Using a payment app to pay your friends directly or split a restaurant bill has become increasingly popular among younger generations in particular. But are they safe?
Nikki Hesford, 32, is a convert to person-to-person payment (P2P) apps, using PayPal to pay for services and Venmo to pay back friends.
“The only time in the last year I’ve drawn out cash is for the school fete cake stall and to pay my manicurist,” says Ms Hesford, who runs her own marketing support company for small businesses.
“If I go for a meal with friends I can’t be bothered messing about with two, three or four cards,” she says.
“One person will pay on a card and the others will transfer through an app. It takes seconds rather than minutes fussing around with who owes what.”
Such P2P apps, like PayPal-owned Venmo, Zelle, Apple Pay, Facebook Messenger, WeChat Pay, and Square Cash, let you pay someone in seconds because they’re hooked up to your bank account, credit card or debit card.
They are proving popular with young people wanting a convenient, cash-free way to pay friends back for coffees, takeaways or cocktails, but are also being used for larger payments.
And they’re growing fast.
Zelle, one of the most popular payment apps in the US backed by 150 banks, launched in June 2017, but has already processed more than 320 million transactions valued at $94bn (£72bn).
A recent report by Zion market research suggested that the global mobile-wallet market in general is expected to top $3bn by 2022, up from nearly $600m in 2016.
Neeraj Vig, 33, says using a P2P payment app is more convenient and cuts out the awkwardness of having to remind his flatmate every month to pay the rent.
“Instead of chasing my flatmate when the bills come in I’ll request the money through an app called Billbutler,” he says. “Once he’s transferred it to me I’ll then pay the bill straight away.”
Such apps, along with contactless payment cards and smartphones, are rapidly making cash redundant.
“You no longer need to waste time trying to find a cash machine to settle a debt, or fiddling around with sort codes and lengthy bank account numbers to transfer money,” explains Alison Sagar, PayPal UK’s head of consumer and marketing director.
“All you need is a mobile number or an email address, and in a few taps you can send money, just like a text message.”
Rachna Ahlawat, co-founder of Ondot Systems, a payment services platform, perceives a marked change in consumer behaviour.
“We want transactions to happen in an instant and at the click of a button,” she says. “Consumers not only want to operate in real-time, but they are looking for technology that allows them to play a more active role in how they control their payments, and are finding new ways of managing their financial lives.”
But there are concerns that security and privacy are being sacrificed on the altar of convenience.
Venmo has always had a social media element to the app, whereby users could include emojis and other comments when sending money back and forth to friends. According to Venmo the pizza emoji is used every 20 seconds.
But unless you restricted your privacy settings, this meant complete strangers could see your spending habits – including money spent on drugs, drink and even strippers. Some people even claim to have uncovered a partner’s infidelity via the app.
Such personal details are also gold dust for hackers wanting to make fake emails look as if they’ve come from real people in your organisation, with the aim of persuading you to give away security information or even make payments you shouldn’t.
But Venmo defends its approach.
“Our users trust us with their money and personal information, and we take this responsibility and privacy laws very seriously,” a spokesman tells the BBC.
“We use encryption to protect our users’ account information and monitor their account activity to help identify unauthorised transactions.
“Plus, a user can limit the visibility of payments by updating the privacy settings on a payment even after they have sent it.”
Monzo, which launched a P2P payment service in 2016, now enables users to send money to other bank accounts outside of the network. But security is high, the bank says, with PIN [personal identification number] codes and fingerprints used for authentication.
More complicated authentication procedures are required for larger sums, the bank says.
But Pedro Fortuna, co-founder and chief technology officer at Jscrambler, an app security company, warns that the nature of these apps that sit between the user and the bank makes them potentially vulnerable to hackers.
“From the moment that e-banking apps are deployed to the user’s mobile device or browser, organisations lose visibility and control over how these apps are presented and how their code is running,” he says.
More Technology of Business
- Can the city of pizza reinvent itself as a tech capital?
- ‘A new bladder made from my cells gave me my life back’
- Are ‘swipe left’ dating apps bad for our mental health?
- The race to make the world’s most powerful computer ever
- ‘My robot makes me feel like I haven’t been forgotten’
“Malware injections and reverse engineering attacks can be used by hackers to understand the app’s code and silently trick you, going undetected by the typical security measures.”
Sean Devaney, strategy director for banking and finance at IT firm CGI UK, believes users of P2P payment apps need to take responsibility for their own data privacy and security.
“In the UK, there is significant regulation that protects users’ data, but this protection is only as good as the app provider’s ability to implement it,” he says.
“With the increasing number of apps all requiring some form of authentication, it’s all too tempting to reuse passwords across multiple services. This increases the risk of your data being hacked.”
Experts also advise users not to send money to strangers, as P2P payment apps are typically designed to facilitate payments between friends and colleagues, not for commercial transactions – there’s no buyer or seller protection.
Used wisely, P2P payment apps are fast and convenient. Just make sure you understand the security and privacy settings, otherwise you could end up giving away more data than you intended and even sending money to fraudsters.