Security & Fraud

Instagram Invites Security Experts To Hack Its Checkout Feature

Instagram is inviting a group of security researchers known as white hat hackers to stress-test its Checkout feature before it launches outside the United States.

Launched in March, the checkout feature enables consumers to purchase desired items while looking at “beauty tutorials,” images of shoes and fashion or other interest areas, with less hassle than would have been the case prior to the launch of the eCommerce tool. Checkout by Instagram includes participation by PayPal and its retail partnership program.

“Instagram is a place for people to treat themselves with inspiration, not a place to tax themselves with errands. It’s a place to experience the pleasure of shopping versus the chore of buying,” the company said at the time.

While Instagram has assured users that Checkout payments are secure, adding that it never shares payment information with sellers and keeps financial information on secured servers. However, it is still asking for researchers to search for any vulnerabilities before cybercriminals can find them and use them to their advantage.

According to CNN Business, the researchers will get early access to the global feature and earn rewards for eligible reports. The rewards can go up to $40,000 per case.

Instagram’s parent company Facebook launched its bug bounty program in 2011. The social media giant previously gave a select group of researchers early access to FB5, which is the site’s redesigned look that it unveiled earlier this year. And last year, it created another program focused on data abuse following the Cambridge Analytica data abuse scandal.

For Instagram, the launch of its Checkout feature represents its latest move to become more of a player in eCommerce. Also in March, the platform rolled out a trial of a new shopping program where users can shop and check out within the app.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.