Sending money to a friend -- whether for a dinner, trip or gift -- is about to get easier. Facebook announced last month that it's adding mobile payment capabilities, so that users can store a debit card and send money to each other for free using the Facebook Messenger app. The feature is expected to roll out to U.S. Facebook users in the coming months.
Users will be able to send money via the Facebook Messenger app by composing a message to a friend and tapping a "$" icon. To accept money, the recipient opens the message and enters his or her debit card information. Facebook reports that the money will transfer immediately, but it could take one to three business days for the recipient's bank to make the funds available.
Facebook Messenger is one of a growing number of peer-to-peer payment options. First came PayPal (and in a move that perhaps foreshadowed its recent announcement, Facebook hired PayPal president David Marcus to run Facebook Messenger last year), then Venmo, then Snapchat launched its own peer-to-peer payment option, Snapcash, in partnership with Square last November.
Facebook's new payment system is a growth opportunity and "chance to increase the stickiness that they have with their customers," says Sanjib Kalita, who formerly worked on Google Wallet and is now head of marketing at Money20/20, an annual event focusing on payments and commerce. "The Facebook user who uses peer-to-peer payments opens up their app a few times more per day, and that's an opportunity to show more ads or offer more services."
Since Facebook money transfers will be free -- like the aforementioned peer-to-peer transfer options -- Kalita predicts the feature may help the platform boost user loyalty and possibly derive value from the data it compiles from its billion users. "There's obviously a lot of payment [options] in how people shop and how people pay," Kalita says. "People are using mobile phones more, and social networks are becoming a bigger part of their lives."
Sending money to a friend with a few clicks sounds simple. But is it safe?
Consider the recent reports of security shortcomings with Venmo. Thieves were able to change users' passwords -- without users being notified of the change -- and reportedly steal thousands of dollars. (Venmo says the security flaw has been resolved.)
Given security concerns, Özgür Güngör, general manager of Cardtek Group, a provider of mobile and EMV payment solutions, predicts that Facebook will be ultra careful about how it rolls out payment options. "This feature will be used for consumer-to-consumer sales, peer-to-peer transfers," he says. "These are not really payments as we know from cards and mobile. These are money transfer operations. Payments require more sophisticated security conditions." E-commerce transactions may come later once users grow accustomed to paying each other, and Facebook refines the process, Güngör adds.
Robert Siciliano, security expert with the hotspot shield AnchorFree, says it's Facebook users and not the platform itself that could pose security problems. "Facebook's really on top of authenticating their users," he says. "They provide two-factor authentication for device security and for user security. That's optional for most users, but I think that if they make it [mandatory] I think that would be even better, especially for payment security."
Siciliano suggests that users enable two-factor authentication, which Facebook calls Login Approvals. Under Login Approvals, the user must enter a code received via text or mobile phone each time they try to log in from a new or unrecognized device. "If I ever log into Facebook after I've reinstalled the browser, I have to enter a password from a text message with a one-time password," Siciliano says. "All of these additional layers of protection, I think, are necessary. If Facebook makes that a requirement, it'll all be better. The problem isn't the Facebooks and the Venmos; the problem generally is the user."
For instance, if you've ever checked Facebook on a friend's computer or a library computer, those devices could contain malware that capture your username and password. Or perhaps you've used your device on an unprotected wireless network or used the same username and password for an e-commerce website that you use for your banking or social media accounts. "Their credentials [could be] now in the hands of a criminal who might log in from overseas and begin to make transactions without the user's knowledge," Siciliano says. "It makes it close to impossible to compromise an account once these additional layers are in place."
The medium of payment also matters. Venmo and PayPal allow credit cards, but charge a fee for processing them; Snapchat only lets users link debit cards to their accounts. Payments sent over Facebook Messenger will also draw from a debit card, not a credit card, so consumers will not have the same protections as with a compromised credit card. When you use a debit card, the money comes out of your checking account right away, but you have the chance to dispute credit card transactions before paying your bill.
"I am just not a fan of debit cards," says Siciliano, adding that he doesn't have one himself. "That being said, I would trust Facebook with my debit card information more than I would trust my debit card in my wallet. In the physical world, it's a lot easier for a wallet to be lost or stolen or a card can be skimmed."
Whether transacting online or in the real world, give out your financial information with caution and check your statements regularly for unauthorized transactions.