Heimdal
article featured image

Contents:

Everyone has probably heard about PayPal. It’s a small world after all, and even smaller when it comes to choosing the best money-transfer application. They say that PayPal is Venmo and that Venmo is PayPal – is it though? Venmo started as an independent project, with the eponymous startup at the helm. Sniffing out the financial and marketing potential, PayPal bought the app for $800 million (not bad for a startup). Just like Revolut, Zelle, or Square Cash, Venmo allows the user to send money, receive money, pay bills, and conduct almost any type of financial operation. What about security? Is Venmo safe? Does the prodigal child bear the sins of the father (i.e., PayPal)? Legit questions each and every one of them and I’ll try to provide you with an answer as swiftly as possible. Enjoy and stay safe!

What is Venmo?

First, a bit of background on Venmo – the money-transfer app that would one day go head-to-head with the giants was conceived in the dorm rooms of the University of Pennsylvania. Iqram Magdon-Ismail and Andrew Kortina, the founders of Venmo, created the app simply because it had to be done. While helping out a friend to set up a yogurt shop, the two came to realize just how deficient traditional point of sales apps were at that point.

The story behind how Venmo came to be is quite riveting and thrilling and inspiring and you can read the whole thing here. Anyway, the idea of a one-tap, one-go money-transfer service got a great reception, bringing the two roommates over $1 million in under one year. Two years later, the product was bought by Braintree for $26 million. In 2013, PayPal looped in and, what happened next is anybody’s guess – Braintree’s slapped with a PayPal label and what started out as a shortcut to transferring cash over SMS soon became a product worth its weight in gold ($800 million to be precise).

As far as functionality is concerned, Venmo lets you perform any kind of financial operation. This includes paying back your family and friends, splitting bills, buy services and products from Venmo buddies, inviting people to share utilities, requesting payments from other Venmo users, and, my personal favorite, paying for takeout ordered from Venmo partners. The app has some very cool features like zero transaction fee, in-app track spending, social media integration, instant money transfer which became a feature around 2018, spending history, and the list goes merely on.

From where I stand, Venmo is a great alternative to traditional online banking – it’s free, easy to use, and has tons of great features; cross-compatibility is a big plus. So, why isn’t everyone ditching Revolut, PayPal, Payoneer, Zelle, Square Cash, or any other money-transfer apps they might be using and go for Venmo? Well, Venmo has its share of issues, some of them totally unrelated to cybersecurity. So, is Venmo safe? Remains to be seen. Let’s take this one step at a time.

Venmo’s Pitfalls

Yeah, I know it seems somewhat off-putting to talk turkey by speaking bull. Bear with me and you’ll understand why. The wrong choice of word managed to land the budding company in hot water. Back in 2018, PayPal-owned Venmo decided to market the product as having “bank-grade” security. Nothing wrong with over-emphasizing your product’s worth, but caveat venditor, because someone might choose to challenge those claims. And it did happen – the very same year, the Federal Trade Commission slapped Venmo with a lawsuit after an independent investigation uncovered that some of the company’s security-wise practices stood in violation of the Gramm-Leach-Bliley Act. You can read the ‘riot act’ on the FTC’s official page.

Unfortunately, this is not the only time Venmo made headlines, and not in a good way. While settling with the Federal Trade Commission, Venmo received a severe backlash from The Guardian. In a privacy-centric article, the US publication raised concern over some of the company’s practices. More specifically about the privacy protection option. So, the company used to encourage its customers to add a PIN to the Venmo account in order to increase security. What the customers did not know is that the privacy protection feature was not enabled by default; slightly off, considering the general emphasis on privacy.

To the misfortune of the common Venmo user, that wasn’t the only time the company made a faux pas.  The following year, both the EFF and Mozilla made another appeal against Venmo’s inaction. Although complaints were pouring in, the company was yet to fix the privacy issue. The two also signaled the fact that Venmo did not even bother to implement privacy settings for the friends’ lists. Instead of focusing on things that really mattered, Venmo was concerned about adding more emojis to the dashboard.

