Privacy in Venmo

From SI410
Revision as of 18:32, 27 March 2020 by Zjh (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Venmo

Venmo is a digital wallet that lets you make and share payments with friends. It is convenient for splitting a restaurant bill with your friends or paying an electric bill that you share with your roommates. However, have you ever noticed the page when you entered your Venmo account that showed a list of transactions of people you did not know at all? Venmo is unique compared to other payment apps in terms of how it allows people to socialize while transferring money. You can see whom your friends are sending money to and what the payment is for. By searching a person’s name, you can see all of his or her transaction histories if he or she set the transactions as public. Does this public setting work as intended? How users’ information could potentially be used?


Privacy in Venmo

The most popular emoji in Venmo transaction message

Venmo has brought a cashless world to its customers and gives people a new way to socialize online. By default, people are sending transactions that can be viewed by everyone in the world. What does that mean? That means I know whom my roommate went grocery with, whom my friend went restaurant with, even whom my friend is dating. People are unintentionally sharing information with others that they do not expect these many people to know.


It was showed that from downloading Venmo's public API(Application Programming Interface), we can easily download users’ transactions without obtaining users’ permissions if the user sets the transaction as public. This means everyone in the world, who do not even have to have the app, can make a GET request to get others’ public transactions. At the same time, most users do not understand what it means for transactions to be public in Venmo and do not consider the necessity to change the default privacy setting to private. What’s more, since Venmo requires users to write for the purpose of the transaction, most people will record what the money is for using a descriptive emoji. This means anyone can easily gets information about what users buy, what they do, and whom they are with.


One interesting example is that people could figure out how their friend is in a relationship with another through Venmo. For example, there could be frequent transactions of going to restaurants and buying milk tea that let the friends on Venmo get a sense that they are in a relationship. However, the person who is in the relationship may not expect for others to know this right away. There are also other examples that let users reveal private information that they do not intend to share with others yet.


Potential Risk in Venmo

Safety of transaction

From what information is given to the public, cyberattacks become much easier. A graduate student studying information security has shown that 115,000 transactions can be downloaded per day by a twenty-line Python script he wrote. If an attacker has a target, he or she could find a list of people whom the target always interacts with and see what common activities they are doing. From this information, the attacker could craft a highly believable phishing message to scam the target.


Venmo was presented as a “bank-grade security systems”. However, this claim is inaccurate. Venmo does provide some security features like security PIN, but it is optional and most users do not realize the existence of this feature. Also, Venmo does not provide that same consumer protections as banks, which means it is not FDIC-insured.


Suggestion for Using Venmo

How to approach private setting
  • Try not to have a large amount of money stored in Venmo
  • Do not sell or purchase items through Venmo
  • Changing Venmo’s setting to private
  • Using the PIN feature on Venmo
  • Using alternate payment app


Conclusion

While Venmo provides a great social platform, and the idea of adding socialization to the payment app is new and interesting, the policy is not well built to support relevant privacy and safety feature. Venmo still has a long way to go to make this system mature. It may be better to use a payment app only for payment purposes for now because everyone’s privacy is precious.


References

lastname, firstname · (2020) · Venmo · work · Paypal · 03-27-2020

Matsakis, Louise · (08-26-2018) · It's Time to Stop Sending Money on Venmo · work · Wired · 03-27-2020

O'Donnell, Lindsey · (08-29-2019) · Venmo’s Public Transactions Policy Stirs Privacy Concerns · work · ThreatPost · 03-27-2020

Whittaker, Zack · (06-16-2019) · Millions of Venmo transactions scraped in warning over privacy settings · work · Techcrunch · 03-27-2020

Salmon, Dan · (06-26-2019) · Scraped Millions of Venmo Payments. Your Data Is at Risk · work · Wired · 03-27-2020

Cole, Lauren · (03-05-2018) · Venmo just settled with the FTC over allegations it misled users — and I found the little-known app that will replace it once and for all · work · Business Insider · 03-27-2020

Bloomenthal, Andrew · (03-05-2020) · How Safe Is Venmo and Is It Free? · work · Investopedia · 03-27-2020

Seaver, Caleb · (02-26-2018) · Venmo: What Is It and How Can It Benefit Your Small Business? · work · Prae · 03-27-2020

Wener-Fligner, Zach · (03-20-2015) · The emoji of Venmo: food, booze, partying, and, occasionally, rent · work · Quartz · 03-27-2020

Whittaker, Zack · (06-16-2019) · Millions of Venmo transactions scraped in warning over privacy settings · work · Techcrunch · 03-27-2020

lastname, firstname · (date) · Picture · work · 03-27-2020