In the last few years, uptake of personal payment applications has been shaking up the world of fintech. US-based digital wallet Venmo, one of the fastest-growing apps in this realm, is changing the way we think about person-to-person (P2P) payments. Venmo is used mainly to make small payments between people who know each other, and it appears to be highly effective in eliminating small – albeit pesky – lingering debt between friends, family members and others who struggle to follow through on IOUs. On the face of it, Venmo seems like nothing more than a variation of PayPal (which, incidentally, owns Venmo). So what sets Venmo apart, and why are millennials flocking to it with such enthusiasm?
Just had #pizza with @johnsmith
With Venmo, not only are moochers confronted about their wallet-forgetting ways, but financial transactions between friends – which, let’s face it, can be awkward at times – become something to be celebrated and shared. The app goes as far as to claim that the act of paying someone back or splitting a bill will strengthen the bonds of friendship (or “build your friend cred”). (Take a look at Venmo’s quirky marketing campaign here.)
The game-changing factor is that Venmo is a hybrid of a payment app and a social media app. Venmo makes P2P payments more intuitive and user-friendly, then takes the experience to the next level by encouraging the user to share the things they’re paying for in real time by connecting their account to social media platforms like Facebook and Twitter. Venmo ticks all the boxes when it comes to ensuring an exciting and enjoyable experience for trendsetting users.
Venmo’s service may not be causing banks any direct revenue loss, but it has certainly pointed out a gap in the market. In response, 19 of the largest US banks (including Bank of America, JPMorgan Chase and Wells Fargo) have joined forces to create the payments platform Zelle. Zelle is aimed at a much wider audience than Venmo and promises to improve on the latter: instant, free transfers will be its biggest advantage. (It currently takes a day for money to transfer between two Venmo users.)
Both Venmo and Zelle sound like wins in terms of convenience. But what about security?
In 2015, Venmo announced that it is introducing multi-factor authentication. If a user logs in from a new device and that device is not recognized by the Venmo app, the user is asked to verify themselves via an OTP (one-time password) that is sent to their registered email or phone number. However, after a long history of failure as a second factor of authentication, SMS OTPs are now being deprecated as a security measure, since they are fairly easy for fraudsters to intercept through a man-in-the-middle (MITM) attack or SIM swap. Venmo also offers its users the option of adding a static PIN to their password, but given that both of these factors of authentication qualify as “things the user knows”, they do not constitute true multi-factor authentication.
Zelle’s website does not name specific authentication measures it uses, only “technical, administrative and physical security controls to protect from unauthorized access, disclosure, or use”. The site also warns users that “the security of data transmission over the Internet cannot be completely guaranteed”.
At Entersekt, we agree, which makes it all the more important that Zelle (or Venmo, or any payments provider) instead authenticates its customers over a fully out-of-band, end-to-end-encrypted channel distinct from the Internet. If they do so, they will score as highly on protection as they do on user experience.