Maybe I’m just a dumb millennial, but I’m going to keep using Venmo

Venmo, a mobile payment app popular among college students and recent grads, has security holes “you could drive a truck through,” according to an article posted on Slate this week. The report was largely based on one man’s story about how a grifter was able to steal $2850 from his account before he was ultimately reimbursed.

The fact that Venmo doesn’t offer two-factor authentication is indefensible, so I won’t defend it. But I’m also not going to delete the app off my phone and cancel my account.

Still using venmo

In fact, I used Venmo last night — as I do fairly often — to reimburse my girlfriend for a magazine she bought for me because I didn’t have cash and it was the easiest way to pay her back. (Ostensibly I wanted the March issue of Vogue for the Apple Watch spread, but I was most interested in the cover story about Taylor Swift and Karly Kloss.)

I’m not going to stop using Venmo because its security is actually appropriate for the service it provides. In fact, I think it’s much more likely that my insecure magnetic credit card will get swiped by an ATM skimmer or through a security breach at a store like Home Depot. It’s simply not worth giving up Venmo’s convenience. And based on the number of transactions I saw in my Venmo social feed from last night, my friends agree.

Sure, Venmo might not have FDIC or credit card consumer protections, but it is legally required to help its customers recover funds from unauthorized transfers. One of the scariest details in the Slate story is that you have two business days under Venmo policy to contact the company after you spot fraud in order to limit your liability to $50 — even if the fraudsters stole close to $3000 (Venmo’s monthly limit.) After that, you could lose up to $500.

But those scary-sounding consumer protections aren’t exclusively Venmo policy — they stem from federal policy that covers unauthorized transfers for debit cards as well as smartphone transaction services like PayPal and Chase QuickPay. It is likely no different than what your bank offers for electronic transfers.

From the Federal Reserve’s regulation E:

Reg E unauthorized transfers

Plus, it’s in Venmo’s interest to make sure its customers aren’t paying for fraudulent charges. Fraud is not part of its business model — in fact, fraud almost certainly leads to Venmo losing money, either because it has to pay or through bad PR. (If you’re a Venmo user who has had thousands of dollars stolen from you and you haven’t been made whole, I’d love to talk to you. Email me.)

Here’s the statement Venmo gave me:

At Venmo, our most important job is to protect our customers and provide a safe experience. We are continuously improving product and security measures but there is always more to do. We have teams dedicated to fraud prevention, customer support, and operations working tirelessly behind the scenes, and we always guarantee our users’ funds. Our customers put their trust in us and we take that responsibility seriously.

Just this morning, I changed the password on my account and immediately got an email from Venmo alerting me to the changes. It’s not perfect: A request to change email ended up sending a message requesting I verify the new email address, but nothing to my old one saying it had been changed.

One real issue is that Venmo’s support line is an email address and it doesn’t get back to customers quickly. Venmo clearly needs to improve that, but the fact that it doesn’t offer a phone line actually seems like a good thing to me, because it means a slick social engineer can’t get a call center employee on the line and sweet-talk him into giving up personal information.

Ultimately, I’m going to keep using Venmo for a few reasons:

  1. All my friends are already using it. If I’m trying to pay someone back for, say, a beer at a bar, I usually don’t need to ask her to download an app.
  2. It works and it’s easy — I’ve made hundreds of transactions and I haven’t had a problem yet. If I do, I feel confident in predicting that Venmo will eventually make it right.
  3. When you link it to a bank account, it’s free to both pay people and cash out.

If you’re really worried about security, you can unlink your bank account, as some of my colleagues have done. I added a PIN to my Venmo app — locking it with my fingerprint on my iPhone — but that seems superfluous because you need my PIN to get access to the phone’s contents in the first place. And when Venmo introduces two-factor authentication, I’m going to turn that on too. But I’m going to keep using Venmo, and frankly, I’m going to keep publicly posting many of my transactions.*

*For the record, I’ve labeled many Venmo memos as “drugs,” but never actually for a transaction that included drugs.

5:40PM: This article has been corrected to clarify the emails that Venmo sends when account settings are changed.

Obama touts fast networks, cyber security in State of the Union

Some familiar tech topics turned up in President Obama’s annual State of the Union address on Tuesday, including a pledge to build “the fastest internet” and the need to ensure hackers can’t “shut down our networks [or] steal our trade secrets.”

This year’s speech, which focused heavily on themes of education and the middle-class, also included shout-outs to four Silicon Valley companies — [company]Google[/company], [company]eBay[/company] and [company]Tesla[/company] and [company]Facebook[/company]’s Instagram — while praising America’s advances in solar and wind energy.

Obama also emphasized the need for more broadband in building the economy:

I intend to protect a free and open internet, extend its reach to every classroom, and every community, and help folks build the fastest networks, so that the next generation of digital innovators and entrepreneurs have the platform to keep reshaping our world.

An online version of the speech also included a graphic that hit a tech trifecta of open internet, crowd-funding and solar energy:

SOTU image

(Close observers of the net neutrality debate may note, however, that Obama’s speech did not repeat his call last year for the FCC to employ a common carrier law called Title II to ensure net neutrality.)

At a time when cyber security and surveillance remain front and center in light of the Sony attacks and ongoing Snowden revelations, Obama delivered what was perhaps a mixed message. On one hand, he called for tighter security and new laws to protect privacy:

We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information [..]

As Americans, we cherish our civil liberties?—?and we need to uphold that commitment if we want maximum cooperation from other countries and industry in our fight against terrorist networks. So while some have moved on from the debates over our surveillance programs, I haven’t. As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse. And next month, we’ll issue a report on how we’re keeping our promise to keep our country safe while strengthening privacy.

But on the other hand, the President did not address his government’s controversial policies to undermine encryption (which offers the best guarantee of privacy and security), and nor did he speak to the ongoing legal challenges to the NSA’s collection of meta-data and internet communications.

Another tech issue that failed to make the cut was patent reform legislation, which the President said in last year’s speech was needed to ensure companies could “stay focused on innovation, not costly, needless litigation.”

And while Obama did address drones, which are a hot topic for the tech sector, he only did so in terms of civil liberties, claiming the government has “worked to make sure our use of new technology like drones is properly constrained.”

Ultimately, the most memorable tech aspect of the speech may turn out to be how the White House delivered it: instead of following the past practice of issuing copies to favorite media outlets, the Administration posted it to the buzzy publishing platform Medium before Obama even delivered it, and invited the public to follow along and “tweet favorite lines.”

eBay open sources a big, fast SQL-on-Hadoop database

eBay has open sourced a database technology, called Kylin, that takes advantage of distributed processing and the HBase data store in order to return faster results for SQL queries over Hadoop data.

How to bring eBay’s infrastructure to every company

Pivotal’s new SVP of R&D Hugh Williams came on the Structure Show podcast this week to talk about the promise of big data and how he thinks his new employer is poised to deliver on it. But, he notes, there’s still work to do.