Law in the Internet Society

Banking as Social Media – The Venmo problem

-- By NishaChandra - 11 Oct 2019

Mobile wallets

Venmo, one of the first mobile wallet applications, allows users to send each other money and request payments. To make a transaction, users simply type in the username of the other party, the amount, whether it’s a payment or a request, and what the transaction is for. Users link their Venmo account to a credit card, debit card, or bank account and draw money from those account to make payments. Venmo accounts are also linked in the user’s cellphone number.

What makes Venmo different than the other mobile wallet applications, like the Square Cash App or Zelle, is the social aspect. Venmo purposely has made banking open and social as a way to encourage users to utilize the application. Users can add other users as “friends”, either manually or by importing a friends list from their contact list or Facebook friends list. This is a purely social feature – you don’t have to be friends with someone to pay or request payment from them.

The anxieties argument

So why use Venmo, or even another mobile payment system when cash is just as efficient? The answer might be that we have anxieties around the use of cash. Cash can involve fumbling at the register, doing mental math, and having awkward conversations with people to settle a bill. With a mobile system, we can conveniently surrender those anxieties to the machine in exchange for our data. Additionally, users may be using Venmo over non-social mobile payment systems because Venmo was the first popular system. Inertia and the anxieties tied to signing up with a whole new system have stopped users from abandoning Venmo for more private pastures. But this release of anxieties may not be worth the immense privacy violations.

The Privacy Concerns


Transactions on Venmo can be viewed by parties on a scrolling feed. When a user completes a transaction on Venmo, they can decide whether that transaction is private (can only be viewed by the other party to the transaction), visible to friends, or public (visible to everyone). Transactions on Venmo are public by default, available to be viewed by any other person with the app. And since Venmo has a rumored 10 million monthly users, that’s a lot of people. Countless think-pieces have been written on why it is so addictive to stalk your friends on Venmo, so clearly this is an activity that people partake in. But users can be stalked by less friendly faces – abusive ex-partners, law enforcement, or even dangerous strangers. Based on who a user pays and what they pay them for, the whole world can find out in a second where the user is and what they’re doing. The personal safety implications are enormous.

Spear phishing

People can also use the publicly available payment patterns on Venmo to engage in malicious activities such as spear-phishing. If a user, for instance, has frequent payments to a friend named Sophie, someone might spoof an email from Sophie to the user to get them to reveal confidential information. Or the spoof email might appear to come from a restaurant the user appears to patronize often. Either way, knowledge of a person’s personal information can be used to lull them into a false sense of security which can later be manipulated for financial gain.

Data breaches

Fortunately, Venmo hasn’t had a traditional data breach – yet. But if and when it does, the results could be disastrous for users. According to its privacy policy, this is some of the data Venmo collects on users: telephone number, name, street address, email address, date of birth, SSN, geolocation information, device type, language, time zone, Facebook log-in credentials, Facebook friends list, email account information, bank account login information, bank account number, routing numbers, credit card numbers. This type of data could easily be used to steal the identities of all Venmo’s users if it fell into the wrong hands.

Data harvesting

Venmo and others can use transaction history as a way to mine information, similarly to how Google mines users’ information based on their searches. Venmo has a function to track users’ locations, and also has near infinite data on what those users eat, how they spend their time, and even who they live with. Even individuals can harvest this data because so much of it is publicly available. For instance, in June 2018, a programmer scraped public Venmo data and was able to compile a list of users who were likely selling drugs and receiving payments through Venmo.

Under its privacy policy, Venmo can share the data it gathers with its parent company PayPal? , its affiliates and subsidiaries, any companies PayPal? plans to merge with or be acquired by, law enforcement, government officials, and third-party service providers. All these entities are surely currently using the data compiled by Venmo for their own purposes – whether it be for targeted marketing or catching law-breaking behavior.

Psychological Effects

Our society seems to have accepted the massive breaches of privacy that accompany use of the internet today. We’ve adapted to it and internalized it as something that will always affect our external lives. But the social aspects of Venmo’s style of banking can have negative effects on our internal lives as well. In return for the services Venmo provides, users open themselves up to judge and be judged by friends and strangers alike. Social media facilitates comparison to others, along with all the self-doubt, anxiety, and shame that goes along with that comparison. No good can come out of seeing your ex-boyfriend’s back-and-forth payments with another girl. No good can come out of obsessively checking your girlfriend’s transactions to find evidence she’s cheating. And no good can come out of seeing your peers’ living seemingly rich and vibrant social lives while you sit at home alone. The toll social media can take on one’s mental health is surely not worth paying a bill slightly faster.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 15 Jan 2020 - 22:24:25 - NishaChandra
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM