With an estimated 79 million American adults using mobile peer-to-peer (P2P) payment services, such as PayPal’s Venmo, Google Pay, and Apple Pay, this technology has revolutionized the way people split dinner tabs or pay their babysitters. P2P applications are typically linked to your debit card, credit card or bank account and allow you to both send payments to and receive payments from others using the same application. While these applications may seem more efficient than using cash for your IOUs, how sure can you be that your payment ends up in the correct hands or that your data is secure?
Earlier this year, the Federal Trade Commission (FTC) reached a settlement with PayPal addressing allegations that Venmo misled consumers about their ability to transfer funds to external bank accounts and control the privacy of their Venmo transactions. The FTC claimed that Venmo misrepresented the extent to which consumers’ financial accounts were protected by “bank grade security systems” and violated the Gramm-Leach-Bliley Act’s Safeguards and Privacy Rules. The resulting settlement prohibits Venmo from misrepresenting any material restrictions on the use of its service, the extent of control provided by any privacy settings, and the extent to which it adheres to a specific level of security.
While the settlement agreement may improve Venmo’s data security in the future, a recent study awarded Apple Pay the highest rating of the five applications reviewed (Apple Pay, Venmo, Zelle, Cash App, and Facebook P2P Payments in Messenger; Google Pay was not included in the study). In fact, Apple Pay was the only application to receive top marks for data privacy. This high ranking was based upon Apple Pay limiting the information it collects and shares on users and their transactions, refusing to store credit card or debit card numbers or sell users’ personal information to third parties, and requiring users to review and approve all transactions before they are completed. Unfortunately, Apple Pay can only be used on later-generation Apple products, so it is not a viable option for everyone. For non-Apple users, the same study found that Venmo, Cash App, and Facebook P2P Payments in Messenger were good performers, but they received only fair scores for data privacy.
Use of any of the mobile P2P payment services comes with risks, so it may be safer to chip in for your mother’s holiday present with cash instead of “Venmo-ing” your sister. However, if you find yourself using any of the P2P payment services, the FTC has provided some helpful tips for how to keep your data secure:
- If you transfer money from your P2P system balance to your bank account, confirm that the deposit went through. The transfer could take a few days or even longer if it is flagged for additional review.
- Always make sure you know who you are sending money to and confirm that you are sending any payments to the correct user. Some systems will not intervene if you accidentally send money to the wrong person.
- If you use the service to receive money from someone you do not know personally (e.g., to sell a product or concert ticket), transfer the money to your bank account and make sure the money is there before you send any goods. Before using a P2P system for commercial purposes, make sure to read the terms of service because some services do not allow such use.
- Check your account settings to see if you can enable additional security measures that are not on by default such as multi-factor authentication, PIN protection, or using fingerprint recognition.
- Some P2P services might share information about your transactions on social media or as part of a feed within the application. Check and adjust social media permissions or settings based on what you are comfortable sharing.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.