Peer-to-Peer (P2P) payment platforms have skyrocketed in popularity in the past few years as more people move to cash alternatives. More than 75% of Millennials have used online or mobile P2P payments, followed by 69% of Gen X and 51% of Baby Boomers. Aite and Early Warning, owner of the P2P platform Zelle, have found that P2P payments will triple by 2020 as people further embrace the ease of splitting checks, paying rent, paying back friends, and more via their phones.
But exactly how safe are P2P payment apps? What risks do they pose? And which platforms are riskier than others?
Getting all your apps in a row
Consumer Reports ranked the five P2P platforms they deemed “good enough to use” on a score out of 100 and found Apple Pay to be the most trustworthy platform, followed by Venmo, Cash App (Square), Facebook P2P Payments in Messenger, and Zelle (standalone app).
Apple Pay and Facebook provide detailed terms of service and end-user agreements that explain how they use consumer data. But when it came to how these apps protect user data, Venmo and Zelle were ranked lower for not making clear exactly what it is they do to protect it (though all the platforms tested use an “acceptable level of data protection,” according to Consumer Reports).
While all the platforms offer additional layers of security to prevent unauthorized access, such as two-factor authentication (2FA) and PINs, the only app that doesn’t require users to opt into stronger security features – and instead opts them in by default – is Apple Pay. Zelle was the only platform that ranked below average on data security and privacy, and it lacks features to prevent you from sending money to the wrong person.
Ultimately, Consumer Reports found P2P payments to generally be safe, but warned that consumers should still be aware of their risks.
Peer-to-peer payments can wind up becoming stranger-to-stranger payments
As previously mentioned, Zelle lacks features to safeguard against users accidentally sending money to the wrong person, which can happen by inputting an incorrect phone number. The user agreement for the standalone app specifically states that the user is solely responsible for any money sent to a phone number typed in incorrectly. One wrong digit could lead to many digits of irretrievable cash missing from your bank account, as the unintentional recipient isn’t required to send back the money.
A number of customers that use Zelle via their bank’s app and website have fallen victim to this lapse in security, though banks haven’t always been keen on accommodating their requests for refunds. The banks that use Zelle don’t consider a transaction to be fraudulent if the customer authorized it. Unlike credit cards, Zelle doesn’t offer protection against scammers.
This has been especially problematic for people who have used Zelle and other P2P apps to pay strangers for purchases made through online marketplaces, like concert tickets and expensive sneakers, only to have the seller accept the payment and disappear off the face of the earth with the money and the item. Some P2P apps, like Facebook P2P Payments in Messenger, prohibit the use of their platforms for commercial or merchant transactions in their terms of service.
Taking TMI to a whole new level
Even P2P users who are careful about transfering money can’t totally escape risk. Venmo has been criticized for its public news feed that shares each user’s transactions; users by default are opted into this feature – accessible by anyone in the world, even if they aren’t Venmo users – and have to opt out if they want to keep their transactions private. Privacy advocate Han Do Thi Duc created the site Public by Default to emphasize how much data the general public can gather on any given Venmo user.
The issue is compounded by the fact that many Venmo users don’t change the default setting of the app, which resulted in over 200 million transactions becoming publicly available in 2017, according to Han Do Thi Duc’s research. This information could easily find its way into the hands of data brokers and others who do unsavory things with personal information.
Venmo’s response to the criticisms was that it doesn’t share the amounts paid per transaction nor does it publicize “potentially sensitive transactions,” which it defines as those made with a Venmo card or stores that accept Venmo. And while they had no plans to change opting users into the feed by default, they were ramping up their education efforts with a pop-up tutorial for users on how to adjust privacy settings in the app. However, Venmo is now considering whether they will remove the public news feed altogether and instead only feature transactions between friends.
So how can you mitigate the risk of fraud using these apps?
Make yourself less likely to fall victim to P2P scams by sticking to the following best practices:
- It can’t be stressed enough: don’t use P2P apps to pay strangers. Use these apps only to pay family and friends and people you’re familiar with.
- Never agree to pay someone for something purchased online via P2P platforms.
- Venmo users, adjust your privacy settings so your transactions aren’t visible in the public feed.
- Review user agreements for your app(s) of choice to fully understand what you’re liable for, should a transaction go awry.