Yup, at that time, sending hug emoji or an alien face along with the payment was way more important than securing the app.  Well, as it turns out, this skeleton in the closet will come back to haunt the company. And it happened a lot faster than anyone would expect; 2018 ended in disaster for the effervescent Venmo. Due to the many privacy- and security-related issues, the company, and its customers became easy prey for scammers and black-hat hackers. Venmo reported losses amounting to over $40 million, which at that time meant almost 50% of its budget.

Is Venmo Safe?

The ‘occurrences’ I’ve just described are just the proverbial tip of the iceberg. What happens or happened below is an entirely different story. Ever since Venmo made headlines, it attracted the wrong kind of crowd. Taking full advantage of the privacy issues, the fraudsters have managed to scheme gullible clients without even much as lifting a finger. And what’s to lift when everything’s out in the open? Remember the investigation forefronted by the FTC? Among other findings, the Commission also discovered that Venmo made no efforts in obfuscating transactional data. As a result, all the money-transfer info (e.g., names, email addresses, account numbers, PINs, etc.) became public and could have been consulted by anyone and anywhere.

That’s one black ball for Venmo. But wait, there’s more. As you know, PayPal and other money-transfer applications offer some sort of warranty both on the buyer and seller side. Unfortunately, Venmo did not. As Andrew Bloomenthal of Investopedia pointed out, Venmo simply acted as a virtual middleman between the banks used by two users. Nothing more and nothing less; Venmo did not have any kind of failsafe meaning that everything depends on the buyer-seller ‘fiduciarity’.  That can only spell out disaster. And it did; there are numerous examples of people getting hoodwinked over Venmo. Probably the most (in)famous one is that of Kyle’, a sales representative from the States who lost $2,400 to a scammer that promised him some exclusive NBA tickets. You can read the full story on Slate.

The question still stands: is Venmo safe? Well, even though my depiction of the P2P money-transfer app may bleak, Venmo does its share of exceptional qualities. For instance, Venmo does not have any transactional fees (i.e., only applies to transactions funded with credit, debit, or Venmo account) and the transfer is almost instantaneous.

And ever since the FTC scandal, Venmo has really upped its security games, enforcing 2FA, posting out notices about how the user can improve his privacy, and, of course, adding a PIN. So, I would be inclined to say that Venmo’s just as safe as any other P2P money-transfer app, but that doesn’t mean you should fly in blindly.

Oh, and another thing – Venmo is great if all you’re looking for is a quick fix for your money-transferring needs (i.e., paying back a friend, checking out your purchases made from Venmo partners, etc.) but I wouldn’t use it for corp ops like payroll, acquisition, invoicing, and so on. You can still use it for day-to-day business payments, though. With that in mind, let’s see what you can do about securing your Venmo account.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

How to Secure Your Venmo Portfolio and Account

Ready to reinforce your Venmo digital wallet? Here are a couple of things you should know before opening up your first Venmo account.

  1. Extra security layers. If possible, switch on 2FA for your Venmo account. To be extra safe, you should choose your phone number over your email address.
  2. Check and double-check payouts. Upon receiving a payment request, you should double-check it. If the payment comes from a friend or someone you know, go ahead and give him or her a call. On the other hand, if the payment request comes from, let’s say, a vendor, make sure to check the official page.
  3. Employ extra cybersecurity protection. To ensure account privacy, make sure you’re using only the best security solution. For smartphone users, Thor Mobile Security is a great and lightweight choice to make sure that your private transactions remain private. Now, if you prefer the desktop version of Venmo, Heimdal™ Threat Prevention to cover all the other attack vectors (i.e. DNS, HTTP, or P2P transfers).
  4. Hit the ‘report’ button. In case of fraud suspicion, you should contact Venmo ASAP. You should also call your bank to report the transaction. For additional information about Venmo fraud, see the company’s Help Center.

Conclusion

Is Venmo safe? My answer would be: it’s as safe as any payment apps, including PayPal. Of course, no one can deny Venmo’s rather unsavory past, but every company has one. As always, stay safe, pay safe, question everything and everyone, and request additional details if something seems off.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE