Venmo's Security Shortcomings: A Case Study on Jared's Compromised Account, Slides of History

Download Venmo's Security Shortcomings: A Case Study on Jared's Compromised Account and more Slides History in PDF only on Docsity! Send () Toxt tessage Verification Text Message Verification a —  SERVICE CASE STUDY Page 2 MKTG90007 Venmo: The Price of Convenience It was mid-June in 2015 when Jared Miller wanted to resell four NBA Finals tickets. With the next match in the game series only days away, the 28-year-old web developer decided to post his tickets on Craigslist, a popular choice for classifieds in San Francisco. To his surprise, an eager buyer, Robin, soon contacted Jared and agreed on a price. The purchase was confirmed but Robin suggested for the payment of $4,700 to be made via Venmo. Jared had only just signed up to the mobile payment service after several friends convinced him of the convenience of this “trendy, fast and reliable” fintech app. To them it was Facebook and PayPal combined, and a cool way to avoid the awkward “you owe me” conversations when splitting bills. Robin asked if he could Venmo half the payment that day and the rest on the following day. “Okay, that’s perfect” replied Jared without hesitation, in excitement about his first ‘business’ transaction on Venmo. He had previously only used the fee-free app to pay friends for beer nights, movies and settle rent dues, and enjoyed its convenient single-tap payments. He also particularly liked the ‘cha-ching’ sound, one of Venmo’s signature feature, that resonated with the joy of getting money into his account. With Venmo’s growing popularity among millennials, Jared’s friends assured the safety of the simple and quick money-transfer service, that he agreed to the buyer’s request with no second thoughts. The first instalment as promised, arrived the same evening to his Venmo account with the description “for Games 4” from Robin. The remaining $2,350 followed the next morning, the day of the big game. Jared promptly sent a request to transfer the complete $4,700 to his personal bank account and received Venmo’s “You cashed out!” notification. Satisfied with the confirmation, Jared immediately emailed the tickets to Robin. SERVICE CASE STUDY Page 5 Venmo’s shortcomings present a cause for concern for users, especially as a popular payment service that handles sensitive financial information. Jared discovered that he was not the only user to report such an experience, as Venmo’s Twitter feeds and other forums were rife with users complaining about its lack of assistance. Some experienced frozen funds, delayed transfers and some like Jared, were victim to scams [3]. Figure 3: Reviews and complaints from Venmo users [4] [5] Never at any point was Jared notified of any suspicious activity. “Even with all these changes to my password, email address, device log-in in addition to a lot of other settings changes, there was no email notification- zilch!” Jared complains. “These are basic security holes that even a giant could fit right through”. In addition, unlike most popular payment apps, Venmo did not provide a two-factor verification, which requires its users to provide a secondary authorisation to access an account. Venmo has constantly assured its customers about the security of their information through the reliability of its mobile-payment infrastructure. It states that they use “bank-grade security systems and data encryption to protect you and guard against any unauthorised transactions and access to your personal or financial information”. However, when hackers are allowed to easily breach through accounts transferring thousands of dollars as conveniently as ordering fast-food online, the weight of that promise almost seems feather-like. As the offshoot of PayPal and having a monthly user base of 10 million in U.S., Venmo’s consumers have an expectation of quality, especially in terms of facilitating payment services [6]. Rob Shavell, CEO and co-founder of Abine, a company that specialises in data-privacy by helping SERVICE CASE STUDY Page 6 users secure sensitive information, is also of the view that, “there ought to be email warnings, there ought to be two-factor authentication. It’s true for us, it’s true for Venmo, it’s true for all these services” [7]. Jared confidently agreed to receiving payments on Venmo from an unknown user, as he was unaware of the potential risks of using it for commercial purposes. Funds within a user’s Venmo account are not automatically wired to their bank account, meaning that scammers can take advantage by cancelling or reversing their payment after collecting the goods [8]. “I’m not sure how many users are even aware of this. Receiving money in my Venmo is more like a check than cash” says Jared, criticising the lack of relevant information