Safety and Security

7M Venmo Transactions Scraped To Warn Users

A computer science student scraped seven million Venmo transactions to warn users that their public activity can still be stolen.

Dan Salmon said he scraped the transactions over the course of six months to prove to users that they need to set their Venmo payments to private. Venmo payments between users are set to public by default.

The move comes a year after privacy researcher Hang Do Thi Duc downloaded 207 million Venmo transactions to prove a similar point.

“There’s truly no reason to have this API open to unauthenticated requests,” Salmon told reporters. “The API only exists to provide like a scrolling feed of public transactions for the home page of the app, but if that’s your goal then you should require a token with each request to verify that the user is logged in.”

Despite these reports, Venmo has not done much to boost security for its users. While it changed its privacy guide and updated its app to remove a warning when users went to change their privacy settings from public to private, the company has focused more on making the data more difficult to scrape, including imposing limits on its API. But Salmon was still about to scrape 40 transactions per minute, which was about 57,600 scraped transactions each day.

Last year, PayPal — which owns Venmo — settled with the Federal Trade Commission over privacy and security violations after it was accused of misleading users over its privacy settings.

Juliet Niczewicz, a spokesperson for PayPal, did not return a request for comment on this latest report.

In April, PayPal CEO Dan Schulman finally released Venmo user numbers for the first time: 40 million active monthly users, defined as a person whose used the service once in 12 months.

“Venmo continues its significant momentum,” Schulman said at the time. “As user growth continues to accelerate, merchants are increasingly turning to Venmo as a way to attract a valuable and engaged consumer base.”

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW