The original complaint stated that many customers were unable to pay real bills like rent when they were unable to transfer their Venmo funds. Other customers complained that they had delivered items (like tickets or other items) to others, taken payment via Venmo, then had the funds removed, resulting in a loss.
The FTC settlement agreement requires that Venmo not misrepresent any material restrictions or levels of security involved with using its service. In addition, Venmo must make disclosures about how it handles transactions and privacy, and it can no longer violate the Gramm-Leach-Bliley Act, which requires financial institutions to provide customers with a privacy notice up front an annually thereafter (Financial Privacy Rule) and must have a written security plan to describe how it protects personal information of its clients (Safeguards Rule). As with other cases in which violations of the Gramm-Leach-Bliley Act have occured, Venmo must also have a third party assess its compliance every other year for the next 10 years. The FTC will take public comment on the agreement for the next 30 days, after which it will decide whether to make the proposed consent order final.