Aesop is a legendary Greek figure credited with authoring hundreds of fables. These short stories appeal to adults and children alike and typically feature personified animals who through their shortcomings impart moral lessons. One of Aesop's best-known cautionary tales is The Tortoise and the Hare, the story of a boastful, fast-running bunny who through his own missteps manages to lose a race to a slow-moving tortoise.
Enter Venmo, the mega popular mobile app. It is providing a cautionary tale of its own to banks that are trying to maneuver around in the fast-growing peer-to-peer (P2P) space. Of late, the EBay-owned P2P payment company has become embroiled in controversy over security shortcomings that have reportedly cost users time and money. Venmo says on its website that it uses "bank grade security systems and data encryption to protect you and guard against any unauthorized transactions and access to your personal or financial information." But a recent article in Slate Magazine suggests otherwise, claiming customers have had their accounts hacked and that the system itself is an open invitation for would-be thieves. According to Slate, Venmo doesn't alert users if their password or email credentials change from within the account. Two-factor authentication, an important security measure, is also notably missing.
Note that Venmo--which processed $700mm in payments last quarter--is particularly popular among 20-somethings who like its unique combination of P2P payments and social media. When you send someone money using Venmo, you broadcast to other app users what the payment is for. For social media buffs, it's a fun way to see what your friends are doing, who they hang out with and when. The downside, of course, is that this transparency allows the ill-intentioned to also see activity.
For banks, offering P2P seems like a logical progression in adding electronic payment services. Most banks are also charging for P2P transactions. As the Venmo story shows though, there are significant risks, so caution is advised and careful assessment should be made of the bank's (or outside provider's) capability of monitoring for fraud or misuse. Missteps can cause all sorts of problems ranging from bad publicity to customer attrition or unwanted regulatory attention.
It's clear from what already exists on the market that banks rolling out P2P need to make sure features are easy to use, have high functionality and incorporate some level of social engagement. There is little tolerance for clunky technology by anyone, and especially the demographic that currently uses or will be likely to use P2P.
At the same time, security has to be top-notch. While it's true that banks are really good at dealing with fraud, it's far better to avoid the trouble in the first place by making sure your notifications and security processes are in place. Ease of use and the coolness factor mean nothing if you aren't protecting your customer's money. Even adopting a model of free payments doesn't amount to much if your customers' accounts and sensitive information are in danger of being compromised.
We've no doubt that there are openings for banks to compete in the P2P space. In fact banks can capitalize on the missteps of companies by advertising the strength of your security processes. Just be certain that your bank carefully vets outside providers and institutes procedures to protect both the bank and customers. Just like with the tortoise and the hare, slow and steady often prevails and this should be the approach of banks wanting to offer P2P as a part of their product suite.