CR identifies steps that providers can take to improve protections and offers tips to consumers for reducing risks
YONKERS, NY – A new Consumer Reports evaluation of popular peer-to-peer (P2P) payment apps found that users could lose money to fraud or scams and face privacy risks because app providers may share their personal information widely and it is difficult for users to delete their data. CR is calling on P2P payment providers to strengthen their consumer disclosures and app features and is offering tips to users to help avoid problems.
“Peer-to-peer payment apps are a convenient and easy way to send money to others with just a few taps on your phone,” said Delicia Hand, director of financial fairness for Consumer Reports. “But consumers may end up losing money if they send a payment to the wrong person or fall victim to fraud or scams and are putting their privacy at risk when using a P2P payment app.”
Consumer Reports evaluated P2P payment apps using its Fair Digital Finance Framework, which CR developed to examine the benefits of digital finance products and services and the potential risks they may pose for consumers. The Framework was created with input from academics, fintech companies, regulators and consumer advocates to identify consumer friendly practices, improve industry practices and spur policymakers to adopt needed safeguards.
Recent surveys by Consumer Reports have documented how widely P2P payment services are used in the U.S. Well over half of Americans (64 percent) use a P2P payment app for payments to and from individuals, including four out of five (81 percent) of the 18 to 29 age group, according to a March 2022 nationally representative CR survey of 2,116 U.S. adults. Two out of five Americans (40 percent) say they use P2P payment services at least once a month; nearly one in five (18 percent) use them at least once a week.
While P2P payment apps have proven popular, users can lose money when they accidentally make an erroneous payment or fall victim to fraud or scams. CR’s survey found that of those who use P2P payment services at least once per week, 12 percent had sent money to the wrong person and 9 percent had been the victim of a scam.
In August through October 2022, CR examined Apple Cash, Cash App, Venmo and Zelle, and focused on the app providers’ safety, privacy and transparency policies, practices and protections by examining publicly available documents found on company websites and apps. CR evaluated safety practices related to the technology and policies used by the companies to protect consumer data and funds; privacy practices related to user data collection, sharing, and deletion; and transparency practices related to company disclosures of legal terms and consumer rights. Consumer disclosures were often difficult to find and understand, raising broad concerns about transparency. CR found that:
- All four P2P payment apps do not fully reimburse customers when users are induced into fraud. Although Venmo says that it will fully compensate users in these cases, and even has a purchase protection program for certain qualifying purchases, payments authorized by the user that exceed the initial authorization are not covered unless the user notifies Venmo and rescinds the authorization. None of the four apps will reimburse users or otherwise intervene when a payment is accidentally sent to the wrong person.
- All four P2P payment apps collect a large amount of personally identifying information about their users, may share it with undisclosed companies for sometimes unknown or vague purposes, and make it difficult for users to delete their own data. The P2P payment apps appear to collect far more data, and more types of data, than they need to provide the services that consumers expect.
- Apple Cash, Cash App, and Venmo have to meet sometimes confusing conditions to ensure their funds held in the payments portion of the app are protected by Federal Deposit Insurance Corporation insurance. Users could lose money if they haven’t completed additional app or product registration requirements and the P2P companies suffer financial losses or declare bankruptcy.
- All four P2P payment apps make it very difficult for users to track changes to the legally binding terms governing the service and require users to give up certain legal rights to resolve disputes. Users must resolve claims and disputes on an individual basis, mostly through binding arbitration or small claims court.
CR has urged policymakers to strengthen consumer protections for P2P payment app users, but is calling on providers not to wait for regulators to act. “P2P payment providers can raise the bar for consumer protection by taking more aggressive steps to minimize user risks,” said Hand. “Adopting stronger policies and safeguards will help build customer trust and loyalty and establish a new industry standard for fair digital finance.” CR recommends that providers:
- Clearly state which security protocols are used to protect users’ information.
- Be transparent about the availability of FDIC insurance and clearly explain reimbursement policies in cases of fraud or error.
- Go beyond obligations to investigate and resolve only certain fraud and scams under Regulation E of the Electronic Funds Transfer Act. For example, providers could create a fund to reimburse users who are victims of scams and tricked into transferring money.
- Collect only the data needed to prevent fraud and provide the payment service. Disclose and identify, in consumer-facing, legally binding terms and conditions, the data collected, the individual firms and types of firms they share consumer data with, and the purpose for sharing the data.
- Allow users to see their personal data and delete it if they no longer want to use the service or if it’s not needed to provide the service
- Do not require users to agree to binding arbitration to resolve disputes or to resolve claims on an individual basis
CR recommends a number of steps consumers can take to help minimize potential risks:
- Confirm the recipient’s identity before sending money. Do that with a phone number, email address, or a QR code. Cash App, Venmo and Zelle give users the ability to scan a QR code that appears on the recipient’s device.
- Send a $1 test payment and confirm it was received by the right person. That’s especially important if you are sending a lot of money.
- Move money from your P2P account to your bank account as soon as possible. That assures your funds are FDIC insured in your bank.
- Turn on all identity verification options available in the P2P app. With those features activated, anyone trying to use the account will have to go through additional security measures, such as two-factor authentication.
- Frequently monitor your P2P accounts. You may be able to catch problems early enough to report it to companies and not be on the hook for unauthorized payments.
- Delete any P2P app you don’t use. It’s not enough to simply remove the app from your phone; instead, to make sure you’ve closed and deleted the account, select the “delete account” option within the app.
- Opt out of binding arbitration if possible. Cash App, Venmo and Zelle give users 30 days to opt out of the requirement by mailing a written notice. Apple Cash does not allow users to opt out. And if you do have a dispute, try negotiating with the company before going to arbitration.
Consumer Reports’ assessment of peer-to-peer payment apps is part of a broader initiative to strengthen consumer protections in the burgeoning digital finance marketplace, made possible, in part, by a grant from Flourish Ventures’ fund at the Silicon Valley Community Foundation. The grant supports CR’s efforts to partner with consumers, industry, and policymakers to secure business practices, standards, and laws necessary to build a fair and inclusive financial marketplace.
Michael McCauley, michael.mccauley@consumer.org, 415-902-9537