, the success rate can yield hundreds or thousands of accounts. Credentials can be validated and used to reset a password, completely control an account, and even transfer funds elsewhere.

MFA can stop an account takeover following a successful credential stuffing attack by requiring more than just a password to validate a legitimate login and prevent automated attempts. But it’s not airtight. Some sites use 2FA (two-factor authentication), a type of MFA that uses two factors for login, such as credentials and a device.

The secret ingredient for hackers to bypass MFA security is using a combination of bots and human intervention. The goal is to either sidestep the need to use MFA for access or use tricks to fool account owners into handing over MFA codes.

Here are the five most common techniques financial services organizations need to know about:

Targeting financial aggregator sites. APIs are easily exploitable via financial aggregator sites. Customers of services such as Mint or Plaid use these apps to manage their finances, aggregating accounts into a single view. These apps can access account information and even make changes using the bank’s API or a web app, sometimes without requiring MFA. A threat actor can perform credential stuffing using a financial aggregator app to bypass MFA controls or can target the aggregator app itself taking over a customer’s account there and thereby getting some degree of access to their banking information.
Stealing security questions with social engineering. The most common method of verifying a user’s identity is through security questions. Security questions are often in place to bypass MFA if users lose or don’t have access to their device. Attackers use social engineering, which can be as simple as looking at social media profiles, to answer common security questions and access accounts without MFA. Bots can then use credential stuffing techniques to bypass MFA and input answers to security questions using brute force or publicly available data.
Generating phishing scams. Phishing is one of the most popular means of acquiring sensitive information such as passwords or answers to security questions. Attackerstry to convince individuals to visit a fake login page and input the MFA code. The threat actor might also email or phone an individual and impersonate their bank to ask for the MFA code. In this way, attackers gain access to MFA codes maliciously rather than bypass MFA.
Exploiting Man-in-the-middle (MITM) tactics. The threat actor positions themselves between the bank and the customer (often using malware) and intercepts messages between them. This tactic is used to acquire an MFA code by linking to a fake page asking for the code.
Using SIM swapping techniques. Bad actorsintercept text messages sent to a user’s phone number and send them to another handset. This is accomplished by calling the user’s SIM provider, impersonating the customer, and passing on security questions. The criminal convinces the provider to swap the phone number to the attacker’s SIM card. Once set up, they use the phone number as authentication to access the account.

MFA might present a more vigorous defense than using a password, but it’s not a fool-proof guarantee against successful attacks. Bypassing MFAs may require human intervention, but it can still happen. When you factor in bots attacking at scale, the risk increases, and the success rate becomes much higher. Banks need to be on the lookout for malicious activity and educate customers about deceptive behavior such as phishing and social engineering. Adding extra layers of security to stop the bot attacks that are the precursor to the phishing and social engineering attacks will also help to protect systems. Don’t forget, security requires greater depth to successfully deal with more sophisticated criminals. Financial institutions must stay one step ahead.

Disclaimer: This article represents the views of the author only. They are not themselves a statement of any official government policy and does not represent the views or policy of the National Association of State Credit Union Supervisors (NASCUS),

OPINION: Paycheck-to-Paycheck Living Is ‘New Climate Crisis’