Payment apps are all fun and easy, until you get burned by a typo
Share Now on:
PayPal reports quarterly earnings tomorrow, and so we’ll get an update on Venmo, the popular peer-to-peer payments app that PayPal owns. As services like Venmo, Square Cash and Zelle have gotten more popular, there have been some growing pains. Fraud and scams, for sure, but also a lot of accidental payments — like if you type in the wrong email address. When that happens, as people have sadly discovered, the money is gone.
Host Molly Wood spoke with analyst Lisa Ellis at the research firm MoffettNathanson. She said up to 1% of all [peer-to-peer] payment app transactions could be fraud or accidents. The following is an edited transcript of their conversation.
Molly Wood: What protections are there if you send money to the wrong person?
Lisa Ellis: There aren’t any official protections, because it’s just an accident. You made the payment. You’re the idiot that did it. There’s no legal or official reason you should be getting that [money] back. But the services do want to avoid that happening. They’re starting to put more controls in place. If you’re sending money to someone you’ve never sent money before, they’ll now usually send a secondary message saying, “Are you sure this is the right person?” But it’s really very voluntary. They’re not obligated to do anything.
Wood: Let’s dig into some of the differences between the specific services, because you have PayPal, which has been around a long time. You have Square Cash, which is like Venmo. Do they have fewer built-in protections than Zelle, which is developed by the banks?
Ellis: In some ways yes, in some ways no. The benefit that you have in the services like PayPal, Venmo and Zelle, is that you must have officially signed up for the service. They have a very standardized set of information about you, so they can avoid the issues like having the same email address or the same phone number assigned to multiple accounts. They can avoid those types of issues, because they make sure that doesn’t happen when they sign you up.
Wood: It does sound like you’re saying, though, that if I accidentally send money to the wrong person in Zelle, that I have the same problem as if I do in Venmo.
Ellis: Oh, yes. If it’s accidental, yes.
Wood: What is interesting about that, as a consumer, is that I thought that if these things were attached to my bank, which is FDIC insured, that there would be those protections. How hard would it be for these companies to say, “We’re going to help you out a little here”?
“Banks are responsible for protecting you against fraud, but they’re not responsible for protecting you against making mistakes…”Lisa Ellis
Ellis: They do try to help you out. The difference is if you have protections related to your debit card or your credit card, those are much more related to fraud. And the banks are responsible for protecting you against fraud, but they’re not responsible for protecting you against making mistakes or being an idiot. It’s a much more difficult thing to protect against than fraud.
Wood: And certainly, we know that you cannot legislate against stupidity. But you could imagine these companies saying that this could become a threat to the business, if people don’t have trust.
Ellis: Absolutely. It’s certainly in their best interest to figure out ways to mitigate it. It’s a delicate balance, because a big part of the value proposition of the [peer-to-peer] payment services is that it’s super quick and easy. So, they just must navigate through that and figure out ways to make it less onerous.
Wood: We’re talking about growing pains as these payment systems become more popular. They’re probably only going to increase in popularity and usage. Is it possible that some regulations need to be crafted in order to keep up, like that there should be a standard way that you verify the identity of someone you’re sending money to, for example?
Ellis: I don’t know that that requires a regulation, per se, but those types of things are usually handled as industry standards. In the same way that the fraud protection that you have on your credit card or debit card — those aren’t regulations. That’s set by the systems: by Visa, MasterCard. They have a whole governing set of operating rules that govern how risk is shared, how fraud is mitigated, what security requirements each player in the ecosystem must maintain. It’s just that that rule set, which was built up for those systems over 60 years, is not really in place for these other systems at this point. It’s a self-policing type of thing. They’ll end up establishing their own standards.
Related links: more insight from Molly Wood
Last year, Consumer Reports did a deep dive into peer-to-peer payment apps and found that it can be almost impossible for consumers to understand what protections there are in the case of a scam or a user error. It said that almost all payment apps could do a better job of setting their security levels higher by default to make it harder for someone to access your app if they steal your phone — or even to put up more roadblocks when you send people payments.
When Consumer Reports did focus groups and asked consumers if they thought their money was protected from mistakes, almost every single person said they thought the services would make it right and were surprised to hear that they probably won’t.
Still, I should point out that Consumer Reports did find that peer-to-peer payment apps are safe. You just shouldn’t use them to buy things online —and even if you’re buying in person.
Venmo introduced QR codes to people’s profiles back in 2017, and instead of typing in someone’s email you can scan their code, so you know you’re paying the right person.
What do you think? Have you ever the paid the wrong person, or had money sent to you by accident?
Email us at firstname.lastname@example.org. We’d love to hear your stories.