Payment service Venmo was criticized last month for lax security measures after one of its users had their account compromised and drained of almost $3,000. In response, the company has announced that it is beefing up security measures, introducing email notifications that will be sent out whenever a user's email address, password, or phone number changes, and implementing multi-factor authentication for user logins in the coming weeks.
The company issued an apology for the breach
A Slate report, published in February, told the story of a Venmo user whose account had been compromised. Because the company didn't notify users when login details were changed, the malicious individual was able to get into the account and drain it of almost $3,000 before the owner noticed the breach. Speaking shortly after the Slate article was published, Venmo CEO Bill Ready said that the company usually preferred to address fraud without alerting the user for experience reasons. "In many of these cases, we want to handle it seamlessly so we're working behind the scenes," he told The Verge, but he said that the the feedback was "valid," and that his team would take a look at changing their policy. Venmo also issued an apology on its blog after the article was published, but failed to explain why two- or multi-factor authentication wasn't standard.
The introduction of the new security measures show that the company has now taken the criticism on board. Venmo has grown rapidly — handling just under a billion dollars in the fourth quarter of 2014 — by enabling lightning-fast transactions between users on mobile devices. There's a worry that two-factor authentication might slow the process of sending money down, but as Slate's example shows, the security feature is becoming increasingly necessary for modern web services.