Monday, March 9, 2015

Venmo Announces Fixes To Security Holes

After a damning report, the mobile payment company said today it will step up its security game. Two-factor authentication is coming “soon,” along with other important updates.



Venmo / Via Matthew Zeitlin


The popular payments and money transfer app Venmo announced a number of security changes today, following an article detailing how its approach to security left its customers vulnerable to having their accounts being taken over without their knowledge.


In a blog post, the company's general manager Michael Vaughan said that anytime a user's email address is changed—often the first step taken by hackers after gaining access to an account—the user will receive a notification to both their old email and the new one. There will also be email notification for passwords and phone number changes.


The absence of such notifications was the subject of a Slate report that detailed the aftermath of a hack of one user and the shortcoming's of Venmo's security practices. Venmo did not substantively comment on the report, which lead to a wave of discontent with Venmo and users saying they would disconnect their bank accounts from the service.



Venmo's general manager Mike Vaughan is yet to respond to a request for an interview / money from BuzzFeed News.


Venmo / Via Matthew Zeitlin


Another security flawed detailed by the Slate piece was Venmo's lack of two-factor authentication, which major tech companies like Facebook and Google heavily encourage their users to activate. Two-factor systems typically require users to enter a passcode sent by text message to their phone before logging in from a new or untrusted device, or making significant account changes.


"We'll also be rolling out multifactor authentication (MFA) in the coming weeks, among other product features, to further enhance user security and experience," Vaughan wrote in the post today.


The Slate piece also detailed slow responses to urgent help requests submitted to its customer service channels in the case of hacks and thefts. "Additionally, we're working to be more responsive to your support inquiries," Vaughan wrote today. "We've made significant progress and will continue to improve in this area."


Venmo, which is part of currently owned by eBay, will be one of the more public and visible components of its parent company PayPal when it is spun off from eBay later this year. John Donahoe, the chief executive officer of eBay, recently said on an earnings call with analysts that Venmo was "on fire."




View Entire List ›




via IFTTT

No comments:

Post a Comment