Top Five Venmo Security Problems – Does Your Digital Payment Service Have Them, Too?

* * *

Today’s post is brought to you by yet another unannounced $6.99 sale on SD Amazon Instant Videos, featuring many Oscar winners and box office hits. Advertisers make it possible for Digital Media Mom to bring you great content each day for free, so thanks for your support.

* * *

Venmo is the hip new electronic payments service owned and operated by PayPal, which in turn is owned and operated by eBay. Venmo has been generating buzz and gaining in popularity ever since it launched, but the convenience of being able to use the Venmo mobile app to instantly transfer funds to pretty much anyone with an email address or phone number may not be worth the risks. Last July the California Department of Business Oversight ordered Venmo to address twenty different security and operational problems. Here are the top five that are of most concern to consumers.


1. No Telephone Support, Slow/Nonexistent Email Support

Hard as it is to believe, Venmo offers NO telephone customer support. Would you ever open a bank account with a bank that had no customer service phone number? Neither would I, but this major lack doesn’t seem to be bothering all of the million-plus people who’ve signed up for Venmo.

They may be thinking Venmo’s email support is sharp and speedy enough that phone support is unnecessary, but as Slate reports, they’re wrong:

Peruse replies to the @VenmoSupport Twitter feed and you’ll find plenty of users complaining that the company has not answered their emailed requests for assistance.

Interestingly, since that Slate piece ran on 2/25/15, Venmo’s Twitter response times have dramatically improved.

2. No Customer Alerts For Account Changes Like Password & Email Address

As one unfortunate Venmo customer learned recently (details in the Slate article linked above, and articles linked at the end of this post), Venmo does not notify its customers when their passwords are changed or when the email address on file for the user is changed. The customer woke to an alert from his bank about a suspicious $2850 Venmo transaction.

It turned out that some thief had broken into his Venmo account, changed the associated email and password, then sent himself a “payment” of $2850 from the Venmo account. Had it not been for the bank’s security protocols, this customer might not have known about the fraud for days.

3. No Two-Factor Security Verification

Two-factor authentication requires the user to provide two different, separate forms of identification to prove their identity, and it’s fast becoming standard all across the web. When you’re asked to provide your username and password and are then required to also answer a security question, provide a security code the company sends to your phone or email, etc., that’s two-factor authentication. It greatly reduces the risk of fraud.

Venmo doesn’t have it.


4. Two-Day Fraud Reporting Window

As reported on Slate:

What’s not noted on the [Venmo] security page—but is buried in section C, part 1, small letter n, roman numeral iv of Venmo’s user agreement—is that you should [report any suspicious activity] immediately, because if “you contact the Company within two Business Days after learning of the loss or theft, then your liability shall not exceed the lesser of $50.00 USD or the amount of unauthorized transfers that took place on your account before you provided notice to the Company.” After two business days, your liability can jump as high as $500, per Venmo’s terms.

Given Venmo’s lack of phone support and notoriously slow to nonexistent email support, there’s some doubt as to where Venmo would draw that two-day cutoff line but even if they’re willing to go by the date you initially emailed them, two days is a ridiculously short fraud reporting window.

5. Venmo Users Encouraged To Link A Bank Account FIRST

When it comes to linking accounts to a digital payment processor, the order of account type relative to risk should be credit card (lowest risk, due to card companies’ stringent fraud protection policies), debit card (higher risk, due to more lax fraud protection and frequent requirement that user supply BOTH the card number and PIN), bank account via routing and account number (highest risk, because anyone with access to your account also gets access to your bank account and can completely drain it before you even know there’s a problem).

Venmo has put a lot of effort into making sign-up as fast and easy as possible, giving security concerns short shrift as a result. Venmo’s new user checklist prompts users to “Link your bank,” “Add a [credit] card,” and “Increase your spending limit.” Most users are unaware of the hierarchy of risks involved and will just go right ahead and link a bank account because that’s the first item on the list. The fraud victim I mentioned in item #1 above had linked his bank account, and as a result Chase told him he had no choice but to close the account and open a new one because the thief now had both the routing number and account number for the compromised account.

Increasing their transaction limits leaves Venmo users open to bigger thefts.

There’s no way I would ever use Venmo or any service like it with major security problems like these, and neither should you.

I’m not the only one saying these things – here are some links for further reading on Venmo’s security problems from Lifehackerengadget and Naked Security.

* * *

And now, a word from our sponsor…

This unannounced $6.99 sale on SD Amazon Instant Videos has a surprising number of hugely successful and award winning films, such as:




That’s just the tiniest sampling of all the great stuff you can find, so be sure to check out the unannounced $6.99 sale on SD Amazon Instant Videos today because prices on Amazon are subject to change at any time.

* * *

* * *

Tip of the Week: Bookmark These Hard-To-Find, Crucial Amazon Links

* * *