Venmo

Venmo is an American mobile payment service founded in 2009 and owned by PayPal since 2013. Venmo is aimed at users who wish to split their bills. Account holders can transfer funds to others via a mobile phone app; both the sender and receiver must live in the United States. Venmo also operates as a small social network, as users can observe other users' public transactions with posts and emoticons. In 2021, the company handled $230 billion in transactions and generated $850 million in revenue. Users can view transactions on the Venmo website but cannot complete transactions on the website.

By default, Venmo publishes every peer-to-peer transaction (excluding the amount), a feature shown by researchers to reveal sensitive details about users' lives in some situations. In 2018, the company settled with the Federal Trade Commission (FTC) about several privacy and security violations related to this and other features, and made changes to the corresponding settings. However, Venmo continued to attract criticism for exposing users to possible privacy risks.

History
Venmo was founded by Andrew Kortina and Iqram Magdon-Ismail, who met as freshman roommates at the University of Pennsylvania. According to Kortina, the duo were initially inspired to create a transaction solution while, in the process of helping start a friend's yogurt shop, they "realized how horrible traditional point of sales software was". At a local jazz show, Kortina and Magdon-Ismail conceived the idea of instantly buying an MP3 of the show via text message. Finally, the idea was cemented when Magdon-Ismail forgot his wallet during a trip to visit Kortina. The process of settling their debt was a considerable inconvenience, especially compared to the possibility of mobile phone-based transactions. Shortly after, they began working on a way to send money through mobile phones. Their original prototype sent money through text messages, but they eventually transitioned from text messages to a smartphone app.

In May 2010, the company raised $1.2 million of seed money in a financing round led by RRE Ventures.

In 2012, the company was acquired by Braintree for $26.2 million.

In December 2013, PayPal acquired Braintree for $800 million.

Prior to October 2015, Venmo prohibited consumer-to-business transactions on the platform.

On January 27, 2016, PayPal announced that Venmo was working with select merchants who would accept Venmo as payment. Initial launch partners included Munchery and Gametime. All merchants that accept PayPal can now accept Venmo. As of May 2018, Venmo's merchant product did not permit "selling goods or services in person"; however, research into mobile payment trends among mom-and-pop restaurants in New York City that month revealed a grey market use case in which some Chinese takeouts and food trucks used personal Venmo QR codes to accept payments from customers. This QR payment behavior was similar to that used via Chinese mobile applications WeChat and Alipay within these same establishments.

In October 2020, PayPal announced that Venmo along with PayPal services will allow users to purchase and use cryptocurrencies such as Bitcoin, Bitcoin Cash, Ethereum, and Litecoin in select foreign markets starting in the first half of 2021.

On April 20, 2021, Venmo announced that it was beginning its roll out for the ability to buy, hold, and sell cryptocurrencies using the platform. However, only selected users had access to the feature, and it was estimated that the cryptocurrency transfers would become available for the whole userbase only in May 2021.

Products
Users can create an account via a mobile app or website and provide basic information and bank account information. One must have a valid email address and a US mobile phone number to use Venmo. Recipients of transactions can be found via phone number, Venmo username, or email.

Users have a Venmo balance that is used for their transactions. They can link their bank accounts, debit cards, or credit cards, to their Venmo account; alternatively users can order a Venmo MasterCard and pay through it. Paying with a bank account or debit card is free, but payments via credit card have a 3% fee for each transaction. Some credit card providers may charge cash advance fees for Venmo payments. If a user does not have enough funds in the account when making a transaction, it will automatically withdraw the necessary funds from the registered bank account or card.

When users first create an account, total transactions may not exceed $299.99 until the user's identity is verified. After the identity has been verified, users may send up to $2,999.99 in each seven day period.

Since 2008, cash transfers using Venmo have not been instantaneous and could be canceled after an initial transfer is sent. Like traditional wire transfers, they can take one to three business days to become final.

In January 2018, PayPal rolled out an instant transfer feature on Venmo, allowing users to deposit funds to their debit cards typically within 30 minutes. A fee is deducted from the amount for each transfer; 1% or $10, whichever is less. The standard bank transfer (typically completed within three business days) is available for no fee.

Venmo MasterCard
In 2018, Venmo released a new physical debit card available for users. The card runs on the MasterCard network and offers ATM access and overdraft protection. It can be used anywhere that accepts MasterCard, and it enables up to $400 in daily ATM withdrawals, though transactions at non-MoneyPass ATMs come with at least $2.50 in withdrawal fees.

In addition, the service offers a reload function, which, when enabled, takes money from a user's linked checking account in $10 increments if their Venmo balance drops too low to cover a purchase. Customers could be subject to fees or other consequences from their bank if they overdraft that account. Card purchases show up in a user's Venmo transaction history, and the card can be canceled from within the app. These features make the card similar to a traditional bank debit card, but adds the ability to directly track spending in-app.

Social component and privacy
Venmo includes social networking interaction; it was created so friends could quickly split bills, whether that is for movies, dinner, rent, tickets, etc. When a user makes a transaction, the transaction details (stripped of the payment amount) are shared on the user's "news feed" and to the user's network of friends. This mimics that of a social media feed. There is a "world wide" Venmo feed, a "friends only" feed, and then personal feed. Venmo encourages social interaction on the application through comments using jokes or emojis and/or likes. In 2016, around 30% of approved Venmo transactions included at least one emoji.

