I think there are a lot of great things about Mercury - I've used them for a few companies and think they are leading the way on an innovative feature set. It's very easy to create unlimited debit cards and limit them in a variety of ways to name just one small feature. Very handy.
That said, they lost a $250,000 incoming wire critical to my business and I couldn't get a hold of anyone until I started tweeting about it a week later and the CEO responded. The money showed up with no explanation, ever. We stopped using them for critical money flows after that.
neilv · 19h ago
> [...] to offer a polished, differentiated UX lacking in traditional banks’ platforms.
It's not even always legacy systems, but rather, not hiring and empowering the right ICs and management.
Latest anecdata is from 2 days ago. I was trying to use a fairly new banking service feature of a major bank's Web site, and it had a superficially modern-looking UI, but I quickly found a few outright bugs in it.
In a banking transaction...
* A box with the summary breakout of subtotal, transaction fee, and total... had a very wrong total, based on the other numbers right there.
* At some point during a use case, the currency indicator on the total changed to that of the wrong country, though the total was of course in USD (for which the number was correct).
* In line items, some of the numbers previously entered would change. I can only guess that this might've been part of a flawed implementation, to respond to frequent exchange rate updates every few minutes, but if so, they did it poorly. (The changing number then caused some rounding down of what would've been the stable number in the item, so both numbers changed, and caused the transaction value of the stable numbers to fall below a transaction threshold. Even guessing at the cause, several times I had to go fix these numbers, before I decided that, even if I could get them to accept it with the correct numbers from the UI, I didn't trust this implementation to submit and process the transaction correctly.)
If those defects were going to be coded at all, then they should've at least been caught in testing, not pushed into production for banking.
Something critical like banks should really be paying for small teams of some of the best software ICs and management. Which (since the business is banking, not saving baby seals, nor building quantum AI spaceships) probably means paying like FAANGs do.
duxup · 21h ago
>Internally, Akhund often described compliance as a barrier to be overcome, coaching staff that, if they experienced a “compliance barrier” that was preventing them from being successful, to challenge it until they were able to overcome or get around it, people familiar with his thinking said.
Seems like that would lead to inevitable problems in finance / banking ...
molsongolden · 19h ago
Lol, what triggered this absolute hatchet job targeting Mercury? I haven't read other posts from the author but are all of them of this style?
Most of it reads like a Muddy Waters style short-seller exposé. The author whirlwinds through a bunch of hot gossip, paints a customer-experience focus as some sort of evil scheme, dredges up a handful of old issues most of which seem to have been since remediated, cherry picks a handful of transactions out of millions, seems to blame Mercury for the actions of multiple other businesses and individuals, references a wire transfer doc that was pulled from some random Synapse server without knowing what else might have accompanied that doc in the original workflow and so on and on and on.
Banking, payments, and money movement are hard and absolutely ridden with fraud. Any company that moves money will encounter fraud, money laundering, all of this.
The focus on consent orders as proof that Mercury is breaking the law seems like fluff. Most of the banks that were willing to partner with fintechs at the start, and maybe still most of the banks doing this, are local or small regional banks that don't have the robust BSA/AML programs that larger banks have so some growing pains are expected here. The FDIC issued consent orders for 25 banks in 2024, at least 13 of those were for BSA violations and/or fintech partner oversight.
The request to make an exception for OnlyFans without changing the terms for all adult entertainment businesses does not seem at all damning? Immad calls out that they are a "very big specific client and they have a very strict content policy". That seems true and possibly exception-worthy when there's a blanket policy disallowing a specific type of customer?
The Axis Consulting invoice callout is pretty random and unsubstantiated. It's just a screenshot of an invoice then commentary saying "purports to be" and "no trace of 'Axis Consulting' at the listed address". With one minute of searching it is possible to see that Axis Consulting, LLC was registered with the New Mexico Secretary of State and the company that formed the entity does appear to be a marketing agency.
I'm sure there are issues at Mercury and they probably did cut some corners while growing rapidly and push some limits trying to streamline things for customers but what in the world is this post. It reads like a man scorned and on a rampage.
If this were actual journalism or research there would be some sort of "compared to what". What is Mercury doing today that is bad and why is it bad? What laws or regulations apply to their business and what are they failing to do properly?
molsongolden · 19h ago
I'll also note that I have multiple Mercury accounts and part of the way they have mitigated the risk of easier account opening and taking on higher risk customers is that they impose fairly low transaction limits on new customers and limit the ability to write checks without going through their platform. There are probably other similar limitations that I haven't hit yet.
These are annoying, especially if you don't know you are going to encounter them and a transaction gets held up, but they make sense for offsetting risk while speeding up account opening and expanding the profiles of customers you take on.
mitjam · 11h ago
The invoice amout was also inconsistent with the spelled in words amount.
tristor · 20h ago
I used Mercury for a side project / startup, and once I wound it down it was impossible to cancel my account. My account was eventually canceled because I refused to respond to KYC more than a year after I had wound down the company and already filed dissolution paper with the state/IRS. I even had my business attorney reach out to them and no action was taken to shut the account. As I had already transferred the majority of funds out during liquidation, I just let it ride. I think I ended up losing $11 or thereabouts. As easy as it was to set up the account and get started, I would never use/trust Mercury again after my experience.
taormina · 20h ago
If someone doesn't go to jail for this, was it high risk?
doctorpangloss · 20h ago
The invoices stood out to me.
Here's a view of what payments for services, which is 50% of the US economy, looks like:
75% of payments will involve a party where signals like SOC 2 compliance, having 5 or more W2s, business licenses, business insurance, etc. are meaningless. Like they are an absolute fairy tale.
The invoice cited looks like SMB to SMB. But it could just as well be part of a Giant Corp to SMB chain. An entity that checks the boxes is the one that gets paid, but you know, the people who do the work don't get any value from the compliance fairy tale. They're just going to do the payment and do whatever it is the platform (Mercury) asks for and that's that.
Mercury is taking a big bet and it is paying off.
Another POV is that those stupid SOC 2 startups are selling a holistic experience that basically provides no more value than a Markdown template you can find on GitHub for SOC 2. Guess how I know.
Another POV is that regardless of what US policy is or where it is going, there are programmers in Russia, and for the right price, someone is willing to pay them to do something, and before a certain date, it doesn't look like a problem, and then after a date, it is, and some intellectually honest, sincere, peace loving people seem to be unbothered by this.
morninglight · 19h ago
> The real story behind Flipper Devices, including potential links to Russian actors under sanctions for suspected interference in the 2016 U.S. presidential election, is far from simple.
Surprise! But probably not the last.
morninglight · 19h ago
> The real story behind Flipper Devices, including potential links to Russian actors under sanctions for suspected interference in the 2016 U.S. presidential election, is far from simple.
That said, they lost a $250,000 incoming wire critical to my business and I couldn't get a hold of anyone until I started tweeting about it a week later and the CEO responded. The money showed up with no explanation, ever. We stopped using them for critical money flows after that.
It's not even always legacy systems, but rather, not hiring and empowering the right ICs and management.
Latest anecdata is from 2 days ago. I was trying to use a fairly new banking service feature of a major bank's Web site, and it had a superficially modern-looking UI, but I quickly found a few outright bugs in it.
In a banking transaction...
* A box with the summary breakout of subtotal, transaction fee, and total... had a very wrong total, based on the other numbers right there.
* At some point during a use case, the currency indicator on the total changed to that of the wrong country, though the total was of course in USD (for which the number was correct).
* In line items, some of the numbers previously entered would change. I can only guess that this might've been part of a flawed implementation, to respond to frequent exchange rate updates every few minutes, but if so, they did it poorly. (The changing number then caused some rounding down of what would've been the stable number in the item, so both numbers changed, and caused the transaction value of the stable numbers to fall below a transaction threshold. Even guessing at the cause, several times I had to go fix these numbers, before I decided that, even if I could get them to accept it with the correct numbers from the UI, I didn't trust this implementation to submit and process the transaction correctly.)
If those defects were going to be coded at all, then they should've at least been caught in testing, not pushed into production for banking.
Something critical like banks should really be paying for small teams of some of the best software ICs and management. Which (since the business is banking, not saving baby seals, nor building quantum AI spaceships) probably means paying like FAANGs do.
Seems like that would lead to inevitable problems in finance / banking ...
Most of it reads like a Muddy Waters style short-seller exposé. The author whirlwinds through a bunch of hot gossip, paints a customer-experience focus as some sort of evil scheme, dredges up a handful of old issues most of which seem to have been since remediated, cherry picks a handful of transactions out of millions, seems to blame Mercury for the actions of multiple other businesses and individuals, references a wire transfer doc that was pulled from some random Synapse server without knowing what else might have accompanied that doc in the original workflow and so on and on and on.
Banking, payments, and money movement are hard and absolutely ridden with fraud. Any company that moves money will encounter fraud, money laundering, all of this.
The focus on consent orders as proof that Mercury is breaking the law seems like fluff. Most of the banks that were willing to partner with fintechs at the start, and maybe still most of the banks doing this, are local or small regional banks that don't have the robust BSA/AML programs that larger banks have so some growing pains are expected here. The FDIC issued consent orders for 25 banks in 2024, at least 13 of those were for BSA violations and/or fintech partner oversight.
The request to make an exception for OnlyFans without changing the terms for all adult entertainment businesses does not seem at all damning? Immad calls out that they are a "very big specific client and they have a very strict content policy". That seems true and possibly exception-worthy when there's a blanket policy disallowing a specific type of customer?
The Axis Consulting invoice callout is pretty random and unsubstantiated. It's just a screenshot of an invoice then commentary saying "purports to be" and "no trace of 'Axis Consulting' at the listed address". With one minute of searching it is possible to see that Axis Consulting, LLC was registered with the New Mexico Secretary of State and the company that formed the entity does appear to be a marketing agency.
I'm sure there are issues at Mercury and they probably did cut some corners while growing rapidly and push some limits trying to streamline things for customers but what in the world is this post. It reads like a man scorned and on a rampage.
If this were actual journalism or research there would be some sort of "compared to what". What is Mercury doing today that is bad and why is it bad? What laws or regulations apply to their business and what are they failing to do properly?
These are annoying, especially if you don't know you are going to encounter them and a transaction gets held up, but they make sense for offsetting risk while speeding up account opening and expanding the profiles of customers you take on.
Here's a view of what payments for services, which is 50% of the US economy, looks like:
75% of payments will involve a party where signals like SOC 2 compliance, having 5 or more W2s, business licenses, business insurance, etc. are meaningless. Like they are an absolute fairy tale.The invoice cited looks like SMB to SMB. But it could just as well be part of a Giant Corp to SMB chain. An entity that checks the boxes is the one that gets paid, but you know, the people who do the work don't get any value from the compliance fairy tale. They're just going to do the payment and do whatever it is the platform (Mercury) asks for and that's that.
Mercury is taking a big bet and it is paying off.
Another POV is that those stupid SOC 2 startups are selling a holistic experience that basically provides no more value than a Markdown template you can find on GitHub for SOC 2. Guess how I know.
Another POV is that regardless of what US policy is or where it is going, there are programmers in Russia, and for the right price, someone is willing to pay them to do something, and before a certain date, it doesn't look like a problem, and then after a date, it is, and some intellectually honest, sincere, peace loving people seem to be unbothered by this.
Surprise! But probably not the last.
Surprise! But probably not the last.