Facebook Pay Is a New Name for What Facebook Was Already Doing With Your Data
The initiative highlights how confusing the connections between Facebook’s various payment systems have been until now
Facebook announced a new feature this week that will allow customers to make transactions using the same payment method across Facebook, Instagram, and WhatsApp. In the process, it inadvertently revealed what a mess Facebook payments have been up to this point.
In a statement to CNN Business, Facebook’s vice president of marketplace and commerce Deb Liu explained that part of the reason for this initiative, called Facebook Pay, was to “make sure that it’s really clear to people — that they have an understanding that these are unified products.” Like Apple Pay, the whole Facebook Pay system will have one banner, so users always know who’s getting their info and how it’s used.
This sort of clarity has been sorely lacking in Facebook’s various disparate and disconnected payment systems up to this point. Facebook has been dabbling in users’ financial information as far back as 2015, when it first allowed users to send money to each other through Messenger. Since that time, the company has made it possible to go shopping and donate to fundraisers on its platform, while separately launching similar shopping features on Instagram. All of these features require some payment system for Facebook and its partners to process sending money from one party to another.
By merging all of its payment systems under one banner Facebook is attempting to do out in the open what it has sometimes done behind the scenes.
Prior to Facebook Pay’s rollout—which is still ongoing—the connection between Facebook’s various payment systems could be confusing. For example, if a Facebook user inputted their credit card information while donating to a fundraiser, Facebook Messenger would autofill that information later when they sent money to a friend. This connectivity sort of makes sense, as both fundraisers and Messenger are branded Facebook properties. But sending money to friends and donating to a fundraiser are very different actions, and it’s easy for a user not to connect them.
Things get further complicated when it comes to buying event tickets on Facebook. Organizers can use Facebook to sell tickets to concerts, parties, or whatever they’re hosting. In some cases, the option generates a link that will lead to a third-party website, but earlier this year Facebook partnered with Eventbrite to sell tickets. Event organizers can choose to use Eventbrite to manage and sell tickets directly from the Facebook website or mobile app (though customers still see the label “Tickets by Eventbrite”).
If a Facebook user buys tickets through this interface, their payment method will be saved to their Facebook profile and show up when they donate to fundraisers, send money, or buy tickets to future events through Facebook. Curiously, Eventbrite’s site will have records of the tickets a user bought through Facebook, but won’t have the user’s payment method stored. Eventbrite, it seems, handles the tickets, but Facebook handles the payments.
There’s little indication when buying tickets through Eventbrite on Facebook that a user is consenting to Facebook storing their payment info forever. While selecting tickets, there’s a big blue “checkout” button and a smaller, less noticeable “or purchase on Eventbrite” link. During checkout, there’s no “save this card for future purchases” button, an option offered by stores like Etsy and even Eventbrite’s site itself. Facebook just does it. And there’s only a small gray link to some Terms of Service documents that confirm Facebook will be authorized not only to store payment info, but also to use third-party services to make sure that payment info stays up-to-date.
It’s not impossible to tell that Facebook is storing your payment info, but it’s not like there are big neon signs announcing it, either.
Payment systems are a little more segregated when it comes to crossing from Facebook to Instagram, but there’s still room for confusion. In my test, I was able to buy something on Instagram without having payment info show up on Facebook and vice versa. However, while connecting my PayPal account to Instagram, PayPal’s checkout system included the following consent disclaimer (emphasis original):
“I want to use [bank account number] for automatic PayPal payments across Facebook’s products and platforms in accordance with Facebook Inc’s policies.”
This was the clearest indication I saw that my payment information would be used by Facebook for anything more than this one transaction. I didn’t initially understand whether the warning meant my PayPal account would show up as an option in Facebook — I later found that it didn’t — or just be stored for future use on Instagram, which it ultimately was. Either way I found it strange that PayPal was more forthcoming about my data than Facebook was.
There’s reason to be concerned that Facebook would use payment data in a way that users don’t expect. In 2018, TechCrunch revealed that when users attached a phone number to their account in order to enable two-factor authentication — a vital security feature that can protect your account if someone steals your password — Facebook allowed advertisers to run ads against that number. That number would also be shared with Instagram and WhatsApp. By combining data behind the scenes, Facebook inadvertently undermined trust in a security feature meant to underscore trust.
By merging all of its payment systems under one banner, and making it clear to users which payment system they’re using when that happens, Facebook is attempting to do out in the open what it has sometimes done behind the scenes. Payment info added through Instagram or WhatsApp will now clearly be going to Facebook. And according to the company’s announcement, users will be able to determine in which apps their payment information appears. Unfortunately, it’s still hard to determine how much data Facebook had already shared before the Facebook Pay announcement, and what they might not be as forthcoming about in the future.