provided. Additionally, most users connect their Venmo account either to their debit card (fee-free option), credit card (chargeable at 3%) or directly to their bank accounts [7]. In what seems as a method of attracting more sign-ups, Venmo encourages linking to debit card or bank, which are fee-free but also the riskiest option, which at no point does Venmo indicate. With these security issues on the rise, only 21% users in 2017 felt the payment app to be secure in comparison to other similar financial apps [9]. Figure 4: Secure payment apps according to users in U.S. [9] Dealing with frauds and other breaches in security is usually something that banks and other related payment services excel at. Fraud departments are specially equipped to handle cases like Jared’s, and dedicated lines work round-the-clock when customers report issues [7]. However, oddly enough, Venmo did not seem to offer that level of assistance. Jared was quick to report the unauthorised activity via an online form found on the company’s support page. But even after 24 hours and multiple emails later, SERVICE CASE STUDY Page 7 Jared was still waiting for assistance. “As a financial services company, it’s very scary when someone gets hacked and you are not around to help them”, Jared berates. Yet Venmo is favoured among 66% of American mobile payment users, with processed payments of up to $9 billion in 2017 [10]. Although, the app is winning on the popularity front with its quick, uncomplicated and even cool transfers, the reasons for Venmo’s popularity is outpacing its customer- support abilities. This was evident in its shabby customer service provided by a small staff size of 70 in 2015 (compared to PayPal’s 10,000 employees) [11]. It therefore, adds to the costs and sacrifices incurred by the customers instead of enhancing the benefits provided by the app. In Jared’s case, this failure cost him time and money. Since his Venmo was linked to his bank account via a routing number, Jared’s bank advised him to temporarily close out his account, which meant in the short-term, he had no access to his money. Figure 5: Rise in payment volumes processed by Venmo in U.S. [8] The Social Dilemma Venmo does not just promote itself as a financial app, but more uniquely as a social one. Signing up to Venmo, means that users are now immersed in their friends’ ‘public displays of transaction’ via their social feed [7]. Users have expressed their fondness in reading descriptions under transactions of friends and admit using it as their new favourite social media platform [1]. But the social pleasure of this service also has a dark side. SERVICE CASE STUDY Page 10 BIBLIOGRAPHY [1] Jeon, M. (2016, October 14). The Rise of Venmo Revealed on Social Media [Blog post]. Retrieved from https://www.crimsonhexagon.com/blog/the-rise-of-venmo-revealed-on-social-media/ [2] McGowan, S. (2017). UX Case Study: Venmo. Retrieved from https://usabilitygeek.com/ux-case-study- venmo-app/ [3] Buxton, M. (2017). We Read Venmo's Epically Long User Agreement So You Don't Have To. Retrieved from https://www.refinery29.com/2017/10/175845/venmo-account-frozen-user-agreement-violations [4] Consumer Affairs. (2018). 84 Venmo Consumer Reviews and Complaints. Retrieved from https://www.consumeraffairs.com/finance/venmo.html [5] Better Business Bureau. (2016). Reviews and Complaints. Retrieved from https://www.bbb.org/new-york- city/business-reviews/online-payment/venmo-inc-in-new-york-ny-136371/reviews-and-complaints [6] Hwong, C. (2017). Chart of the Week: Who’s Using Which Mobile Payment Apps?. Retrieved from https://www.vertoanalytics.com/chart-week-mobile-payment-apps/ [7] Griswold, A. (2015). Venmo Money, Venmo Problem. Retrieved from http://www.slate.com/articles/technology/safety_net/2015/02/venmo_security_it_s_not_as_strong_as_the_comp any_wants_you_to_think.html [8] O’Brien, E. (2017). People Venmo Money to Their Friends Just to Say 'Hi'. Retrieved from http://time.com/money/4893457/people-venmo-money-to-their-friends-just-to-say-hi/ [9] Morning Consult. (2017). Most secure money transfer or payment app according to users in the United States as of July 2017. In Statista - The Statistics Portal. Retrieved May 8, 2018, from https://www-statista- com.ezp.lib.unimelb.edu.au/statistics/783217/money-transfer-payment-app-user-security/ [10] Richter, F. (2017). The Meteoric Rise of Venmo. Retrieved from https://www.statista.com/chart/12158/payment-volume-processed-by-venmo/ [11] Griswold, A. (2015). Venmo Scammers Know Something You Don’t. Retrieved from http://www.slate.com/business/2018/05/paul-ryan-is-trying-to-kick-a-million-people-off-food-stamps.html [12] Phillips, H. (2017). This Is The Dumbest Thing You Can Do On Venmo [Blog post]. Retrieved from https://www.popsugar.com/career/Venmo-Safe-43192041 [13] Wolff-mann, E. (2015). WHY YOU SHOULD STOP USING VENMO [Blog Post]. Retrieved on https://www.thrillist.com/culture/why-you-should-stop-using-venmo-venmo-problems-security-issues-and- customer-service SERVICE CASE STUDY Page 11 QUESTIONS AND ANSWERS The following have been answered in reference to the case above. 