Thirty-year old web developer Chris Grey signed into Venmo, an iPhone application used to send or receive money to friends, with the click of one button, according to The Slate. With the volume of Venmo payments tripling to $2.1 billion in the most recently reported quarter, according to The New York Times, the app has become one of the most popular, safe and simple methods to conduct financial transactions. But when Grey looked at his checkings account, he noticed an irreversible transfer of $3,000 to an unknown account.
Over the years, Internet users have become increasingly comfortable letting websites and apps access their personal information, such as their address and credit card numbers, which has often resulted in permanent and disastrous consequences.
Some of these apps, including Venmo, are small startups with fewer than 500 developers, often signifying a lack of a robust credit card security system. Their small size also results in minimal customer support.
Venmo only is liable for up to only $50 for any fraudulent activity, even in cases such as Grey’s, and can often take several days to respond to urgent, fraud-related emails.
“It’s scary to think that an app as popular as Venmo doesn’t have more accountability for such a huge mistake,” said senior Naman Sajwan, a Venmo user. “It reminds us that we need to be more careful even with the most widely used apps.”
In order for developers to use credit card information in an iPhone application, they need to use third-party companies like Apple Pay that serve as Payment Gateways, applications that are completely dedicated to payment systems, thus preventing app developers from ever handling their users’ credit card information themselves. As a result, the user’s security is reliant on these Payment Gateways.
According to the Apple Developer Forums, the main security concerns arise when customers think that credit card transactions happen immediately. For example, on Venmo, the application’s statement, “Success! Your money has been sent,” does not signify that this money has actually been transferred. Fraudulent users are able to illicitly access money by canceling transactions immediately after the app states that owed money has been transferred, when, in reality, the money has not been sent yet.
After a developer submits an application to Apple for review, Apple does review it and check for safety concerns, but often is not as thorough regarding Payment Gateways as a customers would like these payment methods to be, according to developers on the Apple Developer forums.
Users’ security is also a concern with popular apps like Uber. However, with multiple departments and thousands of employees, not including drivers and a work culture that focuses on maintaining quality customer service, Uber is more likely to keep its customers’ information safe.
“We try very hard to find good technical skills and an even better cultural fit for the company,” said class of 2012 alumnus Vineet Jain, a current software engineer at Uber. “[Fitting in culturally with the work atmosphere] allows employees to be extremely passionate about what they’re making and how the customers are affected.”
Because of the efforts at Uber, security issues are more likely to be handled in an immediate manner, according to Jain. Jain declined to comment on Uber’s specific techniques to make the application secure due to non-disclosure agreements.
Similarly, the app Poshmark — used to buy and sell clothing from other users — has also slowly risen in popularity since its debut in 2011.
The front page of the app links users to a page selling “designer clothes.” Poshmark users not only give out their personal information such as their address and credit card information, but also risk the possibility of buying fake designer clothes from a seller they’ve never met.
Junior Katrina Sung has used Poshmark on and off for about a year, and she has had only positive experiences with the app.
Poshmark users often don’t question anyone’s intentions, since the app appears “organized, convenient, and efficient,” according to Sung.
“I know that [users] share the same struggles of staying trendy and financially stable,” Sung said. “[Poshmark is] pretty well known, and there aren't very many cases of fraud, so I’m not worried.”