Kyle didn’t think twice about the buyer’s request. It was mid-June, and he had posted four tickets to Game Four of the NBA Finals on Craigslist. When the buyer, Michael, said he preferred to pay the $4,800 through Venmo, Kyle wasn’t bothered. He had only recently signed up for the mobile payments service, but his friends assured him that it was fast, easy, and reliable. Over the phone, Michael asked to Venmo half the money that day and half the following. “I said ‘OK, that’s perfect,’ ” says Kyle, a 32-year-old sales rep in South Florida.
As promised, the first $2,400 installment arrived on the evening of Wednesday, June 10, from Alice, whom Michael identified as his spouse. (“for cavs!” read the accompanying note.) The second, from Michael, “for go lebron!!” followed Thursday morning, the day of the game. Kyle promptly transferred the funds from Venmo to his personal bank account, and satisfied with Venmo’s notification (“You cashed out!”), he emailed the tickets to Michael.
On Thursday, the money from Alice showed up in Kyle’s bank account. But by the evening, the second payment, from Michael, still hadn’t come through. The same was true on Friday. And on Saturday. “I’m waiting after I transfer the tickets, and the money wasn’t in there, it wasn’t in there, it wasn’t in there,” says Kyle. “And all of a sudden I get a little [Venmo] notification saying, ‘Your transaction has been reversed.’ ” Panicked, he fired off a message to Venmo’s customer support via email, then another via Twitter. Days passed with no response.
For Kyle, who asked that Slate withhold his last name because he works in technology and was embarrassed about being defrauded on the Internet, the problems appeared to start with that notification. But they really began earlier. As soon as he approved Michael’s request to buy the NBA tickets through Venmo, Kyle unwittingly stepped into a scam that has played out repeatedly on Venmo’s platform. It’s a scheme that has stripped users like Kyle—four of whom spoke to me for this article—of hundreds or thousands of dollars, leaving them little recourse for recovering their funds or their goods. How exactly these scammers manipulate their funds isn’t always clear. But the upshot in each case—a loss to the user of a product, money, or both—hinges on a single line in Venmo’s user agreement: “Business, commercial, or merchant transactions may not be conducted using personal accounts.”
These Venmo scams work so well because the scammers know a few things that you don’t. They are taking advantage of your assumption that because transacting on Venmo is simple and quick, it is also always safe. They are gambling that in Venmo’s murky realm of “merchant transactions,” the businesslike act of “sending your roommate half the rent” might be kosher, but collecting their money for “event tickets and Craigslist items” probably won’t be. Most importantly, they are exploiting the little-known fact that funds flickering onto our phone screens with a perky green plus sign and a couple emojis are not really ours as instantaneously as they may seem. In short, these scammers are slipping into the gap between what Venmo has taught us to expect and the reality of what both the company and America’s underlying financial infrastructure are actually able to handle, and they’re blowing it wide open.
Ata Movassaghi’s problems also began with basketball tickets. He and a friend had been advertising a pair of seats to two different Knicks games on Craigslist for a few days when they were contacted by two interested buyers, Eric and Cindy. After they reached agreements on the price, both buyers asked over email to pay on Venmo. Movassaghi said sure and, “Just like any other friend paying on Venmo, it comes through.” On Dec. 6, the first buyer, Eric, sent along $180, “for knicks tickets.” The next day, Cindy’s $450 payment appeared, marked instead as “for rent.” In each case, Movassaghi emailed along the tickets as soon as the Venmo payment notifications flashed onto his screen. Then, on Dec. 8, the bad news arrived in Movassaghi’s inbox: “Your Venmo Account Has Been Frozen.” Movassaghi rushed to check his account, where he found that the $630 for the tickets that had been in his balance just hours ago had disappeared.
For Mark Kwan, a 36-year-old event planner in New York City, it wasn’t tickets but a laptop—also advertised on Craigslist and purchased by a woman, Rosalyn, who asked to pay through Venmo. They met in mid-July on the Upper West Side, where she’d arrived in a blue van. “I received the Venmo payments, so everything should have been fine,” Kwan says. “About 20 minutes later, she’s like, actually, can you help me buy some iPhones?” She made more payments via Venmo, and he went to buy the four gold iPhone 6 Pluses that she’d requested. (Didn’t this seem a little sketchy to you, I asked Kwan when he relayed the story. “Yes and no,” he told me. “I’ve helped people buy phones before. The thing is that the money was in my Venmo account before I bought them.”) In total, Rosalyn sent Kwan $5,739.98 via two different Venmo accounts. He handed off the devices once he got Venmo’s payment notifications, then later attempted to withdraw the funds into his bank account. They never showed up.
