P2P payment feature hidden in Facebook Messenger

Pierluigi Paganini October 08, 2014

The student Andrew Aude discovered a still unreleased feature for payments of Facebook Messenger by using the iOS and Mac OS X hacking tool Cycript.

Facebook is preparing to enter the world of mobile payments according to a recent report published by Techcrunch. The student at Stanford, Andrew Aude discovered a still unreleased feature of Facebook Messenger by using the iOS and Mac OS X hacking tool Cycript.

In reality the presence of payments feature in Facebook Messenger code was first discovered by another security researcher, Jonathan Zdziarski a few weeks ago.

The youngster disclosed its discovery on Twitter last Saturday, he posted screenshots of the payment functionalities implemented by the IT giant for its Facebook Messenger. Aude explained that Facebook Messenger users will be able to pay in the same users of Square’s Cash app allows users to send money with their debit card via their mobile phone.

“The messenger’s payment option lets users send money in a message similar to how they can send a photo. Users can add a debit card in Messenger, or use one they already have on file with Facebook. An in-app pincode also exists for added security around payments. It’s unclear whether Facebook will monetize Messenger by charging a small fee for money transfers, or offer the functionality for free to drive usage of its standalone chat app.” states a blog post from Techcrunch.

payments feature hidden in Facebook Messenger

The introduction of payments capabilities into Facebook’s messaging app has been anticipated many times, but no one has never demonstrated their existence. IT experts sustain that a Facebook has boosted the design of the new feature  hiring the former PayPal president David Marcus back in June.

Aude conducted various tests on the feature uncovered, he confirmed that was only able to get debit cards to work with the system, in time he made the tests banks accounts and credit cards were not accepted for the payments.

“Based on my understanding of the debit interchange rates, each transaction will cost Facebook roughly $0.40 to $0.50 (Durbin swipe fee + ACH fee),” Aude told the site. ” The app didn’t mention a fee to send, so it’s probably free, at least initially. Over time they might add a $1 fee.”

Another hypothesis is that Facebook will provide the service free of charges to stimulate the use of its Facebook Messenger app instead its competitors like Apple iMessage, Tencent’s WeChat and Google Hangouts.

Aude also discovered a note in the code that indicates the functionality will initially only allow one-to-one transactions.

“In the short term, we will only support single payment attachment,” reads the note in the code discovered by Aude. “Multiple payment attachments will be supported in the future”

Aude, who says he believes the feature might be rolled out in the next few months, also found another note in the code that indicates the feature will initially only allow one-to-one transactions.

“In the short term, we will only support single payment attachment,” reads the note in the code discovered by Aude. “Multiple payment attachments will be supported in the future.”

Aude highlighted the simplicity of the payment process developed by Facebook engineer, users can authorize a payment simply pushing on a button, then enter the amount to transfer, and send it. Another interesting consideration made by the student is that Facebook seems to maintain the transaction private and doesn’t publish anything about it to the News Feed.

Facebook did not commented the post.

Pierluigi Paganini

(Security Affairs – Facebook Messenger, payments)



you might also like

leave a comment