What changed
FACT (FTC, 2026-06): reported imposter-scam losses hit $3.5B in 2025, nearly 3x since 2020, and imposter scams were the single most-reported fraud category (~1 in 3 reports), lured largely via text and phone. FACT (Vercel AI index): open-weight inference is now mainstream production volume at a fraction of frontier cost, so on-the-fly text classification is cheap enough for a solo builder to run at usage pricing.
Why now
HYPOTHESIS: fresh, record FTC loss data creates board-level and examiner pressure on small institutions to show a visible member-protection measure. The cheap open-weight inference makes a per-message risk-scoring service economically viable for the first time. Both are real, but neither is evidence that banks are procuring THIS specific product.
Converging signals
A consumer-pain/complaint signal (FTC $3.5B loss headline) crossed with a cheap-capability signal (open-weight text classification). This is a discretionary painΓcapability convergence, NOT a forced-buyer mandate β there is no regulation compelling banks to buy a scam-text scorer.
Customer pain
FACT at the CONSUMER level: members lose money to fake bank/government security-alert texts. HYPOTHESIS at the BUYER level: banks feel reputational and support-cost pressure from scammed members. The input provides NO complaint threads, job posts, or spend evidence from banks themselves β the $3.5B figure is consumer loss, not proof a community bank will pay for an API.
Who pays
Community banks and credit unions (~4,000+ US CUs, ~4,000 community banks). Beneficiary (the protected member) is NOT the buyer (the institution's digital-banking or fraud team). Realistic buyer is a risk/fraud officer or the core-banking/digital-app vendor β a conservative buyer with vendor due-diligence and procurement.
Solved today
Carrier-level blocking (STIR/SHAKEN, RCS branded sender verification), Truecaller/Hiya/RoboKiller consumer apps, bank fraud platforms (Featurespace, BioCatch, Feedzai), and in-app 'we will never text you for your PIN' educational banners. Members also just get warned by news coverage.
Why current solutions are bad
Carrier blocking is imperfect and smishing still lands; consumer apps aren't bank-branded; enterprise fraud platforms are priced for large banks, not a 3-branch credit union. Genuine gap exists for a cheap, small-institution-friendly scam-warning layer.
Proposed product
A REST API + drop-in mobile SDK/widget: given a suspicious text (pasted or forwarded by the member inside the banking app), return a 0-100 impersonation-risk score, a plain-language reason, and a 'your bank will never ask for X' safe-action tip. Backed by an open-weight classifier plus a maintained, continuously-updated pattern set of known imposter tactics (spoofed-sender language, urgency/verification-code lures, fake-fraud-alert templates).
MVP version
A single scoring endpoint + a copy-paste 'Check this text' box embeddable via one script tag or React Native component. Open-weight model behind it, a curated smishing-pattern library, and a simple admin dashboard showing how many texts members screened. Ship in ~4-6 weeks.
30-day build
Build the classifier + pattern set on public smishing corpora and FTC/FBI IC3 examples; wrap in an API; build the embeddable widget; instrument accuracy. Recruit 3-5 friendly small credit unions or a digital-banking consultant for design-partner feedback (the member's text lives on their phone β validate the paste/forward UX is acceptable).
60-day build
Land 2-3 paid design partners at intro pricing; add per-institution branding, an audit log for examiners, and a monthly 'top scams targeting your members' report the bank can send out (marketing value the bank actually wants).
90-day revenue plan
Convert design partners to $99-$299/mo + usage; pursue distribution through digital-banking platform vendors and CU service organizations (CUSOs) as a resell/white-label channel. Realistic first meaningful revenue is 3-6 months given the buyer type.
Distribution path
Sell through CUSOs, state credit-union leagues/ICBA community-bank associations, and digital-banking platform vendors (Alkami, Banno, Q2) as an embeddable add-on. Content marketing off FTC data to fraud officers. NOT self-serve card-today β this is a considered institutional buy.
Pricing hypothesis
$99/mo base + usage per 1k scored messages, tiered up for larger CUs; white-label/reseller pricing for platform vendors. Anchor against the reputational cost of a scammed member and the labor of manual fraud education.
Technical difficulty
Low-moderate. Classification and pattern-matching are easy with open-weight inference; the hard parts are (a) accuracy/false-positive tuning that a bank will trust and (b) the delivery mechanism β members do not natively route their inbound SMS to their bank app, so the product likely depends on manual paste/forward, which caps usage and value.
Legal / regulatory risk
Moderate. Giving members security guidance creates liability if a scored-safe message was actually a scam; needs clear 'informational, not a guarantee' disclaimers. Handling pasted texts may include PII β data-handling and vendor-risk scrutiny from the bank. Not licensure-blocking for the founder.
Platform dependency
Low platform-policy risk (no app-store gatekeeper for a B2B API), but HIGH channel dependency if distribution runs through digital-banking platform vendors who could build this themselves.
Founder fit
Moderate. Plays to the founder's compliance-monitor / micro-SaaS / AI-workflow strengths, but the buyer is a conservative financial institution with a trust/procurement cycle β the opposite of the founder's preferred 'demonstrated value, card-today' motion, and there is NO government-portal filing mandate to exploit his proven edge.
Breakout potential
Moderate if it becomes the default embedded scam-warning for the small-FI segment via a platform-vendor channel; low if it stays a paste-a-text novelty. The core-banking incumbents or Truecaller could absorb it.
Final recommendation
WEAK / REVISIT. Real and growing pain, cheap capability, and a legitimate underserved small-FI segment β but the buyer is a slow, conservative institution (long trust cycle, no mandate) and the core product has an unresolved delivery flaw (you can't see the member's inbound texts). This is not the founder's high-fit forced-filer shape and there is no buyer-level demand evidence. Do not build as specified. If pursued, pivot to a white-label 'scam-alert content + monthly member report + paste-to-check widget' sold THROUGH digital-banking platform vendors/CUSOs, and only after validating one paying design partner.
Next action
Spend one day validating the buyer, not the tech: cold-email 15 credit-union fraud/risk officers and 2 CUSOs with the FTC stat and a one-line pitch; if β₯2 will take a paid pilot call within two weeks, prototype the paste-to-check widget β otherwise shelve and tag revisit_later.