Like Kyle, Movassaghi and Kwan reached out to Venmo’s support team once they realized something was off. Kwan says he contacted Venmo several times over email, on Twitter, and later through the in-app chat support the company introduced in mid-August. Other than generic acknowledgments of his inquiry, Venmo didn’t write back.
Movassaghi did get a response: His account had been frozen for “security issues” related to the transactions from Eric and Cindy, and the payments refunded to them. Venmo’s support team asked for more details about the transactions, which he sent along. But subsequent messages from the company were even less reassuring. On Dec. 15, 2014, from a customer support representative: “We have no way of retrieving payments once [they] have been reversed.” From a support supervisor on Jan. 1: “the bottom line is that your transactions violated the User Agreement … your only option is to contact your friends Eric and Cindy and arrange for a payment outside of Venmo.” Finally on Jan. 22, from Eran Kimchi, Venmo’s head of fraud, whom Movassaghi emailed directly in a final attempt to recover his money and alert the company to what he saw as a dangerous and pervasive scam: “Venmo has a complete understanding of the scam plot you fell victim to … there is nothing Venmo can do to comfort you. … You made an innocent mistake, and you paid for it.”
In the six years since it was founded, Venmo has become a mobile empire, a dorm room brand, and even a verb by promising smooth, fast, and easy money transfers. In summer 2012, Venmo was acquired by online payments platform Braintree, which was in turn bought out by PayPal in the fall of 2013. Since then, Venmo has continued to operate as a largely independent subsidiary of its parent company, and its growth has been stunning. At the end of 2014, PayPal reported that Venmo had processed $906 million in payments in the fourth quarter and $2.4 billion for the full year. By July, PayPal chief executive Dan Schulman was boasting to investors about the $1.6 billion of transactions that Venmo handled in the second quarter alone.
Sustaining that brand and rapid growth has proved a delicate act. To deliver on smooth, fast, and easy, Venmo has attempted to keep its interface and signup process as fun and “frictionless” as possible. But what’s streamlined and cool is also often insecure. Back in February, I wrote about Chris Grey, a 30-year-old Web developer in New York City who underwent the distinctly horrifying experience of having $2,850 stolen through his Venmo account. At the time, Venmo’s customer service was shabby, its staff small at just 70 full-time employees, its basic account protections minimal. In the weeks after that story ran, Venmo started to shape up. The company began alerting users via email whenever changes were made to the primary email address, password, or phone number on their accounts. It also introduced multifactor authentication, a common security layer that asks users for a secondary passcode to access an account. (Customer service remains an obvious weak spot; the four people I spoke to for this story all described frustratingly slow responses from Venmo’s support staff.) Internally, Venmo’s team has grown to more than 100 people; PayPal, for comparison, oversaw $66 billion in total payment volume in the second quarter and employs 16,000.
But solving these obvious problems hasn’t fixed some of Venmo’s thornier ones. Like how to warn people about when they could get scammed, and set a clear line on transactions the platform doesn’t condone, while simultaneously encouraging those people to use Venmo with an ever-expanding circle of friends and friends-of-friends for an ever-expanding variety of purposes. What separates friend-of-friend from stranger-I-probably-shouldn’t-transact-with and personal from merchantlike quickly becomes very blurry. If I buy a pair of New York Rangers tickets and resell one to my friend, who Venmos me the balance, it’s probably fine. But what if I sell that ticket to my brother’s friend? To someone I find on Facebook? When does that become a “merchant” exchange, one that Venmo doesn’t allow?
“Well, there’s gray,” Michael Vaughan, Venmo’s general manager, tells me. “Our users wouldn’t want us to, say, block every transaction that has the word ticket or rent, because that’s a lot of how people use Venmo.” We’re sitting in a small conference room in Venmo’s New York office, which happens to be in the same West Village building as Slate, and Vaughan is explaining the scale of the problem that these and other scams pose. “Anytime there’s payments, there are going to be people trying to exploit it, so it’s a constant cat-and-mouse game of trying to find the bad actors,” he says. “One of the biggest things we try to educate people on is while Venmo is super easy, it is intended to use with people that you know, and there are certain limitations on how much we can protect people.”
When that trust gets misplaced, it’s partially due to a fundamental misunderstanding of how Venmo works. Contrary to many users’ assumptions, sending money on Venmo does not instantaneously transmit funds from Person A to Person B. So, if I Venmo you $20 for Chipotle, the “+ $20.00” notification you get isn’t actually reflecting a transfer from me to you. Rather, in most cases, Venmo is floating you the money until it can come out of my account. The actual mechanics of the transaction are much more complicated; the point is that Venmo is just the top layer with which you interact. “The current systems that [the United States has] in place for consumers don’t allow for real-time payments or instant payments, but instead just create this illusion that the funds are good and immediately available,” says Jordan Lampe, director of policy at mobile payments network Dwolla and a member of the Federal Reserve committee tasked with improving America’s payments infrastructure. “We send emails, they get delivered instantly. We send text messages, they get delivered instantly. … So when these things continue to run up against the expectations of a business or an economy, it creates real problems and concerns.”
Once you understand that, you can see why Venmo doesn’t want users to make merchant transactions, by which it really means payments outside their networks of close acquaintances. (“Merchant transactions,” Vaughan tells me, “is sort of the catchall for the things that we can’t predefine.”) The analogous real world example is that you wouldn’t leave a pair of tickets in a mailbox just because someone sent you a note promising to drop off an envelope of cash at a later date. The money could be fraudulent. Or your contact might just never deliver it at all. Similarly, if the buyer wrote you a personal check, you might not give up the tickets until it had cleared your bank.
When people accept Venmo payments from strangers on the Internet, they are doing something most of us wouldn’t do offline. But you can also see why Kyle and Movassaghi and others don’t think that way. They don’t understand that Venmo isn’t PayPal and doesn’t offer the same kind of buyer and seller protections. They don’t realize that getting an on-screen notification from Venmo about a transaction, with its cheery green plus sign, isn’t the same as actually receiving those funds from the sender. And they don’t know that if the underlying transaction gets tangled up in fraud, they could be the ones eating the cost when Venmo eventually unwinds it.
Venmo, for all its stated efforts to educate consumers about safe online payment practices, has done little to correct these misperceptions. Doing so could mean dispelling the most essential elements of the Venmo mystique. “There are certain laws of time and space around the banking infrastructure that we try to smooth over for our customer,” Vaughan says. “The intention—and the expectation of our customers, and the way we treat that—is that when you send the payment it is instantly in your balance. You can use that money.” That’s what makes Venmo Venmo—the frictionlessness, the ease, the speed. But it’s also what makes Venmo risky, especially when transacting outside your network. “There are going to be these rare cases where the money that you received in this case may have been from someone who was using a card that didn’t belong to them,” Vaughan says, “and then you have that ripple effect.”
Kyle never recovered the $2,400 payment he lost from Michael. In mid-July, about a month after he sold his NBA tickets and first contacted Venmo, a customer support representative wrote back explaining that the “payment that you requested to be transferred to your bank came back for insufficient funds” and that she recommended “getting in touch with your transactor about this,” as the company had no additional information. Michael had long since gone silent, cutting off his phone after Kyle tried calling several times.
Movassaghi and Kwan also lost their funds. Movassaghi still uses Venmo; the other two do not. They recognize that they were taken advantage of by savvy scammers but also feel disillusioned with how Venmo handled the disputes. “This is a situation where I got scammed, I’m not going to sit here and lie,” Kyle says. “But, I feel, their process is absolutely horrible,” he adds. “They say hey, do business with people you know on Venmo. But how many people are really doing business with people they know? Maybe a good majority of them, but I guarantee there’s a lot of transactions going on that need to be backed by some type of backing to make sure that if something happens they still get their money.”
Venmo says it eventually wants to do that. The product on the drawing board is called “Pay With Venmo,” and it’s designed to bridge the gap between payments made among friends and payments made for commercial purposes. The vision is for users to be able to pay for goods with Venmo on websites such as Uber and Airbnb and StubHub much like they currently can with PayPal. Here and now, though, Venmo needs another solution. Vaughan says these scams are “very infrequent.” But that might still be too often for a company striving to build a brand that is simpler, more trustworthy, and more popular than any of the other mobile payment options.
In figuring out how to tackle fraud, Venmo faces an existential dilemma. The success of its business depends on recruiting new users and increasing payment volume. Yet it also hangs on maintaining the crucial perception that Venmo just works. The problem is that the bigger Venmo grows, the greater the schemes are certain to get, and the more numerous the scammers. Tucking away the problems under a clause in its user agreement might protect the company. Unfortunately, it does little to help users like you.
Venmo needs to make sure you know as much as the scammers, or at least to try. That’s within its power. But it will mean demystifying some of that Venmo magic.