Why is Venmo asking you to verify your identity? | #phishing | #scams


Has Venmo recently asked you to verify your identity with your social security number, home address, and a government-issued ID? If so, you aren’t alone. Though the Venmo customer identification program first started in 2019, the company appears to have been progressively ramping up its efforts to verify users since the spring.

If you’re security-conscious, getting this request might send up a red flag with you: Why would Venmo require me to verify my identity all of a sudden?

We have part of the answer: Because Venmo is a money transfer service regulated by the federal government, it is required by the USA PATRIOT Act to implement a Customer Identification Program to verify the identities of users making transactions. As to why it’s happening now—that’s not clear. Venmo didn’t respond to requests for more information, but the increase in verification requests is clear anecdotally. If you’re asked to confirm your identity, you must go to the Venmo app in order to input this information, or you will no longer be able to use your Venmo balance to keep and send money received in the app. (If you don’t verify your identity, you can still use the app—you just can’t hold a balance in it.)

The calls for additional personal information from Venmo have been met with skepticism from users worried that the emails from Venmo may be a scam or, if real, could expose important personal information to bad actors.

The irony is that Venmo—which has confirmed that emails asking for a social security number are legitimate—is doing this because cash apps are often used to scam users out of money with tactics like phishing or smishing. Asking users to further verify their identity could help put a stop to these practices by limiting the use of fraudulent accounts.

Completing the process through the Venmo app can help keep you safe. Still, there’s a legitimate risk associated with sharing any personal information online, especially information as important as a social security number.

“There are many different ways that people could go about identifying themselves. … [G]iving over personal data such as a social security number is, I believe, bad practice,” said Shira Rubinoff, the chief strategy officer for HeraSoft, a company that makes ransomware-proof software. “In the end, you’re just giving over information that can be grabbed by a bad actor.”

Even if users aren’t the primary targets of an attack, having sensitive information like a social security number stored by a company or organization like Venmo can still be dangerous because of the risk of data breaches, says Eva Velasquez, the CEO of the ID Theft Center, a nonprofit dedicated to providing victims of identity crime free assistance. Still, “identity authentication and verification is really an important step that has to be taken to stem all of the identity crimes that are out there,” Velasquez points out. “So, we encourage people that if it is a legitimate and known vendor that you’re choosing to do business with, participate in identity verification processes, because that’s an important way to protect you.” Verifying your identity can make it harder for bad actors to execute these scams, simply because there are more steps needed to do so.

Under Venmo’s rules, users would still be able to pay or be paid without verifying their identity, but that money would go to and from a bank account or credit card rather than money stored in the Venmo account itself. According to experts, using Venmo under that limited functionality is not the worst idea.

“When it comes to payment apps, we actually encourage people to only keep the necessary amount in there for the transaction at the moment,” said Velasquez. “Because if your account is compromised, and you actually have dollars in there, then you’re risking the loss of those dollars, rather than having all of the protections from your credit card.”

So if you get a notice from Venmo: It’s legit, so long as you make sure it’s actually from Venmo. (The FTC has some good tips on identifying potential phishing emails.) But you may want to think about whether it’s worth verifying your identity anyway.

Future Tense
is a partnership of
Slate,
New America, and
Arizona State University
that examines emerging technologies, public policy, and society.





Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy three − sixty four =