A few months back I was doing some research on Venmo. Specifically, I was looking into how chargebacks work and the delay required before a transaction becomes permanent. The results were fascinating.
Venmo doesn't actually do chargebacks.
Unlike something like Paypal (who actually owns Venmo these days) Venmo operates on something of a skeleton crew. Transactions that happen on Venmo are permanent and do not get reversed by the Venmo team. However, there is one glaring exception.
Venmo only reverses transactions when they don't get paid.
This perhaps requires further explanation. Sometimes banks will extend their clients a temporary invisible line of credit in order to make user experience much better via instant gratification (Coinbase started doing this a year or two ago). When a user transfers money on Venmo, everyone wants that transaction to be instant. The sender wants the money to be sent instantly. The receiver wants the money to be sent instantly. Venmo wants this money to be sent instantly.
Wish in one hand.
One of these parties is going to be disappointed because that's not how banking works. Transferring money from a bank to somewhere else takes time. Banks are slow. Thus, Venmo bites the bullet and allows this money to be spent before they actually receive it from the bank. Venmo simply waits for the bank to post the transaction before it is confirmed (instant) and will extend the invisible line of credit to the user to be spent on Venmo.
Why does this matter?
Because anyone that wants to reverse a transaction on Venmo can't actually do it on Venmo (it's against their policy). Rather, to stop a transaction on Venmo the user needs to call their bank and hope the money hasn't posted yet. Then the bank itself cancels the posted transaction and Venmo never gets the money they allowed their user to spend. In essence anyone on Venmo can initiate a double-spend attack simply by calling their bank and telling them the transaction was fraudulent and to cancel it.
And that's when the Venmo skeleton crew wakes up.
Loss prevention at Venmo will see that they extended a line of credit to one of their users and a red flag goes up that they never got paid back, as the transaction from the bank was canceled. Now Loss Prevention at Venmo is forced to reverse the transaction. Usually they'll take the money back from the user it was given to.
There was actually a scam on Venmo (that Venmo greatly downplayed) where the scammer would send money to random users and send them a message:
Oh sorry I accidently sent you money, please send it back.
A simple enough request, right?
Well if the person does the "right thing" and sends the money back, guess what happens? The scammer can cash out the money instantly because of the line of credit that Venmo gives users. Then they call the bank and tell them to cancel the transaction. Venmo loss-prevention will then freeze the account of the person that got scammed and tell them they owe them however much money they sent. Isn't that fun? Classic double-spend hack.
All of these attack vectors are derived from the fact that Venmo extends this line of credit to users and allows them to spend money instantly.
And yet they still continue to do this. Perfect example of the power of instant gratification and user retention. Even though it opens them up to attack it's still totally worth it for them to offer the invisible line of credit.
Why are we talking about this?
Well it all boils down to the question if we can use payment apps like Venmo as an underground option for p2p crypto/fiat transactions. Hive already has Escrow smart contracts. Depending upon how much data can be scraped from Venmo server API depends on how easy it would be to set up p2p trades using Hive.
For example, if we could ping Venmo API and see usernames and accounts and how much money was in them, this process would be trivially easy. Of course the chance that all of this data is publicly available seems nil. But if it was we'd know that anyone carrying a balance directly in Venmo could make transactions that can't be reversed. That's powerful.
If the money is directly in Venmo (say $1000) then that user can send $1000 and basically everyone would know it would be impossible to reverse that transaction given Venmo's financial policy. Then the Escrow on Hive would immediately be unlocked and we could enable instant p2p transactions on Venmo. How crazy would that be?
Extremely noteworthy Venmo requirements.
What are the requirements for using Venmo? Well they SAY you need to be PSYCIALLY located in the USA. However... do they really block people using VPNs that are located in USA? I guess we'd have to test it. That's exactly how I'm able to access Mandala exchange (Binance). Spoofing an IP address to another country is not very difficult.
You must also have a phone that can send and receive texts... again there are many apps that allow one to do this. It sounds like it's allowed to use a burner phone on Venmo, which means theoretically one could be anonymous. Especially true if they are the ones selling crypto for fiat because the fiat will come from other KYCed users rather than their own bank account. From there the money can be spent without transferring to a bank account.
There are certain situations where users could provide services in exchange for money on Venmo, again rendering the account unidentified. Then they could cash out to something like Hive p2p trades and Venmo would be none-the-wiser. Of course who knows if this kind of activity would trigger some kind of red flag, but given that Venmo already operates on a skeleton crew that revolves around loss prevention... I doubt it.
It's also worth mentioning that avoiding getting identified isn't even a requirement for p2p trades, it's just crazy that it appears to be theoretically possible using such a highly regulated service.
Conclusion
Venmo does not reverse transactions unless they are forced to by the invisible line of credit they extend to users to enable instant transactions. Users who carry a balance directly on Venmo can be trusted to move money without the ability to contest the charge later. It's such a small basic thing but it's also very surprising compared to other banking solutions. Could crypto piggyback off of services like this and use them for underground p2p trades? That is yet to be seen, but it seems very possible in theory.
Posted Using LeoFinance Beta
Return from Shadowbanking on Venmo? to edicted's Web3 Blog
