Using Venmo sometimes feels like making a deal with some personal-finance devil. Venmo gives you an embarrassingly convenient way to send money to friends, and all you have to offer in return is perpetual access to your most private banking information. It's a potentially precarious arrangement, but for the most part, it works astonishingly well. What happens when it doesn't?
At Slate, Alison Griswold tells the story of Chris Grey, a web developer who woke up last week to find his Venmo account compromised and $2,850 missing from his bank account. Though it's fairly standard practice for internet companies to notify users when their passwords have been changed or foreign devices have been added to their accounts, Venmo had done none of that. Grey was only alerted to the fraud after a notification from Chase Bank, which had flagged the unusually large debit and sent him an alert.
After contacting Chase—and being told that there was no way to secure his account aside from closing it outright—Grey went to Venmo for help. His customer service experience was less than exemplary:
Grey says he went ahead and contacted Venmo almost immediately after learning of the unauthorized activity and reaching out to Chase, at first via the company's online contact form and then to email@example.com. Grey provided Slate with email correspondence showing that he first wrote to the support email address at 11:55 a.m. on Thursday, then again at 6:50 p.m., 7:43 p.m., and finally at 9:38 a.m. on Friday. More than 24 hours after he first contacted Venmo, Grey was still waiting.
A day and a half after he first discovered the fraudulent transaction and contacted Venmo, Grey finally got a response. The email, sent from "Michael" from Venmo's "Fraud & Risk" department, outlined basic steps he should take to protect the account (change passwords, revoke access to unauthorized sessions, add a PIN), and said the company was "working to prevent this unauthorized account access in the future."
Ultimately, Chase reimbursed the money, and Grey elected to close his Venmo account.
Part of the reason that Grey's experience was so nightmarish was that he'd elected to give Venmo a direct pipeline to his bank account. Had he used a credit or debit card instead—options that Venmo offers—he'd at least be able to keep his old Chase account after the fraud was resolved, because the bank can always issue a new debit card number. Two-factor authentication would have helped prevent the hack in the first place, but as The Verge notes, Venmo is hardly the only finance company not to offer it—most official bank apps don't either. (For now, the best thing you can do to ensure your Venmo account's security is to enable the optional PIN-style passcode, which must be entered each time is reopened.)
So the real issue—if we're talking about Venmo in particular and not the entire mobile banking enterprise—is how the company neglected to inform Grey that might have been hacked, and how poorly it handled his requests for help after the hacking took place. Checking the @VenmoSupport Twitter feed shows that Grey is not the only one to find the company's customer service lacking.
@VenmoSupport you guys never paid my cash out. I need to speak to someone asap. Already sent an email.— Gabby Oglesby (@GabbyOglesby) February 5, 2015
@VenmoSupport how do I contact you for a case of suspected fraud? i would like to report a user immediately— 'SUP x A Day in (@supmag) January 27, 2015
@VenmoSupport nearly 24 hours and no one from Venmo has contacted me about the $2799 that's gone missing from my account!— 'SUP x A Day in (@supmag) January 27, 2015
"I think there's some valid feedback," Venmo CEO Bill Ready told The Verge, "and we're going to take a look at it."