Sacra Logo Sign In

Bo Jiang, co-founder and CEO of Lithic, on the key primitives in card issuing

Jan-Erik Asplund
None

Background

Bo Jiang is the CEO and co-founder of Lithic. We talked to Bo because Lithic sits at the center of two increasingly important trends: 1) the bifurcation of fintech infrastructure into point solutions and platforms like BaaS, and 2) the rise of "DeFi mullets" and other kinds of novel consumer fintech experiences enabled by providers built on composable primitives.

Questions

  1. What is Lithic and what is the key problem you’re solving?
  2. Can you talk about who Lithic's customers are and how they use the product?
  3. How do you understand Lithic in terms of the landscape of companies that came before as well as big companies existing now, like Fiserv, FIS and Marqeta?
  4. I’d love here to more about the primitives aspect of it. What are the key primitives in Lithic, and how is that an important part of this evolution from Gen 2.5 to Gen 3 -- from Marqeta to some new format that drastically expands the space of what’s possible?
  5. Could you talk more about the key thing that you need discipline for when solving for this tension of self-serve?
  6. How do you think about this idea that bigger customers might end up doing all this in-house? Does that factor into your thinking?
  7. The flip side of concentration risk is that, for bigger customers looking at companies like Fiserv and Marqeta, there’s a lot of proof points out there that they can handle something like Cash App. As a fledgling startup, how do you show potential prospects that you can scale as a partner?
  8. On the topic of privacy.com, as a founder of two companies, logistically how do you think about running two businesses and keep your attention from being divided between the two?
  9. You alluded to there being a lot of noise in the space and a lot of companies raising money. How do you think about this land grab and winning card issuing in the short term versus long-term building a sustainable business?
  10. I’d love to talk about the idea of the DeFi mullet. How do you think about the potential upside of these DeFi/TradFi hybrid products, and how does Lithic facilitate them?
  11. You mentioned customers for whom it might make more sense to use banking-as-a-service versus Lithic or Marqeta. From your experience, what are break points where people will switch from BaaS to Lithic? Are they trying to do something that they can’t do with BaaS, or does it have to do more with scale?
  12. What are the merits of having a BaaS completely mediate the relationship with a sponsor bank? Is it just speed to market?
  13. You mentioned earlier that Lithic might potentially move beyond card issuing. To the extent you can talk about it, what other primitives are interesting to you or do you think have the biggest potential?
  14. To the extent there is some rebundling, like with your partner program, how much of an end-to-end experience is it? Is it like putting together a platform that people can use instead of having to stitch together all of these different services manually?

Interview

What is Lithic and what is the key problem you’re solving?

We started about eight years ago as a consumer virtual card business, privacy.com. It’s basically like a password manager, except for your card info. As a consumer, you can easily generate a brand new virtual card number for every purchase online. It’s really good for security, managing subscriptions, and making sure that your kids don’t rack up thousands in app purchases on games.

Business was great and continues to grow, but we built it on legacy card issuing infrastructure that’s over 20 years old. As we scaled, we found that we ultimately had to rebuild all of our own infrastructure in-house, piece by piece. And over the years, we talked to folks who were new to the card industry -- mostly neobanks, but also other companies who were generating cards or launching a card program as an essential part of their core business -- and they were all universally pretty frustrated with the existing solutions.

People would often ask, “Hey, could we use your APIs?” Fast forward to about two years ago -- so five years in -- we realized that the broader market really needed what we’d built for ourselves. And with a handful of early customers, we launched what became Lithic. Since then it’s been a pretty wild ride. We went from having raised less than $10 million in the life of the company over the first six years or so, to raising over $100 million, quadrupling the team, and being fortunate to have the trust of dozens and dozens of customers.

Can you talk about who Lithic's customers are and how they use the product?

There are certain use cases that are really well trodden. If you’re just doing a bolt-on offering in providing banking to your existing customer base and not really trying to do anything innovative there, sometimes we can help But most often we’re really good at being design partners to architect something really differentiated to your customer base.

Where that manifests itself is on sponsoring new card programs. We often see are folks who are building a neobank and scaling off of an all-in-one type solution, or they want to bring more payments in-house – and we’ll often slot in as the card processor. We’ll handle connecting to the networks, parsing the ISO 8583 message, PCI compliance, interfacing with card manufacturers, generating reporting as needed for reconciliation banking.

We will also play nicely with other primitives out there, for example, around compliance, transaction monitoring and KYC. The way we think about it is that walled gardens only get you so far in most industries. There’s all this innovation going on in other primitives that we’re never going to do, but we want to be able to work with them. Why would you ever want to close yourself off to that? A good analogue is really the power of open source. If you’re able to play well with other best-in-breed products, that's a win-win for everyone.

When we talk about card issuance, everyone always thinks about the neobanks. We do work with neobanks, but generally speaking, there are folks that are scaling and looking to bring more in-house, and we can play a really nice role in being a really good processor for them.

In some ways the most interesting use cases are the non-intuitive ones. For example, we work with folks on insurance claim disbursements. Historically, it’s gone through check or ACH rails and that results in a worse customer experience because the customer is fronting money while waiting for the claim, whereas the carrier or the insurance provider can generate a virtual card programmatically and send it to the end customer to pay the claim off. We’ll work with OTAs to fulfill flights and pieces of a purchase. We’ll work with companies that are focused on the incentive space, where maybe it’s unwieldy to send tons of payments via ACH or check and we can come in and help with cards.

Marc Andreessen famously said, “Software is eating the world,” and I think someone else said, “And payments is taking a bite of it.” I think that’s really apt, because what you’re seeing here with a lot of these software companies is they’re digitizing the back office, for example, and there’s an opportunity to launch a card program or to embed cards as part of the payment flow to improve the customer experience, to increase engagement and also to unlock new revenue streams. A really good example is a company here in New York that we work with, where they manage procurement and help streamline that across companies that have a bunch of different offices. Historically they’ve used check and ACH to fulfill payments for their customers. With our offering, they’re able to use cards. That’s a much better experience for everyone across the board, and it also unlocks a meaningful new revenue stream for them.

How do you understand Lithic in terms of the landscape of companies that came before as well as big companies existing now, like Fiserv, FIS and Marqeta?

There’s a lot of noise in the space in terms of different companies trying to do different product marketing. It’s not to say people don’t have real stuff, but there’s a lot of mixed messaging. I’ll do my best to share my perspective here.

Starting chronologically, Gen 1 was like the Fiservs, the FISs -- companies founded in the 80s. To keep things in perspective, 80% to 90% of card volume still flows over these folks today, so they’re very much relevant. Despite all the news around newer folks like us and others, they’re still very much the standard. Then you fast forward to 2000, and you have Galileo and ITC. I think of them as really Gen 2. They’re more modern and nimbler than Fiserv and FIS, but they’re still running on Oracle even today and definitely not in the cloud.

Gen 2.5 is what I think of as Marqeta, and I think of us as Gen 3. The reason why I call Marqeta Gen 2.5 is not to be unnecessarily disparaging. It’s really that I think of what they’re doing compared to the ITCs and the Galileos as fundamentally the same business model, the same enterprise go-to-market strategy, but better technology. The net-net there is: when you have the same business model and the same go-to-market, but improved technology, it’s an incrementally better experience. You don’t get this transformational or magical experience around card issuance, like what you see on the acquiring side. That’s how I think about the issuing landscape.

A lot of people think we’re competitive with BaaS. I think maybe on the edges we are, but oftentimes a customer will come to us, and we’ll be like, “Oh, this is actually not a customer for us. This is a BaaS customer.” It’s quite rare for there to be a customer where we say, “Oh, this is a customer where it’s absolutely not clear if they should be BaaS or should be working with Lithic.” There’s usually a pretty clear distinction. What I say is, if you’re trying to launch a neobank and you don’t really want to have any interaction with the bank, you should probably go with a BaaS provider who will help you get set up. Whereas if you’re a scaling banking company or neobank with complex needs and a lot of different use cases around card manufacturing, compliance, transaction monitoring, custom KYC, and if you’re really looking for a modular solution, you’re probably not best suited to go with a BaaS solution, which is effectively an all-in-one option.

BaaS present a really great partnership opportunity, and there’s a win-win here. We work with one today and are in pretty active conversations with a few others.

The big thing for me is there’s a lot of competition, but you don’t get this magical experience by offering the same business model, the same go-to-market. Take a step back. If you think about the anatomy of a card transaction, you’ve got acquiring on one side and issuing on one side. Issuing is at a stage that acquiring was at five to seven years ago. What’s really exciting about what the Stripes and Adyens of the world did was they approached acquiring in this way that abstracted away a lot of the complexity and made it super accessible, but retained a lot of how powerful it was. Maybe they talked about APIs and stuff like that, but at the end of the day, what’s really interesting there is that it's a really powerful primitive on acquiring. In doing what they did, the net effect wasn’t that they took a ton of market share necessarily from incumbents. They actually expanded what the world of acquiring looks like. I think there’s a similar sized opportunity if we’re able to abstract away complexity and make these really powerful primitives accessible.

I’d love here to more about the primitives aspect of it. What are the key primitives in Lithic, and how is that an important part of this evolution from Gen 2.5 to Gen 3 -- from Marqeta to some new format that drastically expands the space of what’s possible?