1. Explain how Venmo’s facilitating and supporting services affected Jared’s experience. How could Venmo increase its user’s perceptions of value? The effective delivery of Venmo’s value proposition is dependent on its provision of information, financial security, ease of transfer and customer support. These are also the main variables that affected Jared’s experience. Total service product concept divides supplementary services into facilitating and supporting services (Frow et al., 2014). Since the former works directly to deliver the core service, it is essential for businesses to consider the fool-proof functionality of its facilitating services before enhancing the latter (Frow et al., 2014). Customers’ perception of value is the benefit received relative to the cost incurred in a service exchange (Ivanauskienė et al. 2012). The higher the benefits received compared to sacrifices, the better it is; but this was contrary to Jared’s experience. Firstly, Venmo’s improper communication of information led to higher psychic costs or mental energy spent by Jared in using the service. By avoiding misleading clauses in terms and conditions, disclosing safety issues in linking bank accounts, and implementing an effective notification system for changes to personal details, users can be better equipped to make informed sign-up decisions, thus increasing their perceptions of value. Moreover, all actions and improvements should be communicated through the webpage, app tutorials and customer service employees, to help customers follow service scripts. Payments being a key facilitating service to Venmo, poor execution can cause dissatisfaction among users. This is evident in Jared’s case, as the process of receiving payments and making transfers were far from easy or convenient. It rather cost Jared’s time, energy and a short-term loss of access to money, which greatly affected value gained from the service. Venmo thus needs to focus on improving its core service of quick and convenient transfers, over other aspects, to be able to develop an impenetrable infrastructure. SERVICE CASE STUDY Page 12 Frauds and hacking issues have been an eternal struggle for technology that provides convenience, even in the case of prestigious banks. Therefore, the key here is for Venmo to develop comprehensive supporting services to quickly react to customer needs, which would have helped increase Jared’s zone of tolerance to short-term inconveniences. This is achievable by improving Venmo’s internal service quality, through educating service workers about the importance of their role, and following scripts congruent to the role played. They should also understand user’s situations by taking account of their emotions and coming up with tailored answers that guide them to quicker solutions; something Venmo failed to do. In doing this, Venmo will be able to create a sense of perceived control, even though users may still face some risks associated with online payments. 2. What perceived risks are relevant to financial payment app users? Perceived risks play an important role in a customer’s decision-making process. The degree of uncertainty associated with the consequence of making a wrong decision is the main cause of concern when deciding on using a particular service. For customers that engage in online payment services like Venmo, the quality of that service is determined by how it is able to mitigate possible financial, functional, temporal and social risks. Users often sign-up to online payment services due to the ease and security of connecting it to their bank account to make quick payments. However, while these services like Venmo get rid of rigid bank procedures, it also creates room for fraudulent transactions to occur due to weak infrastructures. Such security loopholes increase the financial risk of users like Jared. Research also indicates privacy concerns and security awareness as major influencers of customers’ perceived risk and trust propensity (Yang et al., 2014). Moreover, being a high involvement service, users look for certainty in a financial app’s performance during the pre-purchase stage (Hoffman & Bateson, 2010). They are faced with certain risks in the app’s functioning- whether their funds would be transferred as promised, whether the interface is user friendly and free of technical errors or if they will be compensated for any loss (Churchman, 2017). The failure to provide notifications for changes to credentials and settings made it impossible for Jared to SERVICE CASE STUDY Page 15 