One thing is for sure, Venmo’s case definitely proves that regulation is severely lacking in the money transfer industry. And, considering how important that industry is, this cannot be allowed to continue.
It seems that not so long ago we were extolling the virtues of Venmo and speaking of how an entire generation has almost foregone cash, opting for this app instead. And all those virtues are still true today, but in the last couple of years, some of the app’s glaring weaknesses have come to light. Or technically, “were brought to light” would be a more accurate way to put it. The last person to have done this was Dan Salmon, who scraped seven million of Venmo’s transactions over the last six months. And he wasn’t the first to do it.
Dan is a computer science student who didn’t have any nefarious objectives. In fact he, as well as Hang Do Thi Duc, who did something similar with 207 million transactions the year before him, had intended to help Venmo’s many users. By exploiting this weakness so publicly they showed that it is there and nothing has been done to rectify it since the first time it was announced to the world.
Well actually, this is not entirely correct because Venmo did take some action to rectify the situation, but Dan’s work in scraping transactions this year show that it wasn’t nearly enough. Settling with the Federal Trade Commission over Venmo’s privacy and security violations didn’t help either.
What’s the Problem with Venmo?
“Public API”, these are the two words which define what is Venmo’s greatest problem. Using that public API enables anyone with a modicum of skill to learn every little detail of any Venmo transaction that hasn’t been set to “private”.
It might not seem like that big a deal. After all, who would set their money transfer app to make their transaction history publicly accessible?
Well, with Venmo every single user does exactly that. You don’t even get a choice because your account is set to “public” by default. Therefore, anyone out there can track your every transfer, as well as learn things about you like your full name, account creation date, user ID, and business status. They will also be able to see your user picture and even access your likes. And to do all this your online stalker doesn’t even need to have a Venmo account of their own.
That level of a privacy breach is mind-boggling for a money transfer app in a world that’s going global fast. Today more and more people and businesses require a means of making transfers safe. Such transactions aren’t restricted to a few more progressive migrant workers or families living in different countries anymore. Big businesses and investors are using them because the terms offered by money transfer companies are much more favorable than the huge fees charged by the banks. And yet, with such security and privacy weaknesses, no one can fully rely on these apps.
In Venmo’s case, setting your account to “private” fixes this problem but, for some reason, the vast majority of Venmo users don’t bother going into their app’s settings and making the switch manually. For some incomprehensible reason, Venmo itself also doesn’t bother changing its “public by default” policy either. This is despite it being so boldly exposed to the world, and, quite possibly, exploited by hundreds of less wholesome and conscientious characters than those computer science enthusiasts who brought this serious privacy issue to the world’s attention.
What Does This Mean for Other Money Transfer Apps?
While Venmo is out there at the frontline of public outrage over privacy and security inadequacies, this problem is not restricted only to this app. With the increasing importance of money transfer apps to the economies of the world, these issues grow ever more worrisome.
Quite clearly today’s globalized society isn’t going to stop using money transfer apps. Their rising importance to the world at large is testified to by the speedy growth of Remitly.
This means that the world needs a way to make money transfer apps more secure. In other words, it needs regulatory bodies which will monitor and enforce that security. The Financial Conduct Authority is one such body that is making money transfers safe today with great success.
The FCA supervises every important aspect of a financial firm’s operations, thereby making money transfers conducted through these firms as safe as bank transfers. The process is complex and requires constant monitoring and investigation of every customer complaint. But the result, which is secure global money transfers, makes it all worthwhile.
Unfortunately, the FCA only works to regulate UK businesses, and few other countries have anything resembling this kind of independent regulatory authority for financial companies. Changing this is the first step to making money transfer apps safe for everyone. We should be considering not only founding similar regulatory bodies which monitor financial businesses on a local scale but establishing authorities which will monitor them globally.
One thing is for sure, Venmo’s case definitely proves that regulation is severely lacking in the money transfer industry. And, considering how important that industry is, this cannot be allowed to continue.
Join the conversation!