If you think you've accidentally opened a phishing PDF, it's important to immediately disconnect your device from the internet, back up your files, run a virus
PayPal and Venmo are online platforms that let businesses and individuals send and receive payments. You can secure your PayPal or Venmo account by using a strong password, setting up Multi-Factor Authentication (MFA) and using other security features available. Since these accounts handle financial transactions and sensitive information, they are common targets for cyber attacks.
Keep reading to learn the difference between PayPal and Venmo, the risks of using each and how you can protect your accounts.
What’s the Difference Between PayPal and Venmo?
PayPal owns Venmo, and they offer similar services but have different features.
PayPal is a robust payment system. While you can do peer-to-peer payments, it has more business-oriented features and a long-trusted e-commerce payment system that can be used at participating retailers. It offers a full-featured web browser application as well as a mobile app.
Venmo was originally designed for peer-to-peer payments between friends and family. However, Venmo has recently enabled business profiles to allow payments for goods and services. Venmo’s features are accessible on the app only, although you can view account information on the website.
What are the Risks of Using Venmo or PayPal?
In order to use Venmo and PayPal, you need to have a bank account or credit card linked to your account, and also provide Personally Identifiable Information (PII) like your home address. Depending on how you use PayPal, your account could also contain sensitive tax information including forms that show your social security number. If cybercriminals are able to access this information, they can take money, steal your identity or commit other offenses.
Both applications use best practices to help protect consumer information, including:
- Encryption to keep personal information from being exposed.
- Checking that the user is accessing PayPal on a secure browser before allowing them to make payments.
- Fraud monitoring and prevention to block unauthorized transactions.
In order to help mitigate security gaps on the user’s end, both services offer a variety of security options for users, which you should take advantage of to reduce the possibility of your accounts becoming compromised.
Steps to Secure Your PayPal and Venmo Accounts
1. Use a secure password
The first line of defense for keeping any account safe is using a strong password. Weak passwords cause 80% of security breaches. Passwords should have at least 16 characters with a combination of upper and lower case letters, numbers and special characters.
Passwords should be completely randomized. Using dictionary words will make your passwords easier to guess via dictionary or brute force attacks. Using the names or birthdays of you or your loved ones will also make your account more vulnerable as a cybercriminal can find this information on your social media accounts.
Use a password manager to generate and store passwords
Strong passwords are hard to remember, which is why you should use a password manager to securely store them. A password manager generates strong passwords for you, then encrypts and securely stores them. They are protected by a master password, which is the only password you need to remember in order to access your password vault.
Password requirements for PayPal and Venmo
To create a PayPal or Venmo account, the minimum number of characters is 8. To have a strong password, you need to use at least 12 characters. It’s important to choose a password that goes beyond the minimum requirements for your accounts, as minimum requirements are often only moderately secure.
2. Use Multi-Factor Authentication (MFA)
MFA, also known as 2FA, requires two or more methods of authentication, including a password. This secures your account by preventing someone who has obtained your login information on the dark web from accessing it. This is because the cybercriminal would have to provide an additional method of verification. You should use MFA for every account with the option available. Venmo and PayPal both offer MFA options.
- Venmo offers text MFA, meaning users receive a verification code via SMS.
- PayPal offers MFA via an authenticator app, meaning users download a separate app such as Google or Microsoft Authenticator that provides a time-based verification code.
If multiple MFA methods are available, avoid using SMS text messaging. SIM swapping is a type of cyber attack where cybercriminals use social engineering tactics to receive their victim’s text messages and phone calls, which allows them to intercept SMS verification codes.
A password manager like Keeper has an integrated Time-Based One-Time (TOTP) Password functionality that, once set up, makes the TOTP available in the same record as your password. It makes it easy to use MFA to keep your account secure without having to deal with the hassle of using a second device to access a TOTP every time you log in.
3. Set up PINs or biometrics for mobile apps
In addition to passwords and 2FA, the mobile apps for both PayPal and Venmo offer the option to turn on a Personal Identification Number (PIN) or use biometrics. A PIN is a number code, similar to the code you use with your debit card, that you have to enter in order to open the app– even when you are logged into your phone. The PIN would be required every time you open the app. Biometrics such as fingerprints or FaceID work the same way. While setting up a PIN won’t protect your account in the event that your login credentials are compromised, enabling a PIN would prevent someone who discovers how to access your phone from reaching key financial accounts. You should use the maximum number of characters allowed and use random numbers. It’s too easy to guess a PIN that uses birthdays or house numbers.
PINs can be hard to remember, but a password manager can store PINs, too. So don’t be afraid to devise the most hard-to-guess pin possible – or let your password manager create do so for you.
4. Use a secure WiFi network
Using public WiFi when conducting financial transactions makes your sensitive information vulnerable. Public WiFi increases the risk that a cybercriminal will intercept and steal your data because they also have access to the network. Using a VPN can mitigate that risk, but it’s best to use WiFi you know is secure.
Most people use PayPal or Venmo on their phones using cellular data. Cellular networks have been breached in the past, so there’s still a risk, but it’s much less common than public WiFi breaches.
5. Pay attention to security notifications
Both PayPal and Venmo use push notifications and emails to inform users when transactions occur on their accounts, along with other kinds of account activity. Notifications are annoying – we get it. But these are important to pay attention to because it’s a way to find out quickly if a cybercriminal is using your account. The faster you identify fraudulent activity, the easier it is to prevent and reverse any negative consequences.
If you want to reduce the number of notifications overall, you can visit your settings and select which kinds of notifications you’d prefer to receive. Leave on any notifications relating to payments, bank transfers and other similar activity.
6. Watch out for common phishing scams
Phishing scams are common with PayPal and Venmo. For example, you could receive a message from someone requesting money and threatening negative consequences if you don’t pay right away. Or, you could receive a message requesting your login information in order to collect money for a “prize.”
To avoid these types of scams, treat any unexpected financial request or message with suspicion. If the message claims to be from an official entity, confirm this using the official contact information listed on that entity’s website. If a friend or family member sent a money request you didn’t expect, check to ensure that it’s really from them.
7. Turn on business transaction settings when appropriate
Business transactions require additional security measures to protect both the consumer and vendor. If you are a business, or paying a business, use the appropriate settings.
- PayPal has a “For friends and family” payment type that has no fee for the recipient but loses some protection for the person sending money. The “For goods and services” option charges the recipient a small fee in order to offer extra protection to the payer. Use the “For goods and services” option anytime you send money to a business.
- Venmo has official business profiles available that allow the user to charge for goods and services. These profiles are subject to additional fees and tax reporting requirements. They also have additional benefits, including the ability to issue refunds to a customer. If you are a business, don’t operate without a business profile. If you are a customer, don’t buy goods or services on Venmo if the business is not using an official business profile since you lose the included protections. You can identify a business profile because it will say “Eligible items covered by purchase protection” in the payment portal.
8. Don’t share sensitive information in either app
Don’t share unprotected sensitive information online. Unprotected home addresses, phone numbers and more could be stolen by threat actors for criminal purposes. While it is safe to enter this information in official, encrypted forms, do not send this information in comments, messages or other similar features in the Venmo and PayPal apps.
Best Practices Will Keep Your Information Safe on PayPal and Venmo
PayPal and Venmo are both trusted apps with strong security standards to keep user information safe. However, cybersecurity is only as strong as the weakest link. Implementing a strong password, using MFA and having good cyber hygiene when using these apps will reduce your chances of falling victim to a cyber attack.
Taking even one step to protect your online financial records will increase your protection against cybercriminals. Take that first step today by downloading Keeper Password Manager so you can set and store strong passwords for all your accounts.