Last week, person-to-person payment app Venmo finalized a settlement with the Federal Trade Commission regarding security and consumer disclosure practices. TheVerge reported that the investigation began in 2016, so most likely the issues cited have long been resolved. Here are the details of what went awry:
One of the FTC’s central complaints was Venmo’s notification policy, which told users money had been deposited in an account even when transactions were still under review. Scammers were able to exploit that practice by purchasing goods with fraudulent transactions, leaving sellers with no money and no goods after the transactions were reversed. The Verge found a single scammer who stole at least $125,000 in luxury goods using that technique, operating for years with no apparent interference from law enforcement. Los Angeles police finally brought charges against the alleged scammer earlier this month.
The FTC also alleged significant security failures by the app, despite promises of “bank-grade security.” According to the complaint, Venmo failed to notify users when passwords and email addresses were changed or new devices added to a given account, a practice that persisted through at least 2015. That allowed hackers to quietly hijack accounts and withdraw thousands of dollars…
Although there wasn’t a monetary fine against Venmo, they will be subject to 10 years of independent reviews, which themselves can be costly. Plus, those individuals who have been harmed by their practices or a State that can prove its residents were harmed, could pursue this in court.
Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group
Read the quoted story here