Earlier this week, the Federal Trade Commission (“FTC”) announced a settlement with PayPal, Inc. over allegations that Venmo, a PayPal-owned mobile payment and social networking application, misled customers on issues relating to account transfers and privacy settings and enabled fraud through inadequate security practices.
Founded in 2009, Venmo lets users easily transfer money to one another and share information regarding such payments through a social network feed. From a user perspective, Venmo operates a lot like any other major social media network, letting users “pay” each other in the same way you “tag” a friend in an Instagram post. Thanks to its familiar social media-style interface and the ease with which it lets users split everyday expenses like bar tabs and rent payments, Venmo quickly became a favorite among millennials and college students.
According to the FTC, however, Venmo’s perceived simplicity was deceptive. In a complaint originally filed against Venmo-parent PayPal in 2016, the FTC alleged that Venmo’s notification policy misled consumers and constituted a “deceptive or unfair practice” under Section 5(a) of the Federal Trade Commission Act. Under the policy, Venmo notified users that funds were credited to their account before Venmo had reviewed and verified the underlying transaction. According to the complaint, this practice resulting in unexpected delays and reversals. It also created an ideal environment for fraud. By falsely conveying to sellers that transactions had cleared, scammers were able to buy goods and services with fake or fraudulent information, leaving sellers with nothing when the transactions were ultimately reversed.
The FTC further charged that Venmo misled consumers about the privacy of information about their transactions. Under the application’s default settings, whenever a user pays or is paid through the application, a description of the transaction and its participants is shared with all of the user’s “friends” in a social networking feed. While Venmo offers privacy settings that let users limit who can view their transactions, it failed to accurately explain to users how those privacy settings actually work.
Additional charges alleged that Venmo misrepresented the extent to which consumers’ accounts were protected by “bank grade security systems” and violated the Gramm-Leach-Bliley Act’s Safeguards and Privacy Rules.
“This case sends a strong message that financial institutions like Venmo need to focus on privacy and security from day one,” acting FTC chairman Maureen Ohlhausen said in a statement. “Consumers suffered real harm when Venmo did not live up to the promises it made to users about the availability of their money.”
For businesses dealing directly with consumers, this case underscores the importance of taking your duty to educate consumers about your product seriously, especially when it comes to how customer information will be used. Such businesses should regularly review disclosures and other consumer-facing messages to ensure they are not only accurate but also consistent with reasonable consumer expectations. And whenever costumers are given options as to how their information will be used, make sure those options are clearly conveyed and, perhaps most importantly, honor their choices.