I think it comes down to the business model. It’s this whale hunting-esque set-up where you’ve effectively got to close the next Cash App, and if you do that, you’re great, you’re set for the next couple years. If you don’t, it doesn’t really matter. If you’ve oriented the whole business -- your compensation structure, your engineering, your product organizations -- to not prioritize self-serve, then you can be better, faster and cheaper than Galileo and ITC, but you’re fundamentally playing the same game.

For us, the bet starts with card issuance. We think of ourselves as moving beyond card issuance over time, but card issuance is really the first primitive. Starting with card issuance to go to market, the strategy is, “Yes, we will sign enterprise deals, and we will do that as needed,” but at the end of the day, it comes down to being committed to self-serve as a business and to expanding that. When we talk about accessibility, that’s really what it is -- this notion of self-serve PLG. People talk about it all day, and the reason why it’s hard is you’re having to balance that and make a conscious investment. It requires organizational discipline and commitment.

Could you talk more about the key thing that you need discipline for when solving for this tension of self-serve?

The tension is that you start to have enterprise customers, and if you aren’t architecting the system in a way that is super scalable and thoughtful, you’rejust constantly digging yourself out of a hole around reconciliation, different forms of money movement. I think it requires a bit of discipline to say, “Hey, we’re going to stay in our lane. We’re going to work really well with other people. But we’re going to be somewhat disciplined about the problems we solve on the enterprise side of things.” If you’re able to do that, you can continue to make investments in self-serve.

Otherwise, I think you end up with a set-up where you effectively become a professional services company. There’s a fine line in my mind between being a really thoughtful and good design partner and becoming a professional services company. I’m not saying any company here is building professional services, but if you have one hundred people dedicated to a customer, you have to think what’s going on there. But it’s also hard to not have that mindset or mode when you have massive customer concentration.

How do you think about this idea that bigger customers might end up doing all this in-house? Does that factor into your thinking?

For bigger customers, we always think about it as: if you want to have your best and brightest rebuilding what we’ve spent seven or eight years building to save a couple of bps on your COGS, it may be the right decision. But I think there’s also a strong case where Dropbox was a $10 billion company eight years ago, and could they be a $100 billion company if they hadn’t spent a lot of their time rebuilding AWS? I don’t know, maybe. I don’t want to throw punches at Dropbox. But I think the spirit of that is that resource allocation is one of the toughest things.  We think we can provide the best teams a lot of leverage that more than outweighs the cost savings that you would get from just bringing it in-house.

The flip side of concentration risk is that, for bigger customers looking at companies like Fiserv and Marqeta, there’s a lot of proof points out there that they can handle something like Cash App. As a fledgling startup, how do you show potential prospects that you can scale as a partner?

I think there are two reasons why we win.

One is that we just move a lot faster than more established incumbents. In the time that it takes them to get an NDA over, we can get you keys to actually moving transactions and testing the system out. That’s one component where the proof is in the pudding. You can get a 100-page spec from one of the incumbent players, but nothing beats a test drive. It’s similar to a car in some ways. I can describe how smooth the ride is, but until you try it, you’re not going to really know. That’s one thing that was insane to me in the process when we started working with our original issuer processor: we had to go through like six months before we could even run any test transactions. I think that’s just a crazy way of doing it.

The other thing is we have this benefit of having effectively a really large customer in-house, which is the privacy.com business. If it goes down, people on our team will hear about it. So we’re very in tune with what needs our customers have.

On the topic of privacy.com, as a founder of two companies, logistically how do you think about running two businesses and keep your attention from being divided between the two?

The interesting thing is, it’s really about finding leverage and hiring well for both businesses. I think of my role as being really helpful and hands-on in hiring and getting the right people in the seat and setting them up for success. I think if you embrace that mindset, it actually scales quite well. But it’s a lot of work either way.

You alluded to there being a lot of noise in the space and a lot of companies raising money. How do you think about this land grab and winning card issuing in the short term versus long-term building a sustainable business?

It’s an interesting dilemma, because there are real benefits to scale in this business. We’re seeing it year-over-year, just in terms of the obvious margin scale and COGS scale. But there are other non-financial and product things, too. There’s definitely a land grab dynamic.

The thing that we weigh is that, at the end of the day, we’re building infrastructure, and we need to build an enduring business. I think we’ve been reasonably thoughtful about that balance, because it does our customers no favors if we give away the product and go bankrupt tomorrow or in a year or something. It’s a fine balance.

I think what’s interesting is that the choice of processor is often so mission-critical that you have to be price competitive. But I think folks realize that going with the absolute value player may feel good in the short term, but in the long term, it means that you build a less robust offering and you spend more time on maintenance. So it’s not always just about the price dynamic, and that is very key in what we’re doing.

I’d love to talk about the idea of the DeFi mullet. How do you think about the potential upside of these DeFi/TradFi hybrid products, and how does Lithic facilitate them?

