How Safe Is Facebook’s New Payment Platform?

Last week Facebook rolled out its new payment platform for all US-based Facebook Messenger users. According to their news release,

“The first time you send or receive money in Messenger, you’ll need to add a Visa or MasterCard debit card issued by a US bank to your account.”

After a user has entered their debit card information into the system, the payments feature allows the user to either click a dollar sign icon in the chat window or simply type a dollar amount inside the chat which will then transform into a payment link. Similar to email money transfer technology, the money moves from the user’s checking account into the recipient’s account, as long as both users have entered their account information into Facebook.

In June, Facebook announced that its messenger app had reached 700 million users worldwide and it’s no surprise that the company is entering a lucrative mobile payment market. Last June, David Marcus left his position as the president of PayPal to become Vice President of Messaging Products for Facebook. CNET reports that

“By next year, alone, mobile payments in the US are set to grow to $27.5 billion in the US, up from $3.5 billion in 2014, according to research firm eMarketer.” 

Facebook’s news release about the new platform promotes the security of the system, stating that the social media site has been processing payments for games and advertisers since 2007 and already manages one million daily mobile payment transactions. However, based on its most recent figures, Facebook estimated approximately 67 to 134 million fake accounts on its network in 2013. With the prominence of click farms, those numbers may be similar if not higher in 2015. Could the proliferation of fake Facebook accounts create a potential security threat to its new payment platform? 

To add additional security to Facebook payments, users can enable password protection for individual transactions by going to Payment Settings > Payments > Account Settings and enable a password prompt for each individual transaction, asking the user to re-enter their Facebook password to complete the transaction and offering protection from unauthorized access to open Facebook sessions.