Early on, Venmo required new users to sign up through Facebook, which made it easy to find peers they wanted to pay and also provided Venmo with free marketing. For users not friends on Facebook, the application allowed the opportunity to search by username and phone number. Profiles are personalized with profile pictures, usernames and Venmo transaction history. The transactions can be made private, but most users keep the default and do not change the privacy settings. Venmo does not have either buyer or seller protection.

Venmo includes three social feeds, namely a public feed, a friends feed, and a private feed. By default, all Venmo transactions are shared publicly. Anyone who opens the app to the public feed, including people who do not use Venmo, can see these publicly shared posts. The privacy settings can be changed so that all posts are either shared only with a user's Venmo contacts, or even kept private. If posts are shared only with contacts, they still appear in a friends feed, whereas private transactions are only visible to the two parties involved in the transaction. If two users involved in a single transaction have differing privacy settings, Venmo applies the more restrictive level. Users can override their overall preference for any individual transaction, including after the transaction has been made.

Security
Venmo has claimed that its security is "bank-grade". However, journalists, security researchers, the California Department of Business Oversight (DBO) and the Federal Trade Commission have all disputed this claim.

In February 2018, the FTC settled with Venmo, after an investigation uncovered false representations about "bank-grade" security and failures to comply with the Gramm-Leach-Bliley Safeguards Rule and Privacy Rule. Under the settlement, Venmo would be required to undergo third-party audits every two years for the following ten years. The FTC also complained that Venmo "misled consumers about the extent to which they could control the privacy of their transactions" and misrepresented the availability of funds for withdrawal.

Venmo states that customers need not worry about their security or privacy, and encourages users to set up a PIN to increase security. On July 17, 2018, The Guardian published an article showing that Venmo is insecure because privacy protection is not set by default. According to the researcher who found this privacy issue, Venmo publishes all transactions along with names openly into the World Wide Web.

The Better Business Bureau has reported that some scammers exploit the cancellation period to appear to pay, but ultimately avoid paying for an item.

In November 2018, The Wall Street Journal reported that Venmo, in the first quarter of 2018, had suffered $40 million in operating losses, nearly 40% more than it had budgeted, due to "a wave of payments fraud".

Privacy concerns
A 2018 study analyzed over 200 million public transactions and found that Venmo "reveals a massive amount of private details about users' lives by default". The same year, the company reached a settlement with the FTC after the FTC had accused Venmo of "misleading" users about the privacy settings changes required to make transactions completely private. In 2019, another researcher downloaded and analyzed seven million transactions, concluding that although Venmo had made some very minor to no improvements limiting mass-scraping, the data still put users at risk for various forms of cyber attacks.

In 2019, Mozilla and the Electronic Frontier Foundation wrote an open letter "to express our deep concern about Venmo's disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: make transactions private by default, and give users privacy settings for their friend lists".

Venmo's social model has attracted attention from researchers. A research group from University of Washington observed that the social feed in Venmo differs from other social networks in that activity is driven by financial transactions. A user could make a trivial transaction to make a post (e.g., sending someone $0.01, or requesting $0.02), but only one participant in their studies reported ever doing this. Further, neither reading the feed nor sharing a transaction memo publicly or with friends is necessary to send or receive money.

On Venmo, people transact with both friends and businesses via the app. Analysis of public transactions identifies a spectrum of use patterns, from regular users who create transactions for a variety of expenses, to niche users who use Venmo with a small cluster of friends to pay for just a few things (e.g., bills among roommates).

A May 2021 investigation by BuzzFeed News reportedly managed to find the Venmo account of United States president Joe Biden after "less than 10 minutes of looking for it"; BuzzFeed News additionally states that the Venmo app "leaves everyone ... in the world exposed" and states that it reveals a major privacy concern.

In 2022, Dr. Rajat Tandon and Dr. Jelena Mirkovic from the University of Southern California, along with their research collaborators, showcased that 2 in 5 Venmo users publicly reveal sensitive information. Their work, "I know what you did on Venmo: Discovering privacy leaks in mobile social payments", which presents multiple findings from 389 million public transaction Venmo notes, highlights serious risks from a public-by-default policy for mobile social payments.

Consumer Financial Protection Bureau probe
Venmo came under scrutiny from the Consumer Financial Protection Bureau in 2021 over the company's treatment of their customers owing money for transactions. PayPal, the company operating Venmo's platform, announced through a regulatory filing in February that it had received a civil investigative demand from the CFPB "related to Venmo's unauthorized funds transfers and collections processes, and related matters." Venmo has a history of using aggressive tactics to threaten debt-owing users, ranging from seizing the funds from the user's other PayPal accounts to sending debt collectors after users. Customer service emails showed the company notifying users it could involve a collection agency over debts from $3,000 to as low as $7 in 2019, in some instances even when the customer in question had been scammed. Such practices continued during the COVID-19 pandemic.