Time's up: Microsoft Exchange Online users face a key security deadline Saturday – Protocol

Time's up: Microsoft Exchange Online users face a key security deadline Saturday – Protocol

Time's up: Microsoft Exchange Online users face a key security deadline Saturday – Protocol 0 0 Alan Dickson

The company will start disabling a highly vulnerable login option, known as “basic authentication,” beginning on Oct. 1 — though customers will have one chance to buy more time to transition off the system.
Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but “unfortunately usage isn’t yet at zero,” it said in a post earlier this month.
Microsoft is about to eliminate a method for logging into its Exchange Online email service that is widely considered vulnerable and outdated, but that some businesses still rely upon.
The company has said that as of Oct. 1, it will begin to disable what’s known as “basic authentication” for customers that continue to use the system.
Basic authentication typically requires only a username and password for login; the system does not play well with multifactor authentication and is prone to a host of other heightened security risks. Microsoft has said that for several types of common password-based threats, attackers almost exclusively target accounts that use basic authentication.
At identity platform Okta, which manages logins for a large number of Microsoft Office 365 accounts, “we’ve seen these problems for years,” said Todd McKinnon, co-founder and CEO. “When we block a threat, nine times out of 10 it’s against a Microsoft account that has basic authentication. So we think this is a great thing.”

Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but “unfortunately usage isn’t yet at zero,” it said in a post earlier this month.
Microsoft has delayed the phase-out of basic authentication on several occasions to give those laggards an opportunity to adopt a “modern authentication” system, which supports a more-secure approach, known as OAuth 2.0, and is easier to use with MFA. Now, the company is in fact giving customers one last chance to buy some more time for the switch.
When we block a threat, nine times out of 10 it’s against a Microsoft account that has basic authentication.
If a customer finds that it can no longer access its accounts after this weekend because basic authentication has been disabled, the customer will be allowed to re-enable basic authentication one more time for each Exchange Online protocol that it might use. Basic authentication will remain enabled until the end of December, but will be eliminated, for good, after that, according to Microsoft.
“Our goal with this effort has only ever been to protect your data and accounts from the increasing number of attacks we see that are leveraging basic auth,” the company said in the post. “However, we understand that email is a mission-critical service for many of our customers and turning off basic auth for many of them could potentially be very impactful.”
In essence, Microsoft’s message to customers is that “we’re forcing you down the path of better security,” which overall is a win in the battle against cyberattacks, said Joseph Carson, chief security scientist at privileged access management vendor Delinea.
Still, for businesses that have been slow to adopt newer technology and have yet to move off basic authentication, the upcoming move could pose a significant disruption, Carson said.
“They’re going to be struggling to move forward,” he said. “It could prohibit the business from functioning for a while until they make the [modern authentication] investment.”
Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.
The new Microsoft Cloud Partner Program forces new certification requirements on the hundreds of thousands of partners that sell and support its products and services. Nicole Dezen says those changes now give customers “total clarity” into which ones are best suited to meet their cloud needs.
Nicole Dezen, Microsoft’s chief partner officer, talked with Protocol last week about the company’s announcement.
Donna Goodison (@dgoodison) is Protocol’s senior reporter focusing on enterprise infrastructure technology, from the ‘Big 3’ cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.
As Microsoft launches the biggest overhaul of its partner program today since 2010, its new chief partner officer says the changes will help enterprises and other customers more easily identify qualified partners that are the right fit to help with their cloud needs.
“All of our priorities, all of our design principles, are built with the customer in mind,” Nicole Dezen, Microsoft’s chief partner officer and corporate vice president of global partner solutions, told Protocol in an exclusive interview, her first since being appointed in July.
Microsoft is ditching its generic, customer-facing Silver and Gold designations for its 400,000-plus partners — the technology companies that sell and support its products and services — in favor of a tougher certification process that categorizes them into six core selling areas. In the past, Microsoft has said that partners have a hand in 95% of its commercial revenue.
Under the new Microsoft Cloud Partner Program, first announced in March and officially rolling out Monday, those resellers, systems integrators, managed services providers, device partners, and independent software vendors, or ISVs, now must earn a minimum “partner capability” score to obtain Solutions Partner designations in Azure data and artificial intelligence, Azure infrastructure, Azure digital and app innovation, security, “modern work,” and business applications. Microsoft Solutions Partners also can earn specializations and expert program status that recognize their expertise and experience in specific technical scenarios under each solution area.

