Venmo Issues Apology for Security Shortcomings

Venmo has responded to concerns about its security and customer support in a note of apology to users on its blog.

The popular mobile payments app, owned by eBay’s PayPal, began facing questions about its security and support systems earlier this week after I published a story in Slate about a user who had $2,850 stolen from his Chase bank account through the app. The story also documented structural weaknesses in Venmo’s approach to security, including its lack of two-factor authentication and poor customer communication practices. In a somewhat terrible response to those concerns, Venmo CEO Bill Ready said earlier on Friday that the company has preferred not to alert its users to possible instances of fraud because “in many of these cases, we want to handle it seamlessly so we’re working behind the scenes.”

Venmo didn’t respond to multiple requests for comment for my initial story, or to follow-up inquiries I sent today, but late this evening passed along a link to its blog post. “We never want you to be disappointed and we’re sorry if that’s been the case,” Venmo general manager Michael Vaughan writes. “Our support team is the lifeblood of Venmo and we aim to be the biggest advocates for you. As we grow rapidly, we are working diligently to keep the level of service you should expect, and we’re hiring more people to work in support (if you are interested in joining us).” As of November, Venmo had about 70 employees; PayPal has more than 10,000.

“I want to assure you we are continuously improving product and security measures,” Vaughan writes in the post, which documents a number of the company’s security practices and explains steps that users can take on their own to prevent theft. “We have a bunch of things we’ve been working on and we’ll share more of those with you soon. While we know that we measure up favorably against the industry standards for fraud prevention, we aren’t sitting back.”

You can read the full post at Venmo’s blog. And, if you missed it, the original Slate story is here.