stop freaking out

Maybe I’m just a dumb millennial, but I’m going to keep using Venmo

Venmo, a mobile payment app popular among college students and recent grads, has security holes “you could drive a truck through,” according to an article posted on Slate this week. The report was largely based on one man’s story about how a grifter was able to steal $2850 from his account before he was ultimately reimbursed.

The fact that Venmo doesn’t offer two-factor authentication is indefensible, so I won’t defend it. But I’m also not going to delete the app off my phone and cancel my account.

Still using venmo

In fact, I used Venmo last night — as I do fairly often — to reimburse my girlfriend for a magazine she bought for me because I didn’t have cash and it was the easiest way to pay her back. (Ostensibly I wanted the March issue of Vogue for the Apple Watch spread, but I was most interested in the cover story about Taylor Swift and Karly Kloss.)

I’m not going to stop using Venmo because its security is actually appropriate for the service it provides. In fact, I think it’s much more likely that my insecure magnetic credit card will get swiped by an ATM skimmer or through a security breach at a store like Home Depot. It’s simply not worth giving up Venmo’s convenience. And based on the number of transactions I saw in my Venmo social feed from last night, my friends agree.

Sure, Venmo might not have FDIC or credit card consumer protections, but it is legally required to help its customers recover funds from unauthorized transfers. One of the scariest details in the Slate story is that you have two business days under Venmo policy to contact the company after you spot fraud in order to limit your liability to $50 — even if the fraudsters stole close to $3000 (Venmo’s monthly limit.) After that, you could lose up to $500.

But those scary-sounding consumer protections aren’t exclusively Venmo policy — they stem from federal policy that covers unauthorized transfers for debit cards as well as smartphone transaction services like PayPal and Chase QuickPay. It is likely no different than what your bank offers for electronic transfers.

From the Federal Reserve’s regulation E:

Reg E unauthorized transfers

Plus, it’s in Venmo’s interest to make sure its customers aren’t paying for fraudulent charges. Fraud is not part of its business model — in fact, fraud almost certainly leads to Venmo losing money, either because it has to pay or through bad PR. (If you’re a Venmo user who has had thousands of dollars stolen from you and you haven’t been made whole, I’d love to talk to you. Email me.)

Here’s the statement Venmo gave me:

At Venmo, our most important job is to protect our customers and provide a safe experience. We are continuously improving product and security measures but there is always more to do. We have teams dedicated to fraud prevention, customer support, and operations working tirelessly behind the scenes, and we always guarantee our users’ funds. Our customers put their trust in us and we take that responsibility seriously.

Just this morning, I changed the password on my account and immediately got an email from Venmo alerting me to the changes. It’s not perfect: A request to change email ended up sending a message requesting I verify the new email address, but nothing to my old one saying it had been changed.

One real issue is that Venmo’s support line is an email address and it doesn’t get back to customers quickly. Venmo clearly needs to improve that, but the fact that it doesn’t offer a phone line actually seems like a good thing to me, because it means a slick social engineer can’t get a call center employee on the line and sweet-talk him into giving up personal information.

Ultimately, I’m going to keep using Venmo for a few reasons:

  1. All my friends are already using it. If I’m trying to pay someone back for, say, a beer at a bar, I usually don’t need to ask her to download an app.
  2. It works and it’s easy — I’ve made hundreds of transactions and I haven’t had a problem yet. If I do, I feel confident in predicting that Venmo will eventually make it right.
  3. When you link it to a bank account, it’s free to both pay people and cash out.

If you’re really worried about security, you can unlink your bank account, as some of my colleagues have done. I added a PIN to my Venmo app — locking it with my fingerprint on my iPhone — but that seems superfluous because you need my PIN to get access to the phone’s contents in the first place. And when Venmo introduces two-factor authentication, I’m going to turn that on too. But I’m going to keep using Venmo, and frankly, I’m going to keep publicly posting many of my transactions.*

*For the record, I’ve labeled many Venmo memos as “drugs,” but never actually for a transaction that included drugs.

5:40PM: This article has been corrected to clarify the emails that Venmo sends when account settings are changed.

11 Responses to “Maybe I’m just a dumb millennial, but I’m going to keep using Venmo”

  1. Keith Hawn

    “One real issue is that Venmo’s support line is an email address and it doesn’t get back to customers quickly” … um, do you know any app business that has a shred of an idea what “customer service” means? It’t the Sillycon Valley way = “screw the customer”

  2. Eve Sorenson

    What this article mostly makes me wonder is why the author is paying back a “friend” for a beer or his “girlfriend” for a magazine? Just catch them the next time around.

  3. loopyduck

    “in fact, fraud almost certainly leads to Venmo losing money, either because it has to pay or through bad PR.”

    And as we all know, since PayPal has to deal with the same consequences when it comes to fraud, PayPal has become a model company when it comes to fighting fraud and making its users whole.

  4. David Gerbino

    All the person to person payment apps are great. It always comes down to what your friends use. Venmo was my first but I also use, Google Wallet, Moven, Square Cash, PayPal and Chase (for two friends who will only use Chase). I have others but the ones I listed are top of mind for me.

    Disclaimer: I live very far north of the Venmo Line

  5. I prefer square cash for 3 reasons:
    The $5 add a friend incentive. (I’ve made a good $50 in the past month)
    It puts the money directly in your bank account.
    It uses Touch ID… Who doesn’t love authorizing stuff with your own unique print? ^_^

  6. :applause:
    That Slate article was dumb. Obviously if someone accesses your password for something, they’ll try it against other accounts. And the person never lost any money.