“What I think is unique about the Microsoft Cloud Partner Program is it gives customers total clarity on the partner that has the designations, the specializations that are a great fit for their needs for whatever unique cloud solutions they’re looking for or the transformation that they’re trying to get after,” Dezen said. “It’s like a clear road map, so to speak.”
A 12-year Microsoft veteran, Dezen most recently served as corporate vice president of device partner sales. She talked with Protocol last week ahead of Monday’s announcement.
This interview has been edited and condensed for clarity.
Why are these changes better for Microsoft partners?
We’re sunsetting our legacy MPN [Microsoft Partner Network] and the Silver and Gold competency programs, and we’re replacing them with these six simplified solution partner designations that really align so nicely with the solution areas that make up the Microsoft Cloud. What this means for partners is that they get to differentiate themselves in a very competitive market to customers.
It’s a really important moment to showcase to partners that we are evolving … as the market is evolving, and we are introducing new capabilities in our programs that let partners focus on their own innovation, leverage our R&D investments, and help customers. The program makes it very easy for partners to understand the things that they need to do to activate all of the resources that we uniquely deliver to partners, whether that’s our R&D investments, our go-to-market scale and capability, or innovation.
Partners can plug in via skilling, incentives, [or] investments to make sure that they’re getting the best of what I think is Microsoft’s unique differentiation, which is our tech stack plus the combination of the way we go to market, which is the asset of our commercial marketplace combined with our 35,000 [Microsoft field] sellers.

What’s been the reaction among partners?
We’ve spent the last six months talking to partners, listening to their feedback, answering their questions. I’m really optimistic that the partners are excited about what we’re doing. They’re excited about the [timing] of this. They see that the portfolio of assets that we’re bringing together with a trusted platform, services, products, and investments for them are so aligned to the way that customers are actually buying products. And it’s aligned to the way that Microsoft sells, so it’s an accelerant for the partners.
What percentage of partners have decided to join the new program versus renewing their legacy statuses for a year?
We’re not disclosing specific numbers, but what I will say is partners have the ability to start earning designations immediately. And for partners that aren’t quite ready — first of all, we’re leaning in with resources to help partners make that shift — but they can continue to enjoy their competency benefits uninterrupted through their annual term. They can even renew those benefits after the Silver and Gold badges have retired.
When Microsoft announced the new program in March, it said partners’ preliminary partner capability scores would be available then, and they had to achieve at least 70 points out of 100 to earn a designation. What percentage of partners needed Microsoft’s help in getting to 70 points?
Every partner is in a different place on their journey. We have broad-reaching guidance through our partner center that tells partners exactly how they can improve their score in the different categories: performance, skilling, and customer success. Partners can start earning those designations immediately. There are some partners that are well on their way.
Partners still remain our partners regardless of their designation, and so we’re always going to look for ways to support our partners through any evolutions that are happening with us and in the market. I recognize sometimes change is hard for people, and so we’re going to meet partners where they are. But I really believe that this program is the thing that’s going to differentiate partners, and so it’s in our interest, in our partners’ interest, and frankly, in the customers’ interests, for partners to lean in and do this work with us.

The economy has tumbled since Microsoft announced the changes that take effect today. Were any considerations given to partners that might be experiencing economic challenges?
I actually think the time is better than ever. This is a challenging market, there’s no question about it, but customers need help. They need help to digitally transform, and it’s in their economic interest to do that. We’re giving partners the skills, the resources, the assets, and the partnership to enable them to show customers how they can run their businesses more cost-effectively digitally.
I recognize sometimes change is hard for people, and so we’re going to meet partners where they are.
Can you talk about the changes coming with the industry designations for ISVs?
There are actually two immediate investments that we’re making around ISV Success, which is the pathway for ISVs within the Microsoft Cloud Partner Program, and then the industry designations. Those are going to be available later this year. They will differentiate solutions based on the demonstrated performance with customers, their technical maturity, and customer success. The first three industries are health care, retail, and financial services. It’s designed with the intent that it will help these ISVs differentiate their solutions by both industry-specific scenarios as well as the broader technology and line-of-business capabilities.
Can you give a sneak peek of anything else that’s coming after these changes?
The way to think about it is the Microsoft Cloud Partner Program is designed for every partner. We want to invite every partner to participate in it. So the things that you could expect to see in the future are more design capabilities for partners like device partners, mixed-reality partners, learning partners, success partners. We’ll have more specific capabilities roll out as we advance the program.

