Venmo has been billed the payment app for millenials, and is known for making the most awkward part of the night (splitting the bill) a little more bearable. It’s also one of the most popular apps in the “peer-to-peer” (P2P) payments space.

Founded in 2009, Venmo began as a payment system through text message. Then, to capitalize on the growing P2P economy, the company introduced a platform with its own integrated social network in March 2012. It caught on quickly, and less than six months later Braintree (the payment system for apps including Airbnb and Uber) acquired Venmo for $26.2 million. Less than a year after that, the payment tycoon PayPal Holdings Inc. bought Braintree for $800M.

In 2018, Paypal has started to monetize Venmo’s user base. This is good news for the company. However, Venmo is far from out of the woods, facing security concerns and mounting competition. And in a crowded marketplace, security concerns can be all the more damning.

Here, we take a look at Venmo: how it works, how they make money, security concerns and competition in the industry.

How Does Venmo Work?

The Technical Side

It’s pretty simple, actually. By linking a credit card, debit card or checking account to their Venmo account, Venmo users can exchange funds with each other, and send each other charges. Funds exchanged on Venmo can either be stored in the on-platform Venmo balance for later use on the platform, or cashed out to a bank account, which takes a few days to process. Like WePay and other payment platforms, Venmo has an application programming interface that allows websites and businesses to add Venmo to their payment services.

Venmo can be understood as a middleman between the bank accounts of its users. When you use Venmo to send money to a friend, it doesn’t go directly to your friend’s bank account. First, it goes to Venmo. The app then lowers your Venmo balance and raises your friend’s balance to reflect the payment. However, the money doesn’t actually leave your bank account until your friend transfers his Venmo balance to his bank account. This means that you and your friend can send money back and forth on Venmo without either of your bank account balances ever actually changing - only your Venmo balances will.

So, a user’s Venmo balance is a ledger that only represents funds and transactions, without actually executing them outside of Venmo’s platform.

Generally speaking, your balance on Venmo is essentially “fake” money - until it is transferred to a bank, it isn’t actually in the possession of the user. This is a little different when using a Venmo debit card, but we’ll get to that a bit later.

The Social Side

Ok, but, there’s only so many ways a P2P application can work. So the question becomes, how has Venmo differentiated itself.

That really comes down to target demographics, and the user experience, which go hand in hand.

Venmo has taken something awkward -the money owed between friends (millenials)- and turned it into a conversation. “Sending your friends a note and including an emoji [like a wine glass or a winged stack of cash] takes the awkwardness out of asking your friend to pay back their portion of the bar tab last night,” said Venmo spokesman Josh Criscoe in an interview with Moneyish. He continued, “Venmo has married the social element and the financial element, which no one else has been able to crack.”

How Does Venmo Make Money?

For the most part, Venmo is a free-to-use platform. While most free-to-use platforms turn to advertisements for revenue, Venmo has managed to avoid this route.

Instead, while Venmo is mostly free-to-use for individuals, the company does generate revenue through fees levied on merchants.

According to Venmo’s website, sending money using Venmo comes with a standard 3% fee, but the company waives that fee when you fund the transaction with your Venmo balance, a bank account, or a debit card. There is a 3% fee that is not waived for payments by credit card. According to Venmo’s website, however, this fee originates with the credit card companies. Venmo is simply passing the cost onto consumers.

Transferring money out of Venmo is a bit different. While standard transfers (which take 1-3 business days) are free, in January, the company added a $0.25 fee is deducted from the transfer amount for Instant Transfers, which transfers money to your account in as little as 10 minutes. On November 6 this will change, though, and 1% of the transfer amount (minimum fee $0.25, maximum fee $10) will be deducted from the transfer amount for Instant Transfers.

Venmo’s more significant revenue stream comes from charging merchants a per-transaction fee. Believe it or not, Venmo’s social media feed plays a large role here. Thanks to Paypal’s infrastructure, Venmo is now compatible with over 2 million merchants, almost as many as PayPal itself. This compatibility comes in two forms.

The first is a “smart payment button” that can be integrated into apps as a payment method for in-app purchases. For instance, In July 2018, Uber announced that it was adding a service to its mobile app that will allow users to use Venmo to pay for rides and Uber Eats, without leaving the Uber app. The money can be drawn from the in-app Venmo balance, an associated debit or credit card, or a linked bank account. Additionally, the cost of the ride or food can be split with other users.

