Toronto Star

What’s wrong with your Venmo account, and how to fix it

You’re sharing more than you think via the app. Here’s how to tighten up your privacy

- KATHERINE BINDLEY

Few social-media experience­s have made me cringe more than viewing my “friend” list on the peer-to-peer payment app Venmo for the first time. Seeing the names of people I’d been on dates with years ago was jarring. Seeing someone I’d blocked on Facebook was unsettling. Seeing names I didn’t recognize and couldn’t find in my contacts was baffling. But one name horrified me above all others: my former therapist.

I went to her profile, clicked on her friend list and saw another name I recognized, the friend who initially referred me. It hit me that I was scrolling through a list that included a psychologi­st’s patients.

Venmo does well what it’s supposed to do: let friends exchange money quickly and easily. By default, it posts those transactio­ns in a social-mediastyle feed—seeing who shared meals and drinks with whom, and which emojis they favor, can make an otherwise boring process mildly entertaini­ng.

Theoretica­lly, Venmo lets users control who sees those posted items. But Venmo has a spotty record on privacy and transparen­cy: In February, the FTC announced a settlement with Venmo’s parent company, PayPal Holdings Inc., after finding Venmo “misled consumers about the extent to which they could control the privacy of their transactio­ns.” PayPal didn’t pay a fine but agreed to make privacy-policy updates and to make sharing controls clearer.

Still, Venmo has so far been unwilling to make privacy adjustment­s to some of the features many users have issues with. Between the uproar this past summer over the app’s public-by-default settings, the enduring inability to make your “friend” list private, and my feeling like a potential victim of a HIPAA violation, I started wondering if I—or anyone else—should really be using the app. Figuring that out took far more digging than users should reasonably have to deal with.

Here’s what I learned, and what you can do to protect yourself on Venmo: 1. Venmo Transactio­ns Are Public by Default

Venmo’s social feed is populated by transactio­ns between users. All these posts are publicly visible by default. That means unless you change your settings, anyone (researcher­s included) can see whom you paid.

To change that, tap the three lines in the app’s top left corner and hit Privacy. You can choose Friends or Private, which means a transactio­n will be visible only to you and the person you exchanged money with. To change who can see your old posts, go to Privacy > Past Transactio­ns.

2. Contact Syncing Isn’t Mandatory (But Appears to Be)

When users create a Venmo account, they’re asked to sync their contacts. You can go back or forward, but there’s no Skip or Not Now button.

If iPhone users select Next, they see an iOS popup asking for contact access. You might assume you have to click Allow, but you can hit Decline and still create an account.

I don’t normally sync contacts, but when I signed up for Venmo in 2015, I enabled syncing. To check your syncing status—and switch it off—go to Settings > Friends & Social.

3. Your Friend List Is Always Visible

Venmo friend lists are visible to other users and can’t be made private. Don’t feel bad if you didn’t know this: The company didn’t mention it in its privacy policy until September. Venmo’s definition of “friends” is very loose, as evidenced if you sync your contacts. Unlike Facebook or LinkedIn, which search your phone book and give you the option to add connection­s, Venmo automatica­lly adds to your friend list any saved contacts who also sync their phone books with the app.

If you have contact syncing turned on, the app checks your phone book regularly—every 28 days for iOS, every week for Android. Venmo adds any new contacts, but won’t remove phone contacts you’ve deleted. That’s why some “friends” might look like strangers.

You can’t hide your friend list, regardless of your privacy settings.

This means that you’re publishing your phone book. It won’t show everyone, but it will include anyone in your phone who also synced contacts on Venmo. That might include your boss or, well, your therapist.

Why can’t we make this private? “Because Venmo was designed for sharing experience­s with your friends in today’s social world, we try to make it as easy as possible to connect with other Venmo users,” a spokeswoma­n said.

4. You Can Cull Your Friend List

What you can do is unfriend people—but you’ll have to find your friend list first! Clicking on your profile won’t display it to you. Instead, go to Settings > Search People. Scroll past Top People to see them all. Remove people by tapping their profiles and unchecking the friend icons.

It’s important to review your friend list if you’re sharing transactio­ns with friends, since that list may be longer than you realize. If you never synced contacts, the list could be virtually empty.

5. There’s a Difference Between Facebook Connect and Facebook Contacts

Go to Settings > Friends & Social and you’ll see Facebook Connect and Facebook Contacts.

The first creates a link between your two accounts. I suggest disabling this. Facebook recently had a security breach, and like many apps, when you agree to connect, you’re sharing informatio­n in both directions that may not be apparent. No, thanks.

The second simply adds Venmo-using Facebook friends to your account who’ve also synced. Like contacts, they’ll stay in your Venmo friend list even after you unfriend them on Facebook.

6. Bank Account Syncing Isn’t Mandatory, Either

In a fairly recent addition to its privacy policy, Venmo says, “If you connect your Venmo account to other financial accounts…we may have access to your account balance and account and transactio­nal informatio­n, such as purchases and funds transfers.”

Given that Venmo is a payment app, it makes sense that the company would need to access some financial informatio­n to facilitate payments and confirm you have the funds to cover your transactio­ns. Venmo’s spokeswoma­n told me the company doesn’t actually access users’ transactio­n informatio­n. It’s a small relief. The company has privacy issues and has framed the social aspect of the app as core to its existence. Meanwhile, that FTC complaint alleged that Venmo “misreprese­nted the extent to which consumers’ financial accounts were protected by ‘bank-grade security systems.’”

(The company said it made “appropriat­e changes” in response.) And lately, Venmo has been grappling with a spike in fraud.

If you’re really concerned, you could unsync your bank account. The app won’t be as functional, and you’ll have to use incoming funds to pay for things. But if Venmo is just a pizza-and-beer slush fund for you, that might be all you need.

Venmo’s hold on its users is pretty strong. So strong that I don’t feel like I can stop using it yet, because no one has ever asked me to “Square” or “Zelle” them.

But I’ll be happy to jump ship if and when a more privacymin­ded app comes along.

Venmo has been unwilling to make privacy adjustment­s to some features many users have issues with

 ?? ANDREW HARRER BLOOMBERG ?? Venmo lets users control who sees transactio­ns, but the company has a spotty record on privacy and transparen­cy.
ANDREW HARRER BLOOMBERG Venmo lets users control who sees transactio­ns, but the company has a spotty record on privacy and transparen­cy.

Newspapers in English

Newspapers from Canada