So we’re working with Eco, as you know. I think it’s a really interesting nascent category. What’s the most exciting thing about this is how tangibly it’s actually improving the lives of day-to-day consumers versus a lot of the DeFi stuff that has historically been pretty abstract and not mainstream. Like, the use cases aren’t something that I can easily articulate to a layperson, even a relatively technologically savvy person. So I think that’s the most promising thing about these folks making that more accessible.

I think our role here is similar to companies that are on-ramps to DeFi, like MoonPay and so on. We view ourselves as another ramp on and off DeFi. I think the challenge here is really: how do we do so in a way that is thoughtful and compliant? That’s where we spend a lot of our cycles, working with partners and being pretty selective about folks that we work with. We take that really seriously.

You mentioned customers for whom it might make more sense to use banking-as-a-service versus Lithic or Marqeta. From your experience, what are break points where people will switch from BaaS to Lithic? Are they trying to do something that they can’t do with BaaS, or does it have to do more with scale?

I think a lot of times the distinction that we’ll see is folks that don’t have a lot of know-how in the financial services space and want to launch something really quickly -- just get the card in people’s hands. They don’t really care about some of the modularity that we provide. It’s all about time to market over pretty much everything else.

The break points we see are when you’re scaling, and you’re like, “Hey, I want to launch a new product offering.” For example, maybe it’s working with a customer that launches a debit product but is now rolling out a charge card offering. That’s something where we’re like, “Hey, we’re pretty agnostic about the ledger, so you can bring your own credit core, and we’ll still process transactions. We’ll do all the same things that we did for the debit product.” Oftentimes the break points are when people want to launch new products, when they want to fine tune their AML/KYC process.

A fundamental thing is when they want to talk with the bank. As you get bigger and bigger, you start to want to have a relationship and a dialogue with the sponsor bank, at least in my experience. And the sponsor bank oftentimes wants that dialogue with their biggest customers, too, to know, “Who are we sponsoring here?”

The other piece we’ve seen is, “Hey, I’ve got some customer requirements around physical cards” or “I want to build some more bespoke product offering.”

What we’ve found is, inevitably, as fintechs and neobanks scale, almost everyone ends up wanting to make a move at some point. Then it becomes a question of which offering do you want to go with, or what’s the construct?

What are the merits of having a BaaS completely mediate the relationship with a sponsor bank? Is it just speed to market?

Yeah, oftentimes I think it is speed to market. They’re preconfigured templates. I’d say the BaaS provider will have pulled together a lot of the pieces with building a neobank and made design choices. In some ways buying a suit off the rack maybe is the best analogy there. It’ll fit most people.

You mentioned earlier that Lithic might potentially move beyond card issuing. To the extent you can talk about it, what other primitives are interesting to you or do you think have the biggest potential?

This isn’t a dodge per se, but honestly, we’re pretty focused on building the transformational card issuing experience and getting that primitive right. I think if we do our job right, we’re going to have a bunch of different directions.

The anchor is solving our customers’ problems. If I had to guess, there are probably other forms of money movement that are interesting -- potentially internationalization and cross-border type use cases. But generally, how we’re thinking about it is: what are the real friction points for existing customers? We think there are great solutions out in the market for stuff like transaction monitoring and KYC. We may re-bundle some things and work closely, but we’re not about rebuilding the wheel just to rebuild the wheel.

To the extent there is some rebundling, like with your partner program, how much of an end-to-end experience is it? Is it like putting together a platform that people can use instead of having to stitch together all of these different services manually?

Ultimately, we’re all about removing customer friction. What we saw was, “Hey, customers wanting one thing, and we’re like-minded companies, so we can sort of come together.” Because a lot of the folks we work with have a similar mindset and are building modern solutions, it’s actually quite easy to make them interoperable.

I think this is Apple versus Android, if you will. You can have a super smooth Apple experience with the walled garden, but once you want some degree of configurability and modularity, you start to run into walls. We’re making a bet that open source effectively is going to win here. It would be hard not to say Apple has done really well with the walled garden approach, and I think there will be multiple winners here, but my take on the walled garden approach is it probably works better with consumers who have less of a need for configurability.

Disclaimers

This transcript is for information purposes only and does not constitute advice of any type or trade recommendation and should not form the basis of any investment decision. Sacra accepts no liability for the transcript or for any errors, omissions or inaccuracies in respect of it. The views of the experts expressed in the transcript are those of the experts and they are not endorsed by, nor do they represent the opinion of Sacra. Sacra reserves all copyright, intellectual property rights in the transcript. Any modification, copying, displaying, distributing, transmitting, publishing, licensing, creating derivative works from, or selling any transcript is strictly prohibited.

Read more from

Read more from

Read more from