After Reports of Account Breaches, Venmo Says It’s Adding More Security Features


Venmo has announced a major update to its account notifications. To improve account security, the popular mobile payments app plans to begin alerting users via email whenever there are changes to the primary email address, password, or phone number on their accounts. The company also said Monday that it is “working to be more responsive” to support inquiries from its users and will introduce multifactor authentication in the coming weeks.

The changes come a few weeks after Slate reported on several apparent flaws in Venmo’s security and support systems—among them, that changes to passwords and emails made from within an account did not trigger any kind of alert. The absence of those notifications played a key part in letting hackers gain access to and steal thousands of dollars from unsuspecting Venmo users in at least two instances. Those users and others also complained that Venmo, which currently routes all its support inquiries through either an online form or a generic email account, was slow to respond to urgent queries. Katie Uhlman, a spokeswoman for Venmo, said the company didn’t have any comment to add beyond what was said in a blog post on the changes.

Assuring users that their accounts and finances are secure is crucial for Venmo, which handled $700 million in payments in the third quarter of 2014 and aspires to be the dominant mobile payments app in the U.S. The company has a unique challenge in building an app that is at once social and “frictionless” to use, but also adequately secure. After all, the more security layers you add to just about anything, the less easy and fun it becomes to use. At a time when people seem frighteningly apathetic about huge data breaches, it shouldn’t be surprising that Venmo had previously prioritized simplicity and intuitive design over complex security features. It looks like that’s finally starting to change.