Venmo: Convenience Over Security
Venmo is convenient and easy, but when considering its security and privacy, the app should be avoided.
‘Ready, Set, Pay,’ mobile payment service Venmo advertises on its website. Venmo is an app operated by PayPal that is available for both iOS and Android mobile devices. The app provides a ‘simple and convenient’ way for users to make and receive payments. It is the epitome of today’s modern society.
But with its easy accessibility, it has many deficits and issues within its security and privacy. Users should refrain from using the app entirely as their privacy and security shouldn’t be up for grabs.
Venmo is convenient. That is what draws users to the app. Payments are made both swiftly and easily from one’s smartphone. However, the pressing question of whether that convenience outweighs the need for privacy and security begs an answer. Venmo has been prone to issues, according to Consumer Affairs, from users being locked out of their account, to mystery payments made without the user’s knowledge.
When receiving a transaction through Venmo, users assume that when a transaction says it is complete, that is the truth. Venmo even states that it is impossible to cancel a payment. However, that statement fails to account the possibility of payments being declined, voided or disputed by a user’s credit card. This possible error serves as a goldmine for scammers. Con artists utilize users’ confusion when it comes to purchasing items. With the assumption that the payment has been received, users relinquish the sold item only to discover the payment has later been redacted.
Researcher Hang Do Thi Duc recently released a project in which she exposed Venmo’s shocking privacy settings. Venmo users’ transactions and messages are public to all as the default setting. Through accessing data through Venmo’s public API, Hang discovered that there were approximately 208 million public transactions on Venmo in 2017 alone.
To demonstrate this danger and breach of privacy, Hang gave a very detailed account of the transactions of five unsuspecting users. Each revealed detailed and sensitive information into the lives and purchases of these people. From the numerous transactions of a cannabis retailer operating out of Santa Barbara to a married couple’s long journey with paying off their extensive debt, everything they had assumed that would be private was available for the world to see. These public transactions gave a window into the routines and habits of their everyday lives.
The Federal Trade Commission released a complaint against Venmo in March 2016. The complaint cited that Venmo had misled users on multiple accounts in terms of privacy, security and reliability. The FTC concluded that Venmo was in violation of the Gramm-Leach-Bliley Act’s Safeguard Rule and Privacy Rule. Venmo failed to implement safeguards within the app to protect customer information and they failed to deliver the required privacy notices to users. Their violations presented a false sense of security to users when in reality their information and transactions are and have been at risk. The FTC noted that Venmo didn’t fully disclose with its users what was public with their accounts and the true extent of their security. Venmo and the FTC reached a settlement over the numerous allegations of violations in Feb. 2018.
Venmo claims now to be improving its security, but issues within the app remain. The Mozilla Foundation, developers of the web browser Firefox, recently has pushed for Venmo to make its settings private by default, but Venmo has failed to respond.
Venmo’s trustworthiness comes into question as the rise of digital purchases engulfs our society. Venmo is convenient and easy, but users should not completely trust the app’s security. The trend towards digital payment is tempting, but trusting in these third-party apps only makes users susceptible and vulnerable to financial adversities.