
It’s Easy to Get Scammed on Venmo - podingx
http://www.slate.com/articles/business/moneybox/2015/09/venmo_scam_and_fraud_why_it_s_easy_to_get_ripped_off_through_the_mobile.single.html
======
mintplant
> Finally on Jan. 22, from Eran Kimchi, Venmo’s head of fraud, whom Movassaghi
> emailed directly in a final attempt to recover his money and alert the
> company to what he saw as a dangerous and pervasive scam: “Venmo has a
> complete understanding of the scam plot you fell victim to … there is
> nothing Venmo can do to comfort you. … You made an innocent mistake, and you
> paid for it.”

That's certainly one way of dealing with your customers. Remind me not to
touch Venmo again in the future.

~~~
RickS
The ellipses scattered through that quote hint that it's been sliced together
from a larger statement to make the guy look more tone deaf.

------
yason
If I understood correctly, the whole damn scam is only possible because this
Venmo's terms of service prohibit something called "merchant transactions" and
allow for reversing or cancelling transfers if they deem or someone reports a
payment to fall in "merchant" category?

If so, then the problem is only a completely artificial one and made of mere
policy decisions. Venmo could just act as a blind intermediary, no questions
asked, completing any transactions once both parties have verified their
intention to transfer money.

That's generally how banks work for at least any reasonable sums of money: I
can send or receive thousands of euros to whoever and from whoever without
worrying that the transfers might be cancelled by some vague policy. With tens
of thousands, I'd have to ask my bank to lift the daily transfer cap
beforehand, but still no questions asked. I assume that it goes in a
relatively similar way in the USA.

Thus, any mobile money transfer service ought to be at least as trustworthy as
that. There needs to be a point where the transaction is either complete or
discarded, after which both parties can trust it. The service also shouldn't
discriminate, it shouldn't matter if it's a private transfer or a merchant
transfer. If they want the money they could sell transaction history imports
for bookkeeping at a higher price to merchants or something.

Venmo could still do their instant transfer magic and add value there, but
them considering whether a transfer is ok or not is akin to an internet
service provider who would want to consider which web pages I can view before
letting me download them.

~~~
reality_czech
Banks don't work the way you think, at least in the US. ACH transfers are slow
(take a few days to complete), and often expensive. Up until 5 days later,
they can be reversed even after both banks agree that they've happend if the
sender decides that the payment was "erroneous."

The government can and does impose "some vague policy" on what you can and
can't do with your money. If they decide that you have been "structuring" your
payments to avoid triggering various reports being generated, that is
considered a crime. So making several payments of 9,000 might be illegal even
if you've done nothing wrong (you should have done 11,000 so that all the
reports could be generated, didn't you know?)

Oh and by the way people can just take money from your account via ACH
transfer if they have the correct numbers. You won't get any kind of
confirmation, the bank just assumes that nobody would be unwise enough to make
an ACH transfer without the consent of the other party. The US generally
believes in insecure infrastructure and the 500-pound surveillance and police
gorilla to keep everyone in line. It works surprisingly well, to be honest.

~~~
yason
_Oh and by the way people can just take money from your account via ACH
transfer if they have the correct numbers._

Is the ACH an internal network between banks or something that regular people
could use, either directly online or by dropping wiring orders to some box in
the bank? If the latter, it sounds so crazy I almost don't believe it. Where
is ACH used and who actually uses it if it implies that your money could be
just taken away by someone who knows your account number (and hopefully some
other information that you wouldn't normally share anywhere) ?

~~~
mukyu
[http://engineering.zenpayroll.com/how-ach-works-a-
developer-...](http://engineering.zenpayroll.com/how-ach-works-a-developer-
perspective-part-1/)

------
girvo
What I find interesting is that I don't know anyone here in Australia that
uses these payment platforms. I wonder if that's because bank-to-bank
transfers are so quick and easy these days? Most of the big banks even have
ways of sending _cash_ to other people, to withdraw from any of that bank's
ATMs with a code and no card.

Anyway, the issue Venmo has here is similar to what banks also have to deal
with: in theory you can reverse a transaction before it's cleared when sending
money between accounts. That said, it's quite a bit more difficult I'd assume,
and perhaps a lot of people who would otherwise be happy with scamming those
out of money on third-party systems would think twice about doing so when a
bank is involved. Interesting stuff, and it seems most startups who try and
break into these sorts of markets have to learn all the hard lessons the big
companies did years ago, which sucks for consumers. On the other hand, the
incumbents are usually so slow moving and painful, I applaud those who attempt
it.

~~~
jakobegger
Same here in Austria. Bank transfers are free and instantaneous between
customers of the same bank, and take one business day to other banks. And they
are irreversible.

Nobody needs to use something like Venmo here.

~~~
randyrand
But how to you get their ID? Venmo uses phone numbers/facebook which is why
it's so easy.

In America you need a ~20 digit account and routing number and even then Im
not sure how to do it through my bank.

~~~
jakobegger
You use the IBAN (International Bank Account Number), which is a 20 digit
number that you find on your bank card (it's similar to a credit card number).

Sure, you can't just transfer money to someone's facebook account, but I guess
that the inconvenience of having to ask people for their bank account number
before you can send them money isn't really that big of a deal.

Especially considering that we are used to paying everything by bank transfer.
Things like rent, utilities, parking tickets... any time you get a bill,
there's a bank account number on it that you need to transfer the money to.
And you just pay it online using the bank's website.

(For paying recurring bills, you can also grant a company permission for
"direct debit" for your account, so you don't need to do anything. It sounds
risky, but I've never had any fraudulent charges on my account)

------
M2Ys4U
>In summer 2012, Venmo was acquired by online payments platform Braintree,
which was in turn bought out by PayPal in the fall of 2013.

Ah, that explains it. PayPal is a company that has no problems with stealing
money from its own customers, so it's no surprise that they're perfectly happy
being complicit in fraud.

------
siliconc0w
Basically - "We'd rather prioritize growth than fraud protection so we make it
your problem."

------
mckiddy
Silicon Valley egos at their finest: "Use our product so we can make billions
of dollars, but fuck you otherwise." I use venmo with friends because of their
network effect and it's convenient, but it sounds like internally they're a
pretty shitty company to deal with.

------
martin1975
I'm curious if the folk who got scammed w/the e-ticket sales could have waited
until the funds are literally in their bank account before they emailed them
the tickets. Surely, it is a helluva lot easier to reverse some Venmo balance
than it is for Venmo to pull money out of your bank account, so that they can
refund a scammer.

I've never touched Venmo and now after this, never will touch Venmo and will
make sure everyone who suggests it, read this prior to using it.

~~~
josegonzalez
No, not really. The scammer can use a stolen Amex card to send payments. When
the card is reported stolen and charges reversed, that goes all the way back
to the user's bank account.

Would be silly of Venmo to do otherwise, as that would be an easy way for them
to go out of business.

~~~
repomies691
But why would the bank reverse the transaction? From venmo viewpoint it is
quite clear why they would want to reverse it, because they have changed the
credit to actual funds. However the bank probably would want to protect their
customer, and instead let venmo to take the hit.

~~~
FireBeyond
The bank would reverse it because it's unauthorized to their customer. Put the
onus on the merchant.

------
tluyben2
Doesn't surprise me that they are owned by Paypal; I know many who have been
scammed on Paypal and they have the same kind of nice and friendly policy; 'we
don't care, kthnxbye'. I understand they cannot be in business if they
wouldn't work like that, however why do they need to be bastards about it?
Even if they cannot do anything to help you, they could be sorry for you or at
least show some kind of humanity.

Also they don't really seem to work on fraud cases, at least not as far as I
can discover; a friend who ran a website selling digital goods (but unique
goods so he actually had to buy each himself so fraud was costing him money,
not only making him less revenue like it could be if it was software or an
ebook) was scammed by the same user a number of times and sure, Paypal cannot
give my friend his money but it was very clear this user was a scammer,
especially after doing it to one company a number of times and probably to
more companies as well...

This seems the same case; if they see this scam happening, why do they still
refund? They know it's a scam; that weird remark from Eran Kimchi even says
so. So why not screw the scammer instead? The seller always ends up screwed
with Paypal. No difference here.

~~~
fapjacks
These days I consider PayPal to be about as scummy as Western Union. If I can
help it, I don't touch them with a ten foot pole.

------
bullfightonmars
Wow. This sounds like a terrible user experience.

Transactions in the US banking system aren't instant, so they fake the
transactions and pretend like you actually received them. Then when the actual
transaction fails, oops you're out of luck.

------
an_account
I a big fan of venmo, but it's crazy that they don't make it clear that your
venmo balance can we reversed. There should be a "pending balance."

Also they should make it more clear about which types of payments are
acceptable (though this is more of a complaint about TOS in general).

~~~
RussianCow
That's a problem with PayPal in general. I got scammed once because someone
paid for something of mine with a stolen account, and the money was removed
from my account almost two months after the transaction. I was rather alarmed,
because it was long past the date after which I could deposit the money into
my bank account, so I assumed by then that it was "safe".

------
Cshelton
Wow, I use Venmo all the time, never even thought the TOS would have something
like this in it. Now I only use it among friends I know well. And any
craigslist type transaction I've always done strictly with cash only. But this
is definitely good to know though. Venmo needs to make this clear and make the
reversal process much more involved, it seems it'd be really easy to pull this
scam off.

------
forrestthewoods
Not sure I know enough to call Venmo unethical in their behavior. But there's
definitely more than a few red flags here.

~~~
vvpan
Well if you claim that something is a) instant and b) has already happened
when it hasn't - you are knowingly deceiving your customers to make it look
like you provide a service you really do not.

------
choppaface
Huh. So what happens (is supposed to happen) to merchants in the event of a
chargeback?

* Paypal purportedly credits sellers if the seller proves they shipped / sold something [1]

* Square does _not_ necessarily credit sellers and may pull funds from a bank account [1]. (May have changed since the article?)

* Visa protects merchants from fraud-related chargebacks if the online sale is "verified by Visa"[2]; if not, the merchant _may_ have to suffer the loss. In particular, if the card was physically present, the merchant seems to lose if they screw up any of the little details in the charging process.

* Amazon protects merchants if the transaction occurred according to their policy and the merchant can prove they shipped goods or delivered a service [3]. I imagine if you embed Amazon Payments into your site as it's intended and sell legal stuff, you're fully covered against fraudulent buyers.

So it looks like Venmo (and likely Snapcash) are unique in offering such
little fraud protection. Probably due to how their User Agreement works (i.e.
they're not meant for merchant selling at all). Also why they can offer no-
charge transfer services.

What's probably happened here is that these new services lack regulation and
thus have no requirement or incentive to inform users about the consequences
of chargebacks. I hate to say we need more regulation, but for Eran Kimchi
(Venmo head of fraud) to say "You made an innocent mistake, and you paid for
it" is not an acceptable outcome; Venmo is definitely guilty of negligence
here.

[1] [http://alexshvartsman.com/2014/02/11/screwed-by-
square/](http://alexshvartsman.com/2014/02/11/screwed-by-square/)

[2] page 82 [http://usa.visa.com/download/merchants/chargeback-
management...](http://usa.visa.com/download/merchants/chargeback-management-
guidelines-for-visa-merchants.pdf)

[3]
[https://payments.amazon.com/help?nodeId=73479#fdcp_how](https://payments.amazon.com/help?nodeId=73479#fdcp_how)

------
kin
While I do sympathize with the victims, Venmo protects sending money and so
I'm totally okay with their policies. The people involved in transactions
should be mutually trusted parties. Craigslist is a place where scams happen
all the time. This activity is possible on many platforms, not just Venmo.

They do however need to work on customer support and transparency, but that's
if what's being reported is even completely accurate. My entire network of
family, friends, and colleagues all use Venmo and none of us have had any
issues.

------
DatBear
>

Once you understand that, you can see why Venmo doesn’t want users to make
merchant transactions, by which it really means payments outside their
networks of close acquaintances. (“Merchant transactions,” Vaughan tells me,
“is sort of the catchall for the things that we can’t predefine.”) The
analogous real world example is that you wouldn't leave a pair of tickets in a
mailbox just because someone sent you a note promising to drop off an envelope
of cash at a later date.

Isn't that why you're using a PAYMENTS platform, and not a PROMISE NOTE
platform? When you receive or send a payment on a PAYMENTS platform, that's
not, and shouldn't be, equivalent to a note promising cash. It should be the
cash.

Since it's not, is it not fraudulent to say that it is and pass it off as
that?

------
meesles
I'm seeing a lot of Venmo bashing here, but I think it's a great service and
these people just used it wrong. Even with a 'merchant transaction', all you
had to do was click 'Withdraw' so that the money was on the way to your bank
account before sending the buyer whatever they got. I thought it was already
pretty clear that a Venmo balance isn't real money yet, it's just Venmo
showing you your potential balance if you want to withdraw.

I can see how they should make it more clear, but the people who got scammed
were also not very well informed.

~~~
astazangasta
The first guy did exactly this, got confirmation, and had the money reversed
out of his account.

------
pavlov
I was surprised to learn that PayPal has 16,000 employees! If I'd had to
guess, I would have said something around 1000.

I guess there is a lot of manual work involved in handling all those
transactions and fraud attempts.

~~~
thephyber
I'd wager that much of their workforce is engineering and integration support,
in addition to the redundancy they purchased by buying companies like
BrainTree.

Additionally, PayPal owns a massive amount of legacy code and APIs. There are
plenty of con talks where PayPal describes how they were mired down in
bureaucracy when updating a single line of code in Java (JSP) but managed to
flip that overhead on its head by running a NodeJS stack on top of the JSP
stack (and in some places replacing it).

------
cm2187
Can someone explain to me the value added of such a service vs simply making a
bank transfer from your bank's website?

