Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Advances in payment methods could end those open-wallet debates about who owes what for the pizza. But as innovative technologies change how people pay for things, established consumer protection principles apply. An FTC complaint against peer-to-peer payment service Venmo – now operated by PayPal – alleges that the company failed to disclose material information about the availability of consumers’ funds. In addition, the lawsuit challenges aspects of the company’s privacy and security practices. A proposed settlement in the case requires Venmo to make clear disclosures about certain business practices.

How Venmo works. When consumers download the Venmo app, they create an account connected to their bank account or credit or debit card. They can receive money from other Venmo users, transfer money to them, or transfer some or all of their Venmo balance to their bank account. So let’s say a Venmo user wants to pay another user $10 for that pizza or to get the other person to kick in their $10 share. To initiate a transaction, he or she either sends money to the other user or submits a “charge request” that asks the person to pay. Users must include a short message with each transaction. Within seconds, the recipient gets a notification about the transaction. The language changed over time, but Venmo typically said things like “Money credited to your Venmo balance. Transfer to your bank overnight” or someone “paid $[X] to your Venmo balance [description of transaction.] – Leave it in Venmo or transfer it to your bank account.”

Venmo’s transfer policies. According to the complaint, the company’s representations led many consumers to believe that when they received payment notifications from Venmo, the funds were ready to be transferred to their bank account. But that wasn’t the case. The complaint alleges that in many instances, consumers weren’t able to transfer funds as promised. That’s because Venmo waited until a consumer attempted to transfer funds to his or her external bank account to review the transaction for fraud, insufficient funds, or other problems. For many consumers, once Venmo undertook that review, it resulted in delaying the transfer or even reversing the transaction altogether.

Those delays and losses led thousands of consumers to complain to Venmo. Many people reported that the company’s practices resulted in significant financial hardship – for example, not being able to pay their rent even though it appeared they had enough in their Venmo account to cover it. The complaint alleges that even in the face of mounting consumer complaints, Venmo continued to claim – without any qualifiers – that once money was credited to consumers’ Venmo accounts, users could transfer it to their bank accounts. The FTC alleges that Venmo’s failure to adequately disclose to consumers that funds could be frozen or removed from their accounts was deceptive.

Venmo’s privacy practices. Consumers’ access to funds wasn’t the FTC’s only concern. By default, all peer-to-peer transactions on Venmo are displayed on Venmo’s social news feed. That includes the names of the payer and the recipient, and the accompanying message. In addition, each Venmo user has a profile page that lists their Venmo transactions. By default, their five most recent ones were visible to anyone on that page, including visitors who don’t have a Venmo account. (People without an account could still see a user’s Venmo account either by clicking on a link to the user’s Venmo profile page or by using a search engine.)

Consumers who didn’t want to share their transactions could go to a Venmo menu to edit their privacy settings. By changing the “Default Audience Setting,” people could set the default visibility of their future transactions on the news feed to specific groups, like “Participants Only” or “Friends.” The problem, alleges the FTC, is that setting the Default Audience Setting did not limit how the other party to the transaction could share the transaction. To ensure that their transactions remained at their chosen default visibility, consumers had to take a second inadequately disclosed step involving what was called the “Transaction Sharing Setting.” If people didn’t change both settings, some of their transactions remained visible. The same problem occurred if consumers took action to limit the visibility of a particular transaction, but didn’t change the Transaction Sharing Setting.

Venmo’s data security promises. The FTC also challenged as false a Venmo claim that it protected consumers’ financial information with “bank grade security systems.” According to the complaint, until March 2015, Venmo failed to implement some basic safeguards. For example, Venmo didn’t notify consumers about changes to their settings from within their Venmo account – for example, that their email address or password had been changed. (Notifications like that can alert consumers that an unauthorized person is monkeying with their account.)

Alleged GLB violations. The complaint includes allegations that Venmo violated the Gramm-Leach-Bliley Privacy Rule by failing to provide users with a clear initial privacy notice, by failing to deliver it in a way that each consumer could reasonably be expected to receive it, and by distributing a notice that didn’t accurately reflect its practices. In addition, the FTC says Venmo violated the GLB Safeguards Rule by failing to have a comprehensive written information security program in place before August 2014 and by failing to implement safeguards to protect the security, confidentiality, and integrity of consumer data until at least March 2015.

The proposed order. To settle the case, PayPal (which now owns Venmo) has agreed not to make misrepresentations about material restrictions or limitations on the use of any payment service with a social networking component. The proposed order also requires PayPal, when making representations about the availability of funds to be transferred or withdrawn to a bank account, to clearly disclose that the transaction is subject to review and that funds could be frozen or removed. In addition, PayPal must provide clear disclosures about how any payment and social networking service shares transaction information with other users and must tell consumers how to adjust privacy settings to limit how that information is shared. PayPal also must get every-other-year data security assessments for 10 years.

