September 30, 2015
You must have heard about a lot of scams on Craigslist where the seller doesn’t receive the actual money and fraud around phishing attacks on credit card information or PayPal login details. Western Union payments scams have also been popular for many years. Money transfer scams in the US have had a long history and security is an issue that every money transfer company is forced to prioritize. A new trend that’s rapidly being adopted in money transfers in the US is P2P or person-to-person payments. As P2P payment apps like Venmo, PayPal, Cash and others continue to grow, the FinTech industry is addressing their vulnerability to fraud and abuse.
The security of these apps is being questioned especially after a few Venmo scams were exposed to the media. According to a story around Venmo scams on Slate, a user lost $2400 out of $4800 when he tried to sell NBA Finals tickets on Craigslist and chose Venmo as a platform to receive the money. The buyer of the tickets made the payment in two halves. The seller received the first half in his bank a day after he received the notification from Venmo. He never received the second half in his bank after he received the notification from Venmo. Instead he received another notification saying, Your transaction has been reversed. The same article reported several incidences with people who became victims of Venmo-enabled scams.
To justify its position, Venmo has clearly stated the following in its user agreement: Business, commercial, or merchant transactions may not be conducted using personal accounts. This implies that Venmo is aware of the possible payments scams that may occur on their platform but never proactively created awareness about it. Millennials love Venmo and other P2P payments apps but they don’t love reading user agreements. Traditional companies Western Union make sure that they communicate well with their customers on scams happening via their platform and they have a detailed description of potential scams that can occur.
While the above scenario might be more appropriately called abuse or non-compliance with terms and conditions, this is not the first time that Venmo’s actual security was questioned. In February 2015, there were several incidences when users became victims of payments fraud because their accounts were breached by hackers. Initially, Venmo didn’t offer multifactor authentication (MFA) to its users. If you happen to change the email address or phone number in your account, MFA enablement lets the company send notifications to the user that the email address or the phone number has been changed. Venmo announced this security feature only in April 2015. Now if you use Venmo using a new device, you will have to pass the general security process laid out by Venmo, which is usually a security code sent to your phone number.
Many Venmo users have raised concerns about this via Twitter. Venmo Support’s Twitter handle will also give you a glimpse of how frustrated a few users are. We all know that PayPal bought Venmo in 2013. PayPal claims to have a fraud rate of less than 0.5%. However, does the same apply to its subsidiary Venmo? It is hard to say since PayPal caters to both B2B and B2C users. Venmo is specifically meant for P2P payments. PayPal fraud or scam history mostly includes phishing attacks which PayPal is not responsible for. Other P2P payment apps like Cash, PayPal.me, Facebook Cash and Google Wallet are relatively new. No significant scam incidents on these P2P platforms have been reported in the media. Once they start becoming as popular as Venmo, there might be more incidents that will question the security of these P2P payments solutions. Venmo has been in the space since 2009 and the loopholes in its system have now started to emerge.
Do banks have a place to fill in with these loopholes? When it comes to security, people trust banks. Banks have been known for slow processes and heavy paperwork. However, big banks are turning to P2P payments options via payment providers/platforms like Popmoney by Fiserv and ClearXchange. They are trying to become digital by leaving all the paperwork behind. If Venmo and its competitors compromise on security for quick access to money, users might prefer banks. Everyone wants their money to be safe. In the P2P segment of the FinTech industry, banks are on one side and these P2P payments apps are on the other side. It will be an interesting journey to see whether these two entities partner with each other or they compete forever.