Pando

Venmo still hasn't apologized for -- let alone addressed -- its security issues

By Nathaniel Mott , written on March 2, 2015

From The News Desk

Venmo isn't responding to criticism of its security practices as well as some might like.

Its security was questioned last week when Slate revealed that it doesn't inform users when their passwords are changed, nor when new email accounts are connected to existing Venmo accounts, which allowed one thief to make off with about $2,850 of a Venmo user's money.

The service usually informs its users when money has been transferred. In addition to adding a new email address to the account and changing its password, however, the thief disabled those notifications. The theft, in other words, didn't ring any of Venmo's bells.

Then the New York Times revealed that the state of California had ordered Venmo to address security concerns all the way back in July 2014. A spokeswoman told the Times the concerns have been "remediated" and that it "take[s] the security of our customers extremely seriously."

By then, Venmo had published a blog post detailing its security measures. Many of them are standard to the payments industry: it encrypts banking information, allows users to set PIN codes for its app, and automatically logs out users after a certain amount of time.

Yet the post doesn't address the specific complaints Slate raised, like the lack of security notifications, nor does it offer anything near an apology to the person who was robbed.

The post might reassure some people. But until Venmo admits these problems exist, explains how it plans to fix them, and apologizes for allowing them onto its product in the first place, all of Venmo's lines about its users being like "family" are nothing but meaningless platitudes.