Venmo: The price of your privacy beyond social media

Written by Shaina on August 25, 2020

Image of a mobile phone showing the Venmo app

Venmo is a leading mobile peer-to-peer payment app that brings a social element to payment transfers, however, this can come at a price of your privacy. In this blog post, we share what you need to know about Venmo and what you can do to keep yourself safe.

What is Venmo?

Venmo is a mobile financial platform owned by Paypal that allows users to instantly share, send, and request payment transactions. Users connect their bank accounts and or credit cards to make transfers to their friends, family, or merchants. By default, payments are public, and are posted to global and friend activity feeds with descriptions complete with gifs and emojis. This unique presentation has brought a fun edge to traditionally private transactions and has allowed the app to achieve significant engagement from its users, landing the company as one of the most popular peer-to-peer (P2P) payment apps in the United States.

Venmo has over 52 million users and recently reported a net payment volume of over $39 billion. The app has become extremely popular because it is free and its consumer-facing UX makes financial transactions fun and social. However, this service comes at a cost of your data privacy: your transaction data is being shared with third parties and if left to its default settings, your easily accessible public transactions can have deeper consequences than you might think.

Invasion of privacy

While the public transaction feeds help Venmo drive engagement through validation and social proof, people are using these feeds to track each other. Back in 2018, Tami Kim, an assistant professor at the University of Virginia, used Venmo to analyze pettiness between relationships. She found that Venmo was commonly used by others to analyze and stalk the movements and relationships of their friends or significant others by decoding their Venmo transactions as nights of infidelity or exclusion.

Check out this piece in the New Yorker to see how people interpret certain Venmo transactions: Common Venmo Transactions Decoded by Olivia de Recat

Illustration showing the potential privacy infringements from using payments provider Venmo

Image Credit: NPR

Data scraping and sharing on Venmo

Furthermore, several analyses of public Venmo transaction data showcase how revealing seemingly trivial payments are and how they can expose serious data security risk.

In 2018, researcher and developer Hang Do Thi Duc created a project titled Public By Default where she scraped and analyzed over 200 million public transactions from Venmo’s public API.

Because Venmo’s default privacy and transaction settings are set to public, Do Thi Duc was able to see the full details of these transactions including the names, profile pictures, messages, payment amounts, and time stamps, allowing her to piece together in-depth profiles of specific users. She could easily see personal content such as who is in their network, where and when they go out to eat and who they go with, how much they spend on rent, and more.

Another researcher, Dan Salmon, scraped over 7 million public transactions from Venmo to understand if he were an attacker, whether this data be useful to him. The answer is yes.

Some potential risks include:

  1. If your account is hacked, either by posing as you or by acquiring your login data, the hacker can drain your bank accounts, have access to your profile and network data, and change your password to delay your recovery of your account.
  2. Public Venmo data allows others to easily tell what device you are using Venmo on, which can provide more details for hacking into your device.
  3. Descriptions of messages can be revealing or taken out of context to find inappropriate or potentially illegal payments.
  4. By knowing your close network and frequent payments, attackers can easily spearphish, which entails sending realistic messages that trick you into downloading malware or acquiring your sensitive data.

What should you do?

While Venmo has worked to develop their privacy policy, many of the default settings are still set to public, therefore, your public transactions can be tracked, analyzed, and potentially used against you. We understand the benefits to using apps like Venmo to easily send payments or split bills, but it is important that you are aware of how this can infringe on or impact your online privacy. Companies can use this information to target you with advertisements, track your location, price discriminate, or provide general recommendations that could be erroneous.

So first and foremost, switch your privacy settings and your past transactions to private in your Venmo Settings. If you're unsure how to do this; we provide a comprehensive walkthrough as part of a account.

We also recommend the following

  1. Set up Two-Factor Authentication to create an extra barrier of security to logging into your account.
  2. Do not store too much money in Venmo as this is not insured by the FDIC and does not collect interest.
  3. Be wary about who you are sending your payments to and how frequently.
  4. Recognize that while your transactions may be set to private, these payments– including the amount, description, and recipient– may still be exposed or misinterpreted.
  5. Do not reply to any text messages requesting your personal data to confirm any payments from Venmo. This is likely a cyberattacker looking for your data.

How we can help

By joining you're become part of a service that is looking out for your online data and interpretations of your online reputation. Our service allows you to connect your social media accounts and scan for potentially harmful content to your online brand, and also provides step-by-step guides (including a Venmo walkthrough) to help you maximize and manage your security settings. Sign up today!