Payments and transactions going mobile have both advantages and disadvantages. On the one hand, it has become easier for people to send and receive money on the go via various payment apps, on the other, it has also made users more vulnerable to exposing private data without realizing it.
An App for Everything
People rarely want to head to the bank these days for making payments or sending money to anyone. There’s an app for everything, from sending money to making bill payments.
Because of the convenience – and supposed security – that these apps offer, people don’t realize that they are putting their private and identifying information at stake while using these services. Every mobile app is vulnerable to security and privacy threats, and financial information can be hacked at any time.
One such payment app is Venmo, which allows users to send and receive money. But the biggest downside of Venmo is that all information and transactions are public by default unless set to private.
Now, one Berlin-based researcher has analyzed millions of public data from the app, to find the real identity of the users and to show just how easily the app reveals personal information and habits about users.
What is Venmo?
Created in 2009, Venmo is a mobile payment service, available on Web, Android, and iOS. The service is owned by PayPal, and is free, unlike most of the other mobile payments services. Venmo started out as a payment system via text messaging.
As the peer-to-peer (P2P) economy kept growing, Venmo turned more into a social network platform.
In 2012, Venmo became so popular that it was acquired by Braintree for $26.2 million. Until then, Braintree was one of the payment systems for services like Airbnb and Uber, but it was later acquired, along with Venmo, by PayPal. Today, Venmo is accepted everywhere that PayPal is accepted in the US.
The goal of Venmo is to make money transfers simpler. To get started, you need to create an account with username and password, and then link credit card, debit card or bank account for using the service.
Besides sending and receiving payments, users can add friends and also receive payments from them. Payments received can be saved as Venmo Balance for later use, or withdrawn immediately to a bank account. Venmo can also be linked to other services as a payment option.
Since this is a free platform, Venmo makes money through transaction fees. Venmo is not ad-supported, unlike many other free-to-use mobile apps. Not all of Venmo’s services have transaction fees, such as transferring funds between friends through a card or bank account.
But in order to cover processing costs, Venmo charges a 3 percent fee for credit card payments. PayPal, on the other hand, charges a 2.9 percent fee for all debit and credit card payments. More than making money, Venmo’s purpose is to help promote PayPal.
What is the Controversy Surrounding Venmo?
Researcher Hang Do Thi Duc has analyzed over 200 million public Venmo transactions made in 2017 by accessing them via a public application programming interface and has been able to see every detail about users who hadn’t changed their settings to private.
This includes names, their payment amount, addresses, and also financial information. With this information, she was able to learn a lot about the unsuspecting Venmo users.
Although users can change their settings to private, the app does not urge the users to do so. Hence, most users leave their data in public mode and exposed to anyone on the Internet.
Through this analysis, Do Thi Duc was able to gather an awful lot of personal information about the users, and this has been showcased through her project website “Public by Default”. The researcher gives the example of five such users, including a man who sells cannabis in Santa Barbara and a woman who loves to binge on junk food.
Do Thi Duc was able to learn about who payments were made to and exactly how many times a year, along with other messages exchanged.
If the man selling cannabis is doing it illegally, this public information can get him caught easily. She was also able to trace the location of the users, including which users frequented which restaurants and purchased what items.
Although this type of information may not seem a big deal, someone with bad intentions can easily use the data collected from Venmo to trace down a user and harm them.
It can also be used to steal someone’s identity by combining the data with other information scoured from the Internet. Financial details can also be stolen and users robbed of their money.
Should You Continue Using Venmo?
Venmo has been a useful and simple to use mobile payment app since 2009 , but these security issues are a blotch on the service. After these new findings by Do Thi Duc went public, users have been advised to change their settings to private and to be cautious about what they want to appear on their public feed.