What are some common problems or challenges that partners have communicated to you?
Partners are deciding how quickly they can evolve and modernize their businesses. That’s pretty core to the discussions that we have with partners all the time: How can we help them? How can we help them make more money? How can we help them run thriving, profitable businesses to help their own employees?
We just published [Microsoft-commissioned research] from IDC. It’s a great illustration: It talks about how partners that invest with Microsoft see distinct business value and growth. There’s really two things that popped for me. One was that partners that engage deeply with Microsoft see faster growth and higher margins. Partners that invested across all six of our solution areas are estimated to grow revenues by 47% this year. The second one is around co-selling and going to market with us. The research showed that the most successful partners we have are engaging across the variety of go-to-market resources with us. These are partners that develop differentiated, value-added approaches to customers that align with Microsoft’s strategy.
Partners that invested across all six of our solution areas are estimated to grow revenues by 47% this year.
Are there any emerging technology areas where you’d like to see more partners investing in?
I’d like to see more partners in all of our solution areas. The party’s open. There are some things that are very timely: certainly security, data, and AI. These are very hot and relevant topics for customers right now, and so that’s pretty core to the conversations that we’re having with our partners.
Are you going to get involved in trying to bring more female-led partners into the program and promoting greater diversity overall?
I have a massive responsibility to be a loud voice for diversity and representation in the ecosystem. Any things that we can do to help more diverse partner types participate in our programs, build their own businesses with Microsoft, and then help customers, for me that’s not just a professional win, it’s a personal one.

Donna Goodison (@dgoodison) is Protocol’s senior reporter focusing on enterprise infrastructure technology, from the ‘Big 3’ cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.
Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America’s technology leadership.
Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.
From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: “intellectual property protection is vital for American innovation and entrepreneurship.”
Patents are the primary means of protecting IP — trademarks, copyrights, and trade secrets offer additional IP protection — and represent a rule-of-law guarantee akin to a deed’s role in protecting land ownership. The founders of the United States wrote patent protection into the Constitution to “promote the progress of science and the useful arts.” Abraham Lincoln revered patents for adding “the fuel of interest to the fire of genius.”

A fireside chat with Qualcomm youtu.be
In today’s knowledge-based economy, IP rights play a foundational role. “Core R&D is the first step in getting good products into people’s hands,” said John Smee, senior VP of engineering and global head of wireless research at Qualcomm.Everything from smartphones to the Internet of Things, automotive and industrial innovation begins as a breakthrough within our research labs.” At Qualcomm, Smee said, strong IP laws help the company confidently conduct cutting-edge 5G and 6G wireless research that will make its way into products ranging from everyday consumer goods to the factory floor.
Semiconductor companies, in particular, are fiercely protective of their IP because it’s their primary competitive advantage. Chip companies go to extraordinary lengths to protect their IP by maintaining black boxes only accessible to one person per fab, choosing highly secure operating locations, and keeping R&D teams separate from fab operations teams.
On the legal side, America’s Semiconductor Chip Protection Act of 1984 bestows legal protection of chip topography and design layout IP while the EU’s Legal Protection of Topographies of Semiconductor Products of 1986 protects IC design. These regulations “have encouraged firms to continue to innovate,” according to the findings of Qualcomm’s and Accenture’s report, Harnessing the power of the semiconductor value chain.Having a high-quality patent portfolio also helps companies build out their ecosystem, should they choose to license, through advising, training, support for launches, assistance in expanding to new markets, and much more.
Licensing democratizes innovation and invention— it makes the cutting-edge IP developed by one firm accessible to a broad range of others. As such, it allows other companies to skip the R&D step and jump right into building on the innovator’s foundation. This lowers the barrier to entry for upstart companies while providing a steady return on investments for the companies who have the resources to dedicate to heavy R&D.

An outsize economic impact
IP protection also has an outsized impact on the US economy and helps create good higher-paying jobs. A report from The United States Patent and Trademark Office (USPTO) found that in 2019 industries that intensively use IP protection account for over 41% of U.S. gross domestic product (or about $7.8 trillion) and employ one-third of the total workforce — that’s 47.2 million jobs. In 2019, the average weekly earnings of $1,517 for workers across all IP-intensive industries was 60% higher than weekly earnings for workers in other industries.

Workers in IP-intensive industries were more likely to earn higher wages as well as participate in employer-sponsored health insurance and retirement plans, the USPTO report found.
But patent laws are often subject to much debate — one person’s idea of protection is another’s view of monopoly. That’s where organizations like LeadershIP come into play. The group brings together experts on IP and innovation to debate issues at the intersection of research, policy, and industry.
In addition, several efforts are underway to help inventors get their ideas into the marketplace. The Inventors Patent Academy (TIPA), for instance, is an online learning platform aimed at guiding inventors through the benefits of patenting and the process of obtaining a patent. TIPA has designed its program to make patenting more accessible and understandable for groups historically underrepresented in the patent-heavy science and engineering fields, including women, people of color, people who identify as LGBTQIA, lower-income communities, and people with disabilities.
Closing these gaps would promote U.S. job creation, entrepreneurial activity, economic growth, and global leadership in innovation. Estimates suggest that increasing participation by underrepresented groups in invention and patenting would quadruple the number of American inventors and increase the annual U.S. gross domestic product by nearly $1 trillion.
If we want our nation’s rich history of innovation to continue, experts say, we must create an IP protection ecosystem that helps ensure that tech innovation will thrive.
“With the protection of patents,” Smee said, “there is no limit to where our creativity can take us.”

Notion COO Akshay Kothari says there’s room to grow, aided by a new CFO who knows how to take a company public.
Notion has hired its first chief financial officer: Rama Katkar.
Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She’s a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school’s independent newspaper. She’s based in D.C., and can be reached at llawrence@protocol.com.
It’s been a year since Notion’s triumphant $275 million funding round and $10 billion valuation. Since then the landscape for productivity startups trying to make it on their own has completely changed, especially for those pandemic darlings that flourished in the all-remote world.
As recession looms, companies looking to cut costs are less likely to spend money on tools outside of their Microsoft or Google workplace bundles. Enterprise platforms are bulking up and it could spell trouble for the productivity startups trying to unseat them. But Notion COO Akshay Kothari says the company is still aiming to build the next Microsoft, not be the next Microsoft. And in a move signaling a new chapter of maturity, Notion has hired its first chief financial officer: Rama Katkar, Instacart’s former VP of finance.
Figma, which Kothari called a “sister company” to Notion, decided to join Adobe for $20 billion instead of beating them. But Notion is hungry for more. Unlike other startups that have pared down during the downturn, Notion has gone on the offensive with acquisitions of calendar app Cron and workflow app Flowdash, as well as launching a global ad campaign. Notion also retained its valuation after employees sold shares to investors in a tender offer. Kothari said he doesn’t feel Notion has to “entertain any discussions” about being acquired; there’s more room for Notion to grow, he said, both in the consumer and enterprise spaces.

“It’s almost not worth thinking about the hypotheticals because there’s just so much that is left to be done, that we could do ourselves,” Kothari said.
Katkar’s hire is a sign Notion may even go public in the near future. The CFO has some experience in this area (Katkar prepped Instacart for its impending, and lately somewhat troubled, IPO.) When Protocol asked about Notion’s IPO plans, she didn’t commit to a “yes” or “no.” Instead, Katkar said Notion is “focused on building” and tackling the international knowledge worker market.
Whenever a late-stage private company hires a CFO, that means they’re thinking about “the next step,” Wing Venture Capital partner Zach DeWitt said. Going public is typically this next step, and so hiring a CFO with public company or IPO-readiness experience is the way to go. “Usually around $5 million of revenue is when a company starts talking about a VP of finance,” DeWitt said. “By the time the company has $50 million of ARR, they should definitely have a CFO, in the majority of cases.”
At Instacart and before that at Credit Karma, Katkar developed the financial processes and functions necessary for a maturing company. These IPO-readiness skills apply to private companies too, she noted.
“That concept of public company readiness is just a framework,” Katkar said. “But in reality, I think even large private companies benefit from operating that way.”
Katkar was the No. 2 financial officer at both Instacart and Credit Karma, and she feels ready to take on the CFO role. Notion was at the top of her list for its simultaneous consumer and enterprise focus, Katkar said.

