Payments via Facebook Messenger soon to be a reality

A few months from now, US-based users of Facebook’s Messenger app will be able to send and receive money via it for free, the company has announced on Tuesday.

The option will be available in the Android, iOS, and desktop apps, via a $ icon. “The money you send is transferred right away. It may take one to three business days to make the money available to you depending on your bank, just as it does with other deposits,” the company noted.

The whole process can’t be more simple: if you want to send money to a fellow Messenger user – there are currently 500 million of them – you simply need to start message with them, tap the $ icon, enter the amount you want to send and tap “Pay.”

“The first time you send or receive money in Messenger, you’ll need to add a Visa or MasterCard debit card issued by a US bank to your account,” the company explained. “Once you add a debit card, you can create a PIN to provide additional security the next time you send money. On iOS devices you can also enable Touch ID.”

Receiving the money is even easier: open the conversation, add your card information, and accept the money.

Facebook hasn’t offered much detail about how it will go about securing these transactions, except for a vague summary of the security best practices used in their payments business:

We use secure systems that encrypt the connection between you and Facebook as well as your card information when you ask us to store it for you. We use layers of software and hardware protection that meet the highest industry standards. These payment systems are kept in a secured environment that is separate from other parts of the Facebook network and that receive additional monitoring and control. A team of anti-fraud specialists monitor for suspicious purchase activity to help keep accounts safe.

“While any new method of online payments will bring security and privacy concerns I see developments by Facebook in this space as a welcome move,” Brian Honan, CEO at BH Consulting, commented for Help Net Security. “We are now in an era where consumer requirements, rather than enterprise requirements, are driving the advancements in our ‎security solutions. These advancements aimed at that particular market place need to be simple, easy to use, and secure. Something which hopefully will influence the enterprise space.”

Facebook is not the only company trying to domintate the peer-to-peer payments market. PayPal has already entered the arena with Venmo, and Square is offering the option of making payments via email.

“We are going to see more alternate channels and currencies offered as means for payment, the term “cash is king’ is now a thing of the past,” says Raj Samani, Vice President and CTO, EMEA, Intel Security.

“Without commenting on each individual platform, it’s important for consumers to recognise their mobile devices no longer as phones but as digital wallets, and wherever possible leverage stronger authentication than the basic measures offered. Relying on basic PIN security for a device to protect your contact list may be okay, but for your wallet, or for apps that control your heating at home? Probably not.”

“I’m sure the payment processing is as secure as anything else you’d probably use online, but it’s still up to users to provide a layered approach to their payment security – I wonder how many will choose to enable PIN protection for payment, or turn on login approvals,” says Chris Boyd, Malware Intelligence Analyst at Malwarebytes.

“Social networks have seen so many scams and hacks over the years that many might feel a bit hesitant to start introducing their payment information into the mix. It’s up to companies such as Facebook and Twitter to convince the more hesitant portions of the online community that they provide the security they demand before taking this next step.”