Zelle, Venmo Services Convenient But Raise Many Privacy Issues

By Linda Childers

Long before the COVID-19 pandemic hit, cash payments and checks were becoming a distant memory.

This past year, many small businesses and individuals have continued to embrace such cashless payment solutions as Venmo and Zelle, allowing consumers to make payments by transferring funds electronically.

While Venmo, a financial platform owned by Paypal, lets consumers send and accept payments directly to friends and small businesses, Zelle gives the option to send money directly from one bank account to another. 

“These types of payment systems don’t offer the same protection as your credit cards,” Scott Augenbaum, a retired FBI agent in Nashville, Tenn., told Digital Privacy News.

“If fraud occurs on your credit card, you may be liable for $50, but digital payments are like cash — and the money immediately comes out of your wallet.”

Zelle officials told Digital Privacy News that unauthorized transactions might not be refunded.

On its site, Venmo said that it collected customer IP addresses and standard web log information: browser type and pages customers access on its site, as well as geolocation data for advertising purposes.

“These types of payment systems don’t offer the same protection as your credit cards.”

Scott Augenbaum, retired FBI agent.

Zelle’s policy said that customers who use its app consented to the collection, use, disclosure and retention of personal information for business reasons. The company said it did not sell personal information collected from the app.

That data included name, address, e-mail and IP address — though Zelle said it did not sell information about user behavior to third-party advertisers.

Ensuring Privacy

Despite these assurances, Augenbaum advised using password protection on phones and apps to protect privacy.

For example, under “settings” on Venmo, scroll to “security,” where — depending on your device — you’ll be asked for a “face ID and pin” or “touch ID and pin.”

By enabling this, you add an extra layer of privacy protection.

“By default, all your transactions on Venmo are public: the time, the recipient and the description,” said Gennie Gebhart of the Electronic Frontier Foundation (EFF) in San Francisco.

“If you set your transactions to ‘private,’ you can get around that,” she added. “But in practice, very few people change the settings.

“Venmo has ignored multiple petitions and campaigns to change this default.”

Still Sharing Data

Even after activating privacy settings, some peer-to-peer payment services may share customer data, experts told Digital Privacy News. 

“That’s the big misdirection of most social network privacy settings,” Gebhart said.

“They can be useful in preventing other users from seeing your information, but they almost never prevent the company itself from collecting, sharing and using your data.”

In addition, Gebhart cautioned Venmo users to keep “friends” lists public.

“While you can change your privacy settings, there’s no option to hide your friends list,” she told Digital Privacy News.

“By default, all your transactions on Venmo are public: the time, the recipient and the description.”

Gennie Gebhart, Electronic Frontier Foundation.

“This means the list of people with whom you exchange money regularly is public, with no way to hide it,” Gebhart explained. “That’s really scary — and a lot of users don’t think about it.”

Gebhart said your friends list could be just as revealing as your financial transactions themselves.

“This is ultimately a detailed record of your personal and professional community,” she said. “Without any options from Venmo, the best user-move is to just not send or accept any friends requests on Venmo and keep your friends list at zero.”

Both EFF and Mozilla have launched campaigns and open letters to Venmo, calling on the platform to keep transactions private by default and to give users privacy settings for their friends list.

Gebhart told Digital Privacy News that neither had received a response from the company to their efforts.

Linda Childers is a writer based in the San Francisco Bay Area.

The Scam Factor

Venmo and Zelle, like any other money-centered digital platform, have not been immune to scams.

“We advise people to treat transactions like cash and to be aware of ‘too-good-to-be-true’ situations, said Meghan Fintland, director of influencer relations at Early Warning Services, which owns and operates Zelle.

She noted that “especially during the pandemic — when scammers have been active with fake employment offers, bogus COVID cures and treatments and fake offers of assistance.

“Both Zelle and our participating financial institutions emphasize that consumers should only transfer money to people they know and trust.”

Meghan Fintland

Differentiating between fraud and scams versus authorized transactions is critical, Fintland told Digital Privacy News.

“If someone gains access to your bank account and makes a payment without your consent, that’s fraud — since it was unauthorized,” she said.

“This type of activity should be reported immediately to your bank — and since you didn’t authorize the payment, you should be able to get your money refunded.”

However, purchasing tickets to a concert or sporting event online, only to learn you’ve been scammed, falls under “authorized payments,” Fintland said.

“Once a consumer OKs a payment, they may not be able to get their money back,” she cautioned.

“This is why we encourage consumers to use trusted ticket brokers and reputable sources.

“In the event they’re scammed, they should contact their bank immediately to see if there is possible recourse.”

— Linda Childers