Millions of Venmo transactions scraped in warning over privacy settings

A computer science student has scraped seven million Venmo transactions to prove that users’ public activity can still be easily obtained, a year after a privacy researcher downloaded hundreds of millions of Venmo transactions in a similar feat.

Dan Salmon said he scraped the transactions during a cumulative six months to raise awareness and warn users to set their Venmo payments to private.

The peer-to-peer mobile payments service faced criticism last year after Hang Do Thi Duc, a former Mozilla fellow, downloaded 207 million transactions. The scraping effort was possible because Venmo payments between users are public by default. The scrapable data inspired several new projects — including a bot that tweeted out every time someone bought drugs.

A year on, Salmon showed little has changed and that it’s still easy to download millions of transactions through the company’s developer API without obtaining user permission or needing the app.

Using that data, anyone can look at an entire user’s public transaction history, who they shared money with, when, and in some cases for what reason — including illicit goods and substances.

“There’s truly no reason to have this API open to unauthenticated requests,” he told TechCrunch. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”

He published the scraped data on his GitHub page.

Venmo has done little to curb the privacy issue for its 40 million users since the scraping effort blew up a year ago. Venmo reacted by changing its privacy guide and, and later updated its app to remove a warning when users went to change their default privacy settings from … Read the rest

Luxembourg to get €100M investment from Chinese payments startup Pingpong

For financial services firms looking to enter Europe, Luxembourg has historically been a popular anchoring point for its political and economic stability as well as a favorable regulatory environment. Another bucketload of capital is coming to the country after Chinese fintech startup Pingpong announced to invest more than €100 million ($113 million) in Luxembourg in the coming years.

Founded in 2014, Pingpong has been celebrated by its home city Hangzhou — also Alibaba’s backyard — as a pioneer in the country’s booming cross-border ecommerce sector. Backed by one of China’s largest investment banks CICC, the startup collects payments for Chinese exporters selling through Amazon, Wish, Shopee, Newegg and some other 14 ecommerce platforms around the world, which means clearing local regulatory hurdles is key to its business.

Its European ambition does not stop with Luxembourg. Luo Yonglong, a partner at Pingpong, said at a Saturday event that within three years, the company’s accumulative investment on the continent will exceed 50 billion yuan (€6.39 billion or $7.21 billion).

Pingpong unveiled the proposed infusion at the weekend event centered around the Chinese government’s Belt and Road Initiative, of which Luxembourg is a member. The financial injection provides clues to the role that private businesses play to help China link up more countries to BRI. It also seems like a timely boost to the alliance between the two countries, arriving just three months after Luxembourg agreed to join China’s ambitious global infrastructure program, and at a time when China’s trade tensions with the U.S. run high.

Pingpong’s tie-up with Luxembourg dates further back to 2017 when it secured a payments license in the putative financial gateway of Europe, thus giving it access to facilitate payment transactions between Chinese merchants and consumers throughout the continent.

“We are actively following the country’s Belt and Road … Read the rest

A young entrepreneur is building the Amazon of Bangladesh

At just 26, Waiz Rahim is supposed to be involved in the family business, having returned home in 2016 with an engineering degree from the University of Southern California. Instead, the young entrepreneur is plotting to build the Amazon of Bangladesh.

Deligram, Rahim’s vision of what e-commerce looks like in Bangladesh, a country of nearly 180 million, is making progress, having taken inspiration from a range of established tech giants worldwide, including Amazon, Alibaba and Go-Jek in Indonesia.

It’s a far cry from the family business. That’s Rahimafrooz, a 65-year-old conglomerate that is one of the largest companies in Bangladesh. It started out focused on battery manufacturing, but over the years its businesses have branched out to span power and energy and automotive products while it operates a retail superstore called Agora.

During his time at school in the U.S., Rahim worked for the company as a tech consultant whilst figuring out what he wanted to do after graduation. Little could he have imagined that, fast-forward to 2019, he’d be in charge of his own startup that has scaled to two cities and raised $3 million from investors, one of which is Rahimafrooz.

Deligram CEO Waiz Rahim [Image via Deligram]

“My options after college were to stay in U.S. and do product management or analyst roles,” Rahim told TechCrunch in a recent interview. “But I visited rural areas while back in Bangladesh and realized that when you live in a city, it’s easy to exist in a bubble.”

So rather than stay in America or go to the family business, Rahim decided to pursue his vision to build “a technology company on the wave of rising economic growth, digitization and a vibrant young population.”

The youngster’s ambition was shaped by a stint working for Amazon at its Carlsbad … Read the rest

India unseats China as Asia’s top fintech funding source

China’s massive fintech industry took a beating in recent months as the government continued to wind down online lending nationwide, rattling investor confidence.

Funding for fintech startups shrank 87.6 percent year-over-year to $192.1 million during the first quarter of 2019, a new report from data provider CB Insights shows. India, which recorded $285.6 million raised for fintech startups in the period, overtook China to be Asia’s top fundraising hub for financial technology. Both countries clocked in 29 fintech deals, suggesting a cooling investor sentiment in China which saw its height of 76 deals just three quarters ago.

Chart: CB Insights

The plunge in China has followed on the heels of tightened regulation around online lending, suggests CB Insights . Over the past few years, China has rolled out a flurry of measures to rein in financial risks arising from its fledgling online lending industry. Peer-to-peer lending, which matches an individual looking for a loan with someone looking to invest, has been the top target in a wave of government crackdowns.

This kind of service offers credit to unbanked individuals who cannot otherwise get loans in a country without a mature unified credit system. But a lack of oversight led to rampant frauds across the board. Thousands of peer-to-peer lending sites shut down due to increased regulation, which is estimated to leave as few as 300 players on the market by the end of 2019, Shanghai-based research firm Yingcai forecasted.

Like China, India’s enthusiasm for finance technology is in part a result of the country’s lack of financial infrastructure. Lending startups are gathering steam as they, like their Chinese counterparts, tailor services to the country’s large unbanked and underbanked consumers and enterprises. Moves from tech leaders are also set to send ripples through the rest of the industry. Amazon finally followed … Read the rest

Amazon Pay launches peer-to-peer payments in India

Continuing its investment in India, Amazon today announced the launch of person-to-person (P2P) payments via Amazon Pay for Android users in the country. Customers can now make instant bank-to-bank transactions through the UPI platform on the localized version of the Amazon app, allowing them to settle bills and other expenses with friends, lend or return money to family, pay for services and more. Notably, the new P2P service also will allow customers to make payments from their bank account to local stores or to Amazon delivery associates at the doorstep, who will scan a UPI QR code within the Amazon app.

The service is built on the Indian government-backed UPI platform, which is regulated by the Reserve Bank of India, and is designed for instant transfer of funds between bank accounts using a mobile device. With the Amazon Pay service, customers can either send or receive P2P payments by choosing a contact from their phone’s address book or by entering their UPI ID or the recipient’s bank account.

When a contact is selected, Amazon’s app will automatically detect if the person is a registered Amazon Pay UPI customer and enable the bank transfer. If the contact is not registered for Amazon Pay UPI, the customer then has the option to pay through another BHIM (Bharat Interface for Money) UPI ID or the contact’s bank account, as an alternative.

Amazon Pay also allows customers to make repeat payments more easily by displaying their recent transactions. And all the payments are secured through multi-factor authentication involving the customer’s phone number, SIM details and the UPI PIN, says Amazon.

When the money is transferred, both the customer and the recipient are notified through in-app notifications and SMS alerts.

“Our goal is to make Amazon Pay the most trusted, convenient and rewarding way … Read the rest