Linking payments accounts to public profiles is a convenience that makes digital payments as easy as typing a tweet, but after a high-profile trolling incident involving one of President Trump's closest colleagues, it seems there are still issues to work out.
In early February, it came to light that Trump’s press secretary, Sean Spicer, was being targeted through his public Venmo account by pranksters sending and requesting money from him for various sarcastic reasons. On the surface it may seem like a harmless prank, but the episode highlights some of the issues that arise when using personally identifiable information as a payment identifier.
— Who? Weekly (@whoweekly) February 7, 2017
“It’s a fascinating case study in why it's important to safeguard your credentials, especially when you’re in the public eye,” said Andy Schmidt, an executive adviser at CEB. “And as more elected officials and people in power use social media, more of these gaffs are bound to happen.”
While this trolling—a common word for pranking someone online—isn’t criminal, it is annoying. And it can get much more serious.
Venmo's parent company, PayPal, is known to be particularly aggressive in halting transactions that may indicate illegal activity, such as its recent suspension of the account of News Media Canada, which attempted to use PayPal to pay a fee for an awards competition; the article being submitted was about a Syrian family, and the mention of Syria raised flags with PayPal.
At the furthest extreme, internet trolling can be used to provoke a potentially violent police response against an innocent individual (a practice known as SWATing).
Dave Birch, director at U.K.-based payments consultancy, Consult Hyperion, says adding a whitelisting mechanism might be useful.
For instance, on WhatsApp if a sender messages a recipient that doesn’t have the sender’s number stored in their phone, a message is displayed that gives the recipient the option to report as spam, block or add the user. A similar system could work as a filtering mechanism for Venmo, especially if Venmo adds the ability for users to verify or authenticate themselves like Twitter does, said Birch.
That authentication could come from banks, he continues, and user’s would have the ability to block payments from people who have not linked an identifiable bank account.
“If you strengthen parts of the infrastructure then there are ways to use effective identity mechanisms to cut down on some of this trolling stuff,” Birch said.
And these mechanisms should be bolstered, because using email addresses, phone numbers and online handles as “pay names” is quite beneficial, not just for convenience but security, Birch said.
In the U.K., there is a high amount of fraud executed on the instant payment networks because people get tricked into sending money to the wrong account numbers, Birch said. Instead if the request came through with a profile picture and other social media information, it would be easier for the recipient to verify the information, he said.
“A key reason people chose to use Venmo is that you can easily send money to friends and family using username, email or phone number,” said Josh Criscoe, head of corporate affairs and communications at Venmo.
Yet the social person-to-person payments app does have its fair share of privacy and security controls. Users can set their account to Private so only they can see transactions sent and received, plus this feature can be applied retroactively to all past transactions. And, on a case-by-case basis, users can block others that are sending them unwanted payments and messages.
“Like other social networks, there is not an option to completely hide your profile from public view besides blocking individual users,” Criscoe said.
Thus, participating in a social payment system would always carry with it some risk of being targeted by internet trolls and scammers.
“But the safety and privacy of the people using Venmo is one of our highest priorities,” Criscoe said. “If there is ever a situation where a question is raised, Venmo works quickly to address any concerns that are brought to our attention. Our users are the focus of everything we do and our goal is to ensure they have a positive experience when using Venmo.”
CEB’s Schmidt says this response is appropriate. Doing anything more would defeat the purpose, he said.
“All of this is meant to make people easier to find; it’s the direction we’re heading in,” said Schmidt. “Venmo is definitely targeting a population comfortable with being easy to find and sharing their information.”
Public figures can still participate, but they might need to up their security first. For instance, Schmidt said, they could use an alias that is unconnected from their real name as a way of hiding in plain sight.
“Anyone in the public eye needs to get advice from someone who is adept in this area, to protect accounts and information,” he continued. “As you become more important, more visible, you become a more attractive target and you’ll want to employ a variety of different protocols to make sure you’re safe.”