Kothari describes Notion as a “B2C2B” company. Notion doesn’t target CIOs, but rather consumers who then work to formalize Notion inside their companies, the so-called “shadow IT” or, in Notion world, “Notion Champions.” Lately, Notion has been working on making its product more translatable for large companies, adding more admin controls and specific workspaces for teams. But Kothari said he’s not forcing Notion into the enterprise at this point.
“Eventually, we’ll get to a point where we can actually go up to the CIO of a company, who’s never heard of Notion, and convince them to roll out Notion company-wide,” Kothari said. “But most of the work right now is happening through the employees, through the community.”
Notion’s ad campaign, with billboards in London, Paris, Seoul, Tokyo, New York, and San Francisco, emphasizes the note-taking tool’s ability to help organize personal life, not just work. Kothari also pointed to the company’s New York City and San Francisco pop-up stands offering bucket hats and coffee as part of the broader brand campaign. This type of branding, as well as the company’s investment in and popularity on TikTok, helps target Gen Z and students who might become Notion worker-champions someday.
“We can put our energy into making sure our consumers get to use the product for free because we know that downstream, that leads to a B2B business being built in the long run,” Kothari said.
But Notion’s B2B approach is ultimately not as strong when going up against enterprise software giants with stronger distribution models. DeWitt pointed out that Notion’s valuation is similar to Figma’s at $10 billion, making it a potential candidate for a lucrative acquisition someday. “I’m sure there are some large companies, like Microsoft would be a natural buyer here, maybe even Salesforce, that are thinking about potentially acquiring Notion,” DeWitt said. “It’s a great category, a great team, a great product. It’s got a lot of momentum.”
Kothari said he feels a close kinship with Figma, as the two companies had similar growth trajectories and similar obsessive, loyal user bases. He’s known CEO Dylan Field for over a decade. The Adobe deal shows “how much existing legacy companies really appreciate the power of these new businesses,” Kothari said.

Kothari has been through acquisitions twice, with LinkedIn buying his content platform Pulse, and then Microsoft buying LinkedIn. Kothari said it’s not in the cards for Notion, at least not right now.
“When [Notion CEO] Ivan was recruiting me, he said, do you want to work at Microsoft or do you want to build the next Microsoft?” Kothari said. “I’m personally excited about continuing to build here and seeing if we can continue to remain independent.”
Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She’s a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school’s independent newspaper. She’s based in D.C., and can be reached at llawrence@protocol.com.
There’s no let-up in the surge of cyberattacks against businesses. But shutting down the hackers will require many enterprises to evolve their strategy.
In today’s enterprise, “identity and security are very merged.”
The CFPB says it is closely monitoring secured credit cards offered by neobanks.
Regulators are scrutinizing neobanks’ card offerings.
Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.
About one in six Americans has a credit score below 619, according to the CFPB. Another 23% have too thin a credit file to score or no file at all. That puts them in a credit trap: To build credit, these consumers need someone to give them a line of credit with which they can demonstrate good financial habits. But with scores that low, few lenders are prepared to offer them anything.
Neobanks say they can solve the problem through a new twist on secured credit cards. But regulators are already scrutinizing their offerings.
Secured credit cards have been an answer to the thin-credit problem for decades because they allow subprime borrowers to open a line of credit when they otherwise can’t by depositing cash upfront. That sum determines the borrower’s credit limit, and gives the banks collateral to hold on to in case of default. However, most require several hundred dollars as a deposit and impose hefty interest rates and fees, which low-income borrowers struggle to afford.