exceeded their expectations (Parasuraman et al., 1988). Certain factors greatly influenced users’ assessment of Venmo’s service. In terms of reliability, the app failed to perform dependably when customer support was most needed by users. Providing misleading information on privacy policy, compromising safety by simplifying sign-up process, directing users to the riskier option of linking debit card or bank routing number, were all contributors to poor reliability of this financial service provider. Another key element of service compromised by Venmo was its responsiveness to customer problems. Timely response being crucial to financial apps, Venmo’s delay in handling user complaints or queries only caused more dissatisfaction. Jared’s experience may have been different with prompt assistance and information from support personnel, giving him more perceived control over the situation which would also have widened his zone of tolerance. While a factor like empathy may not be typical of a money-transfer app, it played an important role in Jared’s overall experience of Venmo’s service. Being victim to scams that cost thousands of dollars, users like Jared expect more than a generic message about plans to prevent the event in the future. By showing empathy in this scenario, service workers can offer relationship benefits that build confidence in users, thus reducing their anxiety and increasing perceptions of service quality. Over other dimensions, assurance largely affected Jared’s experience as it reflects the ability of staff to induce credibility. Trust can be conveyed through staff behaviour, by assuring financial security to users and adequate knowledge to assist with concerns, all of which Venmo was lacking in. Identifying these gaps in service quality would allow Venmo to decide where resources must be placed in order to improve services, and ultimately increasing user satisfaction (Seth et al., 2005). SERVICE CASE STUDY Page 16 5. Based on the risks discussed and the subsequent service failure, how can Venmo recover lost customers like Jared? Attribution theory teaches that effective management of a service failure begins with attributing a connection between the failure and a specific problem (Reilly, 2014). This allows to breakdown the service encounter. Venmo’s intermediary role as a platform in the service encounter played directly into customers’ dissatisfaction with the company. However, due to the app’s immense popularity it still has the opportunity to redeem itself and win back lost customers before it is too late. Brown and Tax (1998) identified three forms of justice that customers look for after a service failure namely distributive, procedural and interactional justice. Using this will allow Venmo to consider different options that will build customers’ perceptions of fairness. Firstly, Venmo should provide adequate compensation for customers’ loss caused by their service failure. Jared not only experienced a monetary and time loss, but also a psychological pressure of financial uncertainty. In addition to the reimbursement of his money, Venmo could also pay for any fees incurred with transfers or delays, facilitate a quick account recovery and overall compensation for inconveniencing users. This will not only serve as penance for its failure, but will also reduce user’s complaint behaviours, increase their equity in exchange and encourage them to continue using Venmo. As for procedural justice, Venmo should minimise user’s efforts spent on complaint procedures by establishing an easy contact with front-line staff as well as proactive follow-ups. It should facilitate quick acquisition of information such as know-how on set-up, privacy control or other FAQs. Quick issue resolution will enhance customers’ perceived control in the event that disaster strikes. Lastly looking at interactional justice, Venmo’s front-line staff need to judge customers’ emotions and act with appropriate responses. Therefore, sincere apologies and genuine concern about service failure is necessary when Venmo responds to customers; something that was lacking in Jared’s case (Zeithaml et al., 2018). A service recovery process of this level can result in customer satisfaction and future loyalty. However, in order to prevent employee burnout with the sudden culture change, Venmo should consider enlarging its customer support department. SERVICE CASE STUDY Page 17 To conclude, although customer satisfaction cannot be completely restored due to broken trust, it is important for Venmo to devote resources into service recovery to minimise the effect of negative word-of-mouth, reputation damage and lost customers (Michel & Meuter, 2008). After all, Venmo users are after convenience, and are likely to stay with the service knowing that it will support them when accidents happen.