The FTC is accepting public comments about the proposed settlement until March 29, 2018. In the meantime, prudent businesses can take some tips from the case:

  • Be clear about consumers’ payments. When you’re dealing with payments – including when new financial technologies are involved – be clear with consumers about when payments are sent and when they’re actually received. If there are material terms or limitations, disclose them clearly. Transparency is a key to winning consumer confidence.
  • Think through your data defaults. Yelling “Surprise!” may be fun at birthdays, but consumers are decidedly less jovial when they’re surprised by how companies use their information. In deciding on your default settings and how to educate consumers about your product, factor in reasonable consumer expectations.
  • Keep privacy options accurate. Consumers appreciate choices, but they need to understand what they are choosing. If you provide privacy options, make it straightforward for consumers to select the options that best match their privacy preferences – and then honor their choices.
  • Is your company covered by GLB? The Gramm-Leach-Bliley Privacy Rule and Safeguards Rule apply to “financial institutions,” but the law defines that term broadly. The scope of the statute extends beyond businesses with tellers, vaults, and ballpoint pens chained to the table. You need to know if your company is covered by those rules, especially if you’re part of the rapidly growing peer-to-peer payment industry.

67 Comments


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Michael Rose
June 17, 2019
I just recently signed up to Venmo. My first transaction (before i was able to link a debit card/bank account) was from a friend. Asoon as i got his payment, Venmo froze my account and won't unfreeze it or even refund my friend his payment that he sent to me. I believe this company is fully a scam. They won't have someone in a higher position contact me or even give me any info. They said i have to send bank proof and a valid id. But they want that after i recieved money. Major privacy issue for me. Why wait until i get money to freeze my account and demand 60 days of bank statements and government issue valid id. Doesn't make sense to me at all.
FTC Staff
June 18, 2019

In reply to by Michael Rose

You can tell the FTC about a problem you have with a business. Go to www.FTC.gov/Complaint. The information you give will go into a secure database that the FTC and other law enforcement agencies use for investigations.

Guest
June 20, 2019
They froze my account after taking over a 1000 out of my bank account
MsmithT
July 08, 2019
Venmo has banned my account that had money in it and will not give it back. They say they are allowed to do it without prior notice. They continued to process a transaction I canceled with my bank and then and then it went through and the next thing I notice I was banned and my account deactivated. All I want is the money that was given to me. But I’m interested in joining any Class Action Lawsuits if there are any. It was a very small amount of money and I don’t understand why they weren’t accommodating. Thank you M
FTC Staff
July 15, 2019

In reply to by MsmithT

You can tell the FTC about this at www.FTC.gov/Complaint. The information you give will go into a secure database that the FTC and other law enforcement agencies use for investigations.

ROBERT A Dobayjr
April 19, 2021

In reply to by MsmithT

I'm interested in a class action lawsuit myself they robbed me for my money to
Guest
July 13, 2019
I want to report Venmo and file charges how can I with y’all.
FTC Staff
July 15, 2019

In reply to by Guest

You can report a problem you had with a business. That doesn't mean you are filing charges. Report problems to the FTC at www.FTC.gov/Complaint. The information you give will go into a secure database that the FTC and other law enforcement agencies use for investigations.

Joe Dawson
October 08, 2019
I am going through this right now and just received a 3 day notice to evacuate my home I owned for 5 years. Any advice? Can I sue?
Guest
November 18, 2019
I had a venmo account and never used it before in my life. Someone used my account and committed fraud by putting a Citibank account number on my account and did some fraudulent transactions 3 years ago. Now in 2019 a friend paid me money and venmo froze my accounts telling me i should provide them with information. Please hiw can i provide a bank statement that i don't bank with.
FTC Staff
November 19, 2019

In reply to by Guest

You can report identity theft at www.IdentityTheft.gov. You can report how someone used your information and your account for fraudulent transactions. When you report, you can create an Identity Theft Report to law enforcement. Use the Report to prove that your information was stolen, and to correct problems.

Guest
November 29, 2019
I want to file a formal complaint against Venmo to the FTC, they have stolen funding out of my account and are trying to claim it was for a purchase. All purchases were cleared in my account, 3 days later I was sent a payment and almost 1/2 was missing They’re trying to claim that it was to cover precious transactions that were already paid full and cleared in my account Who do I go to and how do I file this company needs to be investigated
FTC Staff
February 18, 2020

In reply to by Guest

To report a problem, go to www.FTC.gov/Complaint. The information you give goes into a secure database that the FTC and other law enforcement agencies use for investigations.

Anny
January 24, 2020
I recently discovered venmo and became a member due to a friend request. Unfortunately i was too ignorant to know better and now i am also a victim of fraud that Venmo facilitated with their reverse payment policy. I don't know what to do to recover my 1400 dollars meanwhile they are demanding me to wait 180 days to investigate. When there isn't anything to investigate because they canceled the payment i was due to receive. Now i am left without money and without the item i sold which i comunicated to them that i was too new in their community to know better.
Jeffrey Eubanks
February 17, 2020
They I put my money in Venmo acccount then couldn’t move or transfer .then they froze my money and now have blocked me from contacting them , emails , texts .
Guest
February 28, 2020
why is it that when I contacted the FTC to make a complaint there was absolutely no history on venmo whatsoever yet when I go on the website here it is. We have had 1400 dollars stolen from us by venmo who refuses to give us any answers . Hat the heck do I pay taxes for if no one's doing anything about this.

More from the Business Blog

Get Business Blog updates