The second is a debit card, the “Venmo card,” which draws directly from a user’s Venmo balance. This card operates through Mastercard and can be used at any business that accepts Mastercard.

This move has helped Venmo pivot from an exclusively social P2P platform to a company involved at points of sale, too, both online and at brick and mortar stores. In an interview with Digiday, Javelin Strategy and Research analyst Rachel Huber said, “a card familiarizes [Venmo’s] brand with merchants as a payment mechanism - and merchants are going to be the biggest factor in Venmo achieving profitability. Think marketing and loyalty tie-ins, integration fees, and promotional deals.”

In both of these cases, Venmo charges merchants a 2.9% +$0.30 transaction fee, which is at the higher end of fees charged.

Venmo justifies these rates in a couple ways. Also according to Huber, “Venmo has access to an extremely desirable consumer segment - expect them to use that to their advantage.” But it isn’t just their consumer demographics, it’s also the kind of access they have to them.

In an interview with The Atlantic, Richard Crone, who runs a payments focused firm called Crone Consulting, said “You walk into any retailer, any restaurant, any service provider - what do they want you to do? Like them on Facebook, follow them on Twitter.” Partnering with Venmo, he said, is like partnering with a credit-card processor, “but with much more upside, because the retailers spend far more trying to get you to like them on Facebook and follow them on Twitter and all these other things that they could just get as a byproduct of the payment.” People can see where their friends have been and what they’ve been buying. It turns the user, and people’s friends, into advertisements for businesses, among a highly desirable target demographic.

This is just the beginning of the value Venmo offers, too. According to the same Atlantic article, “the other more lucrative aspect of becoming merchants’ preferred means of payment is access to information about where customers are spending their money.” Crone says “the real value is in the data, and the ability to render  customized ads and offers, and generate a revenue stream from that.” Crone Consulting has estimated that the data of an active user’s mobile payments is “worth more than $400 per year in revenue, to whoever does it.” Venmo has a lot of users (Verto Analytics estimates about 10 million). 

Currently, this data is recorded by the companies facilitating the transaction, so, banks and credit card companies. However, if users start using Venmo instead of their credit cards at points of sale, the information will only show up to the banks as a transaction that occurred in Venmo. That probably has something to do with Venmo’s mounting competition, but we’ll get to that in a second.

While it’s hard to ascertain Venmo’s revenue exactly, it’s adding users faster than ever, and is processing more money every quarter. In the first quarter of 2018, it processed $12 billion in volume, up 80% from a year earlier. PayPal, however, reported $13.1 billion in revenue for 2017.

Is Venmo Safe?

Nothing connected to the Internet is completely safe. Therefore, applications that are directly linked to consumer’s bank accounts, like Venmo, must be held to the highest security standards.

Venmo uses data encryption to protect users against unauthorized transactions, and stores user information on servers in secure locations. Venmo also allows users to set up a PIN code for mobile application use for additional security, though it does not compel users to set one up, by default. These measures may seem sufficient at first glance, but they have been bypassed by hackers and scammers. Venmo has been repeatedly criticized for security breaches of user accounts and painfully slow customer service.

While Venmo’s security, encryption and liabilities insurance ostensibly protect users from losses, they are easy for hackers to circumvent. Once they have gained access to a user’s account, hackers can easily change passwords, linked email addresses and bank accounts unbeknownst to the legitimate user. This allows the hacker to make transactions on the user's account and transfer the user’s Venmo balance to a new bank account. By changing the user’s linked email address, the hacker can reroute the user’s transaction notifications, leaving him in the dark until his bank notifies him of a change in his balance, which can be days after the theft. Stories of Venmo users losing up to $3,000 have been widely reported.

Venmo’s use of text messages (SMS) to notify users of a charge, presents another security risk. Users can authorize a charge by replying to an SMS they receive from Venmo with a six-digit code included in the original message. By exploiting security weaknesses in operating systems that Venmo must interact with to send its notifications, like iOS, Apple’s mobile operating system, researcher Martin Vigo was able to use Venmo’s SMS notifications to make unauthorized payments. As far as hacks go, Vigo’s method is relatively easy to execute. Thus, it is no surprise that hacked Venmo accounts are a regular occurrence. Popular online forums like Reddit are filled with posts from users asking for help after of their Venmo accounts have been hacked. Losses can be as high as $2,999, the maximum amount one can have in their Venmo balance before transferring off of the platform.

