It’s no secret – USLAW can host a great event. Throughout the year, we have a full… Continue Reading
Does Your Venmo Account Make You the Next Hacking Target?
POSTED AUGUST 10, 2016
A special to USLAW NETWORK and USLAW DigiKnow
By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey
Earlier this year a web developer from New York City woke up to a notification from his bank that nearly $3,000 was about to be transferred from his account through the popular payment app, Venmo. The web developer, like many young people, was a Venmo user who used the app to transfer and receive money, to and from other users, as a way to “quick pay” for everyday things.
However, when the web developer tried to login to his Venmo account to stop the transfer, he noticed that his password did not work. When he tried to reset his account, he found that many of his settings were changed, including his password, and worse, his account had been linked to a new device which had initiated the nearly $3,000 transfer directly from his bank to an account he did not recognized, using the popular app. All of this was done without a single notification from Venmo. And if that was not bad enough, Venmo did not respond to the web developer’s four emails for over 24 hours!
Venmo, an on-the-go, mobile-app offshoot of PayPal, makes transfers of money between users simple and easy. The app connects to a user’s credit card, debit card or bank account, and with a click of the button, can send payments to any other Venmo user directly from the linked credit card, debit card or bank account. The app also has some social media features as you can link it to your Facebook account and Venmo comes with a “Twitter-like” stream, where users can see who is paying who, and for what. Though, the payment amounts are not shown.
The simplicity and social media aspect of Venmo however, can make users of the popular app targets to be hacked just as the web developer was. Worse, after Venmo updated its security settings of the app, there are still some serious security issues that can leave many Venmo users vulnerable. Below are some tips that can help shield you from becoming the next hacking target.
Set a very strong password on your Venmo account and logout every time you use the app!
- A strong password has many characters, uses a mixture of uppercase and lowercase letters, numbers, and special characters, and doesn’t use unaltered names, birthdays, or dictionary words. Another good option is using passphrases as your password.
- Although Venmo makes it hard for users to logout, which in turn makes many users stay logged in, even when they are not using the app, make sure you logout every time! To logout of Venmo, click the three horizontal bars in the top left corner, select Settings, scroll to the bottom, and select Sign Out. An extra safety note that could help: while using the app, you can also set a pin for that session. With the pin in place, every time you stop using the app or the device goes to sleep, you must enter the pin to regain access to your account.
With Venmo’s recent security update, you will now receive an email if your password, email, or phone number are changed. Adding more notifications will help you monitor for any suspicious or fraudulent activity on your account.
- Some notifications that you should keep on and monitor are: Payment Received, Payment Sent, Bank Transfers to Venmo Completed, Venmo to Bank Transfer Requested, Login Attempted, and Added Remembered Device. You can do this by going under Settings à Alerts and Notifications.
Venmo gives you the option to connect your account to a credit card, debit card, or bank account, which can be the most dangerous option!
- The safest way to use Venmo is keep a small balance, like $50, in your Venmo account itself and do not link that account to credit cards, debit cards or your personal bank account. If you need to make a payment that is greater than $50, you can always link a credit card, debit card or bank account to your Venmo account to make the payment under Settings à Banks and Cards, but then remove the credit card, debit card or personal bank account immediately after you make the payment.
Because Venmo transfers act like a check, as they are not instant, only send and receive Venmo payments with friends and people you know!
- If you use it with a stranger, they could easily “pay” you for a good or service but then cancel the transaction while it is still pending.
Be very careful with Venmo’s social media aspects, such as the newsfeed that tells the “world” when you make and receive a payment through the app.
- To stop this exposure and keep your payment activity private select Settings à Privacy & Transactions and change your “audience” to only you and the other person by clicking this field and selecting Only Participants. That way only you and the other person involved with the transaction will see the transaction. On this page, you can also make it so other people cannot share transactions involving you and make your past transactions visible only to friends or to no one.
Lastly, Venmo has an extremely limited support staff; therefore you should probably not depend on Venmo to help against fraudulent and suspicious activity quickly.
- In case of fraud or suspicious activity, you should immediately contact your bank, change your password, and then attempt to contact Venmo.
- You should try to contact Venmo as soon as you find out about the fraud because it will limit your liability, (you can only be liable for $50 of the fraudulent transfer if you contact Venmo within 48 hours) but still rely on your bank.