~~~
kin
Making a bank transfer isn't 'simple', at least relative to Venmo. This is a
way of paying someone just like Paypal. Except, the UI is better and you can
hook up to Facebook. Because 'everyone' has it (at least w/ my group of
friends) it is very easy to pay each other for group events. I still intend on
using it despite the scam situations that people find themselves in.

~~~
cm2187
Well I need to set up a new account on that thing and give it my bank details.
Then my counterparties have to provide me with their ID on that app which is
pretty much the same as providing a bank account number. So I don't get the
convenience aspect.

I see the value of paypal, which is to create a screen between me and a dodgy
website which I am buying from. That website can't get my credit card number
and therefore take further payments. But when I am making a payment to someone
why should I need an app to protect me against fraud? So I don't get the
security aspect either.

~~~
kin
Here's my user flow. I sign up and connect w/ Facebook. I connect my bank
account. Separately, my friend who I rarely see does the same thing w/ his
Facebook account and bank account. A few months later we meet, I pay the full
check and he Venmo's me 20$ for the meal w/ a few taps on his phone. He
doesn't need to ask me anything. Because we're already Facebook friends, he
has access to send me money.

I have Bank of America. For the same transaction to happen I would need my
friend to sign into his bank account on a mobile phone, initiate a wire
transfer from his checking account to my checking account, which requires me
to provide him my checking account number and zipcode and full name.

And that's just a 1 on 1 transaction.

The most common use case is if I'm eating in a group of say... 6 people.
Instead of splitting the bill 6 ways which many restaurants won't allow one
person will front the bill. The rest of the group just "Venmo's" the person
who fronted the bill whatever they owe. No exchange of account numbers, no
asking for Paypal email address, none of that. The assumption is that everyone
has Venmo and everyone's connected on Facebook. As long as those 2 facts are
true (which is common for American millennials) the convenience is bar none.

~~~
onedev
I swear sometimes we need to step back and think about things from a general
consumer perspective and not one of the analytical early adopter.

Most people wouldn't remember a number like a checking account number nor do
they carry checks around with them. Venmo is simple and easy for them to send
money to friends without having to log into a bank's shoddily designed website
and figuring out how to transfer funds which is probably non-obvious in the
first place.

------
Animats
PayPal discovered early on that they're not really in the payments business,
they're in the security business. Handling problems costs PayPal more than
doing the money transfers. Although PayPal owns Venmo, that expertise doesn't
seem to have been transferred.

------
n0us
If I owe someone 20 bucks for dinner or something I don't mind using Venmo,
but who in their right mind would exchange thousands of dollars with strangers
over an app without considering the risks or consulting with their bank?

------
ryaneager
Square Cash is my go to over Venmo. Transactions are credited straight to your
debit card vs going to a balance and then having to cash out.

------
roel_v
How do they (=Venmo) not end up losing court cases over this?

------
mr_turtle
Venmo: You're SOL pal.

------
randyrand
This title (titled "Venmo Sammers" as of this comment) should be edited back
to the original.

~~~
dang
We shortened it because of the linkbait "you", or rather the even-more-
linkbait "you don't". Take that out and you get "Venmo Scammers Know
Something", which is redundant. Take out the redundancy and you get "Venmo
Scammers".

Suggestions for a better title are welcome, as always, but don't forget that
HN's rule is to use the original title _unless it is misleading or
linkbait_.([https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html))

~~~
pvg
_Their_ original title was "It's Shockingly Easy to Get Scammed on Venmo" (it
still pops up on google like that) but it seems they've decided 'shockingly'
alone is not baity enough. But it's a decent title without it. The article is
not so much about Venmo scammers but about how easy it is to get scammed on
Venmo and how Venmo isn't going to help you.

~~~
dang
Ok. That doesn't show up as a title to me, but it is a heading on the page, so
we'll use it. Without the "shockingly", obviously.

~~~
pvg
Oh they just changed it, for whatever shocking reason. But Google (and,
shockingly, every content-farm around) remember.

[http://i.imgur.com/OdLJRIy.png](http://i.imgur.com/OdLJRIy.png)

------
jay_kyburz
Do people really pay 5K to go see a single Basketball game.

~~~
qnaal
just $600 per, here

------
pbreit
I didnt have the patience to read to the end but it seemed poorly written. How
does the scam work exactly? Is it a technical loophole or something to do with
the quoted policy?

~~~
kin
Neither, really. You're technically not allowed to do business on Venmo. The
intended use case is to send money to people you trust. If someone sends money
they can always get that money back by claiming the recipient violated terms
or something.

~~~
pbreit
That's why I did not understand. Buying a ticket on Craigslist is business? Is
it supposed to only be used for people who know each other?

~~~
kin
The main use cases are for people who are Facebook friends. I really can't
fault Venmo too much here because they only deal w/ money. To me, they
technically did their job. They protected the people that send the money, not
the people who receive.

If you use this platform for potentially sketchy transactions, I'd say it's on
the user to protect themselves. When I sell anything on Craigslist, it's
always cash only. Even then, there are no guarantees.

