Looking to purchase tickets to a concert? Buy a great coat online? Download an album from an independent artist? In each of these instances, you’ve probably had the option to pay using PayPal.
PayPal is used to exchange $288 billion in