Security & Fraud

How N26 Is Expanding And Onboarding, Securely

For German bank N26, Know Your Customer means knowing their payment habits so well that fraudulent imitators stand out like sore thumbs. In the December PYMNTS Digital Identity Tracker™, powered by Socure, N26 CEO Valentin Stalf explained the bank’s AI- and machine learning-infused approach to protecting its customer base from digital ne’er-do-wells. Plus, the latest headlines on new additions to the biometrics authentication arsenal, from palms to faces, and a provider directory of 143 major players.

Whether they’re banks or bakers, most businesses want to get bigger — after all, growth means new territory, new customers and, of course, new revenue. For financial institutions, however, more customers and more money also often means more fraud. So, what’s a growing financial institution to do?

According to Valentin Stalf, co-founder and CEO of digital bank N26, the answer to that seemingly complicated question is simple. Financial institutions focused on growth will need to work harder, and smarter, to protect customers, their data and their funds, Stalf said.

“Security is really a function of how hard you work, how much effort you put in and how smart your team is,” he said.

N26 originally launched without a banking license under the name Number26 in Germany in 2013, operating as a financial interface. Later that year, the company acquired a banking license and began offering more traditional financial services throughout the European Union (EU).

Now, after adding more than 500,000 customers in Germany and 16 other countries throughout the EU, the company is setting its sights on expanding into new markets, opening for business in Ireland, the United Kingdom and the United States. In a recent interview, Stalf discussed the company’s strategy for bolstering its security as it expands into new markets and acquires more customers.

Stalf told PYMNTS the company has found security success not by following the lead of other successful companies in the financial space — but instead by eschewing many common conventions.

“I think, in general, our approach to security is to see what other banks have been doing wrong and to try to improve on that,” he said. “Our approach to security is a much more risk-based approach than other banks.”

Forging New Paths while Fighting Fraud 

Stalf noted the bank is eyeing expansion in the U.K. and the U.S. for the opportunities both markets hold. But, he acknolwedged that adding more customers to its base comes with a whole new set of challenges surrounding fraud and security. So far, the company has not adjusted its security requirements based on the size of the payment or transfer being made, nor that transaction’s destination, as many others have.

“Whether you’re transferring €1 to yourself or … €10,000 to Hong Kong from Europe, the security standards should be the same,” Stalf said. “Independent of the amount a customer is transferring, where that’s going, what the customer [is] doing with it, you should always have to apply … the same security measures.”

Instead, the company is working toward build a banking and payment profile for each of its customers. The profile is based on a range of factors, derived from data that N26 collects from user accounts, and includes data such as a user’s transaction history and typical transaction behavior, among other information.

Then, when a user makes any transaction — whether it’s moving $200 from a savings account to a checking account to help pay for an emergency purchase or a wire transfer worth tens of thousands of dollars — the company checks the details against a customer’s profile. If the transaction seems suspicious, it’s flagged for further scrutiny before being accepted and processed.

Stalf said one of the things that sets N26’s system apart is that it offers customers a higher level of security without disrupting their user experience, which often causes customers to ignore security warnings or drop out of authentication processes altogether.

“Banks are always saying that they are trying to balance trading off customer experience for security, but I think you can have both,” Stalf said. “This allows us to process most transactions easily without having to interrupt the customer experience to verify or authenticate the transaction. And, for those risky transactions that have a high-risk score, we can still provide a high level of scrutiny and security.”

Battling New Threats with New Tech

N26’s customer profiles and transactions are not cross-referenced by tellers or other bank employees, however. That would take too much time, especially in today’s increasingly fast-moving financial world, Stalf said.

Rather, the company’s profile system relies on the use of artificial intelligence (AI) and machine learning, which help N26 learn customers’ tendencies and apply them to new transactions. The company also uses AI and machine learning technologies in other situations, and it plans to employ the technology in other use cases going forward.

“If you’re starting a family, you’re going to have different financial and security needs than someone who is a student,” he said. “So, I think there are use cases there for AI and machine learning to help us find the best features and options to offer our clients.”

The company is also exploring other authentication solutions, including biometric security. N26 recently added facial recognition to its iPhone X app to allow customers to log in to their accounts using the phone’s facial scanner, and Stalf said it plans to continue to implement new security measures as they are unveiled to the public.

“Security is a top priority,” he said, “and we need to be smart about how we build our systems.”

 . . . . . . . . . . . . . . . . 

To download the latest edition of the Digital Identity Tracker™, powered by Socure, fill out the form below.

First Name*

Last Name*



Work Email*

About The Tracker

The Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact or otherwise confirm their identities.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.