Venmo security: How to protect your account — and money — from thieves, hackers and snoops

Venmo security: How to protect your account — and money — from thieves, hackers and snoops
A man holds an iPhone with the Venmo app open. YouTube
A man holds an iPhone with the Venmo app open. YouTube

Phone apps help you with everything from saving money to tracking your period. Sure, they make life super convenient, but they also make all that personal information vulnerable to hackers and fraudsters. 

Take the payment app Venmo, which makes sending and requesting money between friends easy.  

The drama surrounding White House press secretary Sean Spicer's Venmo account served as a potent reminder of the app's security shortcomings.

After podcast Who? Weekly found and tweeted Spicer's Venmo account on Monday, things got lit as hoards of Venmo-ers jumped on board and started charging Spicer for everything from mental health bills to gender wage gaps.

Here's the worst part: Even if Spicer had set the maximum privacy settings on his account, other users could still find his account by searching for his name. 

What's more — even if your account is set to private — anyone who has your phone number can use it to find your full name, simply by initiating a transaction. Bye, bye anonymity!

The company doesn't have any plans to update its privacy settings to allow users to go invisible, Venmo's head of corporate affairs and communications, Josh Criscoe, said in a phone interview.

"One of the key value propositions of Venmo is you can send money to friends and family if you have their phone number or email," Criscoe said. "It's one of the things that's made the app very popular — the ease of sending money."

Spicer's pain is our gain. While your Venmo account will never be 100% secure, the incident serves as a timely reminder to secure your account (and all the financial data stored on it) as tightly as possible to reduce the chance of fraud.

Here are seven steps you can take:

1. Create a super strong password and log out of the app when you're not using it.

It's always advisable to use a complex password for any online account, but that's especially true for a money app like Venmo.

That's because if someone gains access, they can also clean out any bank account that's linked to it.

So take a little time coming up with a strong password using a unique mnemonic device ("123456" and "password" are no good). And if you need help, use a password manager.

When you're finished paying back your friend for that beer, log out. That way, even if your phone gets stolen or someone accesses your computer without your permission — at least your money is still safe.

2.  Add two-step authentication.

You can add an extra layer of security to your weird password by setting up a pin number. Ordinarily, when you're logged on, the app will automatically take you to your account when you open it. 

But this additional security measure requires you to entire in a pin number every time you want to open it. 

3. Secure your phone (in addition to your Venmo account).

The best way to protect all the information on your phone is to make it as difficult as possible for someone to access it in the first place.  

Set up at least six digits — or an even longer passphrase — to open up your smartphone. While fingerprint IDs are good for iPhones, all a user has to do is turn your phone on and off to gain access with your regular passcode instead. So choose it wisely.

4. Set your account to private!

On the Venmo phone app, go to "settings," then "privacy and sharing" to check your settings. 

A screenshot of the Venmo mobile app's privacy settings.
A screenshot of the Venmo mobile app's privacy settings. Venmo

While you can't make yourself completely invisible to other users, you can make all your transactions private — so no one knows how much you spent on bottle service for your best friend's birthday the other week.

5. Link your account to a credit card — not a debit card or bank account.

If worse comes to worst and your account is hacked, it's better for crooks to have access to your credit card than your bank account. 

First off, credit card customers almost always have zero liability for fraud

Secondly, you could really get screwed if someone wipes out your bank account — the ramifications are more immediate than a $2,000 charge on your credit card, which you can dispute: and you'll never owe more than $50.

Pro tip: If you need to connect to your bank account to transfer your Venmo balance in, just disconnect as soon as it's done.

6. Double-check you're sending money to the right person.

Some fraudsters might try and imitate your friends' handles or account names, so confirm with your friend that you're sending money to the exact correct account before you hit the final payment button.

The easiest way is to ask for their username. Or, you could send a token amount — say, a penny — and ask if they got it, before paying your whole half of the hotel bill for that crazy bachelor party.

7. Regularly check account activity — and use notifications.

Check what's going on with your account regularly to make sure there are no weird transactions going on that you didn't know about.

It would also be prudent to maximize the number of notifications you get whenever there's any activity associated with your account, so you know the minute something dodgy is happening. 

"Safety and privacy is one of our highest priorities," Criscoe added. "That is our bread and butter — if people don't feel safe, they're not going to use the app."

These seven steps should help make you feel a little safer. 

Feb. 9, 2017, 8:07 a.m. Eastern: This story has been updated.

Sign up for The Payoff — your weekly crash course on how to live your best financial life. Additionally, for all your burning money questions, check out Mic’s creditsavingscareerinvesting and health care hubs for more information — that pays off.