> 133. While Javice was working with the Data Science Professor in early August 2021, Amar contacted ASL to obtain the ASL List containing student data for 4.5 million college students.

> 136. Amar continued to correspond with ASL over the following days. Through this additional correspondence, Amar learned that ASL could sell Frank a list of data for 4.5 million college students for a cost of $105,000.

So basically they knew they would eventually be found out, so they just elected to buy the 4.5 million contacts for $105K from ASL.

> 149. Ultimately, Javice presented to the Data Science Professor the ASL List of 4.5 million college students and told him that she wanted to "augment" that list. Upon information and belief, Javice represented to the Data Science Professor that the 4.5 million college students on the list were actual Frank accounts. Javice directed the Data Science professor to find a company that could "augment" the list with additional information, including phone numbers, dates of birth, and email addresses.

This data apparently wasn't complete enough, so they then got the original "Data Science Professor" to try to enrich it through commercial sources. Hilarious, the two companies he explores are Emformion and...Acxiom! This freaked them out, so they told him not to tell Acxiom who he was working for. Which they didn't buy. So they only got 1.9M of the 4.5M email addresses matched through Emformion. And things unraveled from there, as they eventually were asked to provide the original list and of course they didn't have it, or anything close to it. Etc etc

1. First buy data from ASL. Instead of 4.5M, buy as many as you can, like 40M, the entire 15-24 population if they got it. Apparently at ~$100K/~5M, this is only like $1M.

2. Do your own aggressive email/marketing outreach to these people.

3. If you can get 10% response rate, that's 4M customers right there.

4. Sell to JPM for $175M.

I need to get into the lead generation business.

You can't get anywhere near a 10% click rate with random leads like that.

The reason companies like this are sought after is the idea that their users are warm leads with an existing relationship with the brand. People who have (supposedly) gone out of their way to sign up for something are several orders of magnitude more likely to engage with e-mails compared to e-mailing them randomly from an unknown brand.

To quote the relevant bit:

> JPMC reached out via email to a random sample of the list Frank provided – approximately 400,000 purported customers of Frank – with offers to open Chase checking or savings accounts. Of those 400,000, only 103 even clicked through to Frank’s website.

So a clickthrough rate of 0.026%.

Good luck getting anything close to 10% when you're starting with a cold, and possibly partially trash, dataset.

JPMC wasn't just attempting to buy a large email list. Notably, they were also attempting to buy _future expected email list subscribers_.

In theory, if JPMC buys the entire company and then lets the company keep running, they'd expect the list to keep growing over time at a rate similar to whatever Frank's user growth graphs indicated.

They also, I assume, believed they were acquiring a group of people with expertise in marketing to this segment since, well, if you have a warm list of 4M people, that means you also have the abilities to build such a list, which is valuable as well.

I'm not going to try and estimate what percentage of the price was what, but I'll point out there's more to it than just the raw size of the email list at the time of the deal since JPMC didn't _just_ buy an email list and nothing else.

Matt Levine (as always) is documented, clear and adds a little touch of humour.

Reminded me some quote I read about how some many "scale" business are in the junkyard because the creator thought even if only 1% succeed, forgot that there is a success rate below 1%. ZERO.

https://web.archive.org/web/20210128204248/https://withfrank... https://web.archive.org/web/20210222193947/https://withfrank...

A jump from "Over 350k" to "4.25 million" in less than a month.

For those inclined to scoff, consider this blog: https://liesandstartuppr.blogspot.com/

It covers in detail a startup that was supposedly working on wireless power transmission via ultrasound. From the way he tells it, the company kept raising money long past the point it was obvious the technology couldn't work.

> The Director of Engineering was not persuaded and told Javice and Amar that he would not perform the task and only would send them the file containing Frank's actual users, which amounted to approximately 293,000 individuals at that time.

Had she managed to successfully persuade him, would the Director of Engineering have been liable for fraud? She clearly tried to make it seem all look legal.

What should an engineer do when asked to do something that he's not sure whether it's legal or not?

Intent matters in these cases. If the situation had somehow been adjusted so that the engineer genuinely believed the generation was for legitimate purposes, it would be very unlikely that they would be at risk from the initial list generation.

However, I don’t really see how Director of Engineering could have not known the purpose, given that the ultimate goal was to load them into the production DB and the request was coming from outside of engineering.

I think "they told me to do it" is perfectly reasonable defence in this case.

If your employer tells you to build a knife why would you be held responsible for him stabbing someone or themselves? Even if they bragged to you that exactly what they are going to do.

I think then engineer in question shown very high morals, way above their pay grade and deserves respect.

This exactly fits the description of abetting a crime: "A charge of aiding and abetting has three requirements. First, someone else must have committed a crime. Second, the defendant must have assisted that person in the commission of the crime. Third, the defendant must have had knowledge of that person's criminal intent or criminal plans." https://www.justia.com/criminal/offenses/inchoate-crimes/aid...

A prosecutor could argue that a VP engineer who made up all those fake identities must have known the reason for it was fraudulent.

Alternatively, what if (s)he didn't know that the intent was genuine?

The director of engineering who refused to create fake data. Props to him for doing what's right.

I'm a little surprised JPMC isn't publicly pushing Acxiom hard on this...

> JPMC has all the emails showing the fraud because Javice and Amar used Frank's email accounts to create the Fake Customer List and the email accounts now belong to JPMC following the Merger

Seems pretty sloppy for defrauding a company out of $175 million.

Do acquisitions usually have more due diligence for verifying customers? It seems like it would be trivial to create 4 million plausible customers in a spreadsheet.

The challenge here is with the fact that privacy rules still very much apply and data management during due diligence can be haphazard. The acquiring company doesn’t just automatically get access to everything, it’s a negotiation. JPMC could have literally asked ‘send us your customer database’ and Frank could (and should) say no way and talks still continue.

The one thing i don’t get is how this didn’t also show in their financials.

This good, courageous person should be honored.

The argument one "has to pay the bills" is silly and self-serving. All professionals have to pay the bills. There is something like a sectoral ethos and culture. Technies probably not the worst offenders (that would be the banking sector) but with tech seeping in everywhere it matters more and more.

> 92. In a response sent six minutes later at 1:02 p.m., Javice asked, “will the fake emails look real with an eye check or better to use unique ID?" At 1:37 p.m., the Data Science Professor confirmed "they will look fake. So let's use unique ID."

Ethics aside, it’s rather surprising that the Data Science Professor couldn’t even generate convincing looking email addresses. This happened in 2021, not 2001. I’d say she could have hired someone more competent at a lot less than $600/hr.

My intrigue is that due dilligence is quite lax for certain types of people. I wonder what the criteria are. Surely 'those' academically excellent M&A people would never slack on a 100mil+ transaction, or so we are led to believe.

To top it off, this person was later offered a “deal” to be hired into their alleged fraud business once it was merged.

Too damn cute.

From the NY Times Article on this topic (https://www.nytimes.com/2023/01/21/business/jpmorgan-chase-c...):

"Mr. Salisbury, a former director of institutional research and assessment at Augustana College, estimates that two million students start college each year for the first time. Having done the FAFSA once, he figured, most families wouldn’t seek help from a company like Frank the second time they needed to and beyond. So if Frank had served five million people in just half a decade, it would have captured a sizable share of new college students who needed financial aid."

Since this has to do with financial aid applications, the number of total possible customers / students is much lower than 20 million. Which means their 5 million number is WAY exaggerated.