Neobanks say they can avoid those problems and still help users build credit through secured credit cards that allow customers to repay their credit balance directly using their deposited cash, rather than keeping that money set aside. The products allow customers to build credit while paying for everyday expenses, neobanks say, without having to save up extra cash first.
Chime, Varo, and GO2bank describe it as a win-win for consumers and fintechs — consumers can raise their credit scores, and the neobanks earn loyal customers.
But some in the industry see red flags. “They are, functionally, prepaid credit cards,” fintech analyst Alex Johnson told Protocol. That raises the concern that neobanks may be helping users increase their credit score with a tool that doesn’t actually indicate their ability to repay. “If I was a lender, I’d be pissed about having to untangle the trade lines in these consumers’ credit files in order to make sure I wasn’t mistakenly granting credit to high-risk applicants.”
Chime, Varo, and GO2bank’s secured credit cards each have similar mechanics: First, a user moves money from a checking account into a separate credit-builder account. The amount of money they move determines their credit limit: If a user moves $200 into the credit-builder account, they can spend up to $200 on a linked secured credit card. Then, at the end of the payment period, users can pay off their credit card balances with the money they’ve deposited — in this example, that same $200. Both Varo and Chime also allow users to sign up for automatic payments.
Varo and GO2bank told Protocol that it’s that third step — having to pay off the credit card at the end of the payment period — that makes the cards credit cards, not prepaid debit cards. Late payment or failure to repay can damage users’ credit scores. GO2bank additionally charges up to $39 for a late payment. Chime declined to answer any questions for this story.
With this distinction, neobanks are subject to regulations that govern credit but not debit cards, like the Truth in Lending Act. They also, crucially, can market the cards as credit-building tools. The companies make 1% to 2% more in interchange on credit cards than they do on debit cards, though pending legislation may curb these fees.

Visa, on whose network Chime, Varo, and GO2bank’s secured credit cards are issued, did not respond to questions about whether the cards resemble prepaid debit cards. Equifax, Experian, and TransUnion also did not respond to questions about whether the cards accurately indicate customers’ ability to repay.
Varo and Go2Bank both say they are not worried about pending legislation changing the amount they can charge on interchange because the credit-building products are not a core source of profit. Rather, representatives of both banks told Protocol the product serves to help them meet customer needs and thus build goodwill with their users. “We’re building deeper connections and deeper engagement,” Raktim Mitra, Varo’s head of credit cards, told Protocol.
The CFPB acknowledged Varo and Chime’s secured credit-builder products in its 2021 Consumer Credit Card Market Report, without mentioning whether the products might deserve further scrutiny. When Protocol asked the bureau for an update on its views, a spokesperson said that “the CFPB is aware of this market development, and we are monitoring this issue closely.”
For consumer advocates, the ambiguity around such programs is a symptom of a larger problem: The CFPB has yet to bring neobanks fully under its regulatory purview. Under the law that created it, the bureau can supervise financial institutions with over $10 billion in assets and certain participants in consumer financial markets, like those that work in consumer reporting, debt collection, or the servicing of some loans.
The bureau invoked a dormant authority to investigate nonbank fintechs in April of this year, though consumer advocates have been advocating for more regular and thorough supervision. “There’s no accountability as of right now,” said Rachel Gittleman, head of financial services outreach at the Consumer Federation of America.
Gittleman’s primary concern with the credit-builders is that consumers may not understand they are using a lending product, despite the terms and conditions laid out in fine print. Though Chime, Varo, and GO2bank each market their products explicitly as secured credit cards, they downplay possible negative impacts on a customer’s credit, and automatic payment options make the products feel more like a regular debit card that doesn’t have default risk. Neobanks, Gittleman warns, have a habit of “marketing the way [they] want the product to be viewed rather than what the product is.”

Representatives from Varo and GO2bank disagreed. Varo’s Mitra pointed out that customers must have a qualifying deposit of $100 to use the product, which he said helps customers understand that they are signing up for a credit product rather than something entirely risk-free.
Abhijit Chaudhary, chief product officer at GO2bank parent Green Dot, says the company over-communicates, if anything. “At times we get annoying, but it’s extremely important to ensure our customers know when the bill is due, at what time they need to make a payment, and that we do everything we can do so that they can at least make a minimum payment and not fall delinquent,” he said.
“Access should not be a privilege,” Chaudhary said, quoting a common refrain of Green Dot’s CEO Dan Henry. “Credit-building is a journey, and a big enterprise initiative for us — secured credit cards are just one part. We are continuing to invest.”
Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.


    Would you like to receive notifications on latest updates? No Yes