All this being said, users can protect themselves from hacking by following some best practices. These include:

  • Never store large amounts of money in your Venmo balance. Always transfer Venmo transactions to your bank account right away.

  • Only use Venmo to exchange funds with people you actually know. Do not use Venmo to purchase things from individuals you have never met, or have met online.

  • Opt out of Venmo’s social network. The default setting for a new Venmo account is “public,” meaning Venmo will publish your transactions onto its public feed. Users can change this setting to “private,” which keeps their transactions hidden.

  • Turn on your notifications - Push, Text, Email, or some combination of them - in order to keep track of login attempts, requests and payments received, and requests and payments sent.

  • Set up available security measures, like a PIN and Touch ID.

As consumers continue to embrace digital alternatives to payments by cash and check, user confidence in the security of P2P payments must increase. The Federal Trade Commission provides consumers with protection policies to losses incurred from debit or credit card theft. These laws, on top of company policies, protect the consumer from unauthorized charges. Additionally, emerging markets have the potential for adopting mobile payment systems, specifically in the realm of remittances. This increases the need for greater security in P2P, as an unsecured, globally integrated payment system could have damaging ramifications. Unfortunately, mobile payment platforms remain vulnerable to Internet-related security breaches.

It’s worth noting, too, that in May 2016, Texas Attorney General Ken Paxton announced a settlement with Paypal Inc. regarding Venmo’s practices relating to privacy, safety and security. The settlement included a $175,000 payment to the state of Texas, as well as reforms of these practices.

Then, in March 2018, Venmo reached a settlement with the Federal Trade Commission. According to a press release from the commission, the settlement was regarding the company’s failure to disclose information to consumers about the ability to transfer funds and privacy settings. The FTC also found the company in violation of the Gramm-Leach-Bliley Act’s Safeguards Rule “which requires financial institutions to implement safeguards to protect the security, confidentiality and integrity of customer information,” and Privacy Rule, “which requires financial institutions to deliver privacy notices to consumers.”

Venmo was required to obtain biennial, third-party assessments of its compliance with the terms of the settlement for the next 10 years. Violations of these terms could result in a civil penalty up to $41,484, each.

So, while the company’s record on security, privacy and disclosure is far from perfect, there do seem to be some institutional and legal measures in place to address these shortcomings.

P2P Payment Industry

The P2P economy has huge opportunities for growth, and mobile P2P payments is the fastest growing sector of this industry. According to estimates from eMarketer, in 2017, the US P2P mobile payment transaction value was $120 billion, and will double to $240 billion by 2018. Those same estimates see the US P2P mobile payment transaction value increasing roughly 30%, from 2017-2018, $120 billion to $156 billion.

Tech companies and banks are racing to penetrate the P2P market. Square, a P2P company started by Jack Dorsey, a co-founder of Twitter, turned down a $3 billion deal with Apple. Apple went on to release Apple Pay. Other tech titans like Alphabet Inc., Facebook Inc., and even Snap Inc, have penetrated the mobile payments market as well. Facebook has incorporated a money transfer service into Facebook Messenger, allowing users to link debit cards and transfer money as easily as sending a text. On Snapchat, users can simply type a dollar sign and the amount in the chat feature, confirm, and money will be sent from the debit card provided. 

Banks are also hopping on the P2P train. Zelle, a P2P payment app that launched in the summer of 2017, is owned by seven major banks: Bank of America, BB&T, Capital One, JPMorgan Chase, PNC Bank, US Bank and Wells Fargo. This is significant because it allows users to transfer money directly between bank accounts, without having to send money through an intermediary. This reduces the risk of P2P transactions.

The Bottom Line

Needless to say, it’s a saturated and highly competitive marketplace. While Venmo is one of the most successful P2P payment applications, staying in a dominant market player depends on successful expansion, namely by making a play for more traditional transactions at points of sale.

Muscling into that space shouldn’t be hard, especially on the back of a robust consumer segment that the company will use to its advantage. From here it can grow the revenue streams beyond the transactions themselves to partnerships and promotional deals, leveraging its social feed as a form of marketing to entice users. Moving into that space, Venmo would also be sitting on a goldmine of user data that it could look to potentially monetize. For now, though, the company is investing (somewhat paradoxically) in the security, confidentiality and privacy of its users’ information.

In spite of these challenges, Venmo looks well positioned to compete in the payments business in the near future.