FTC Proposes Settlement over Venmo Disclosures, Claims of ‘Bank-Grade’ Security

The Federal Trade Commission yesterday proposed a settlement with Paypal over inadequate disclosures of whether funds transferred with its Venmo app were available, over claims that Venmo employed “bank-grade security systems” and over privacy violations. The FTC will collect comments on the proposed settlement through March 29, after which it will vote on a final agreement.

According to the consent order, Venmo notified users that money credited to their Venmo balances was available for transfer to an external account, even though Venmo was still able to freeze or remove these funds. “Consumers suffered real harm when Venmo did not live up to the promises it made to users about the availability of their money,” said Acting FTC Chairman Maureen Ohlhausen.

Venmo also misrepresented its security levels, advertising “bank-grade security systems” as late as 2015, the FTC alleged — even though Venmo did not have a written information security program and that it did not notify users when their account credentials were changed, resulting in unauthorized access to accounts. Venmo, which famously allows users to share their payment activity as on a social network, also misled consumers about how they could limit who can view their transactions, the FTC said, and violated Gramm-Leach-Bliley Act requirements on protecting customer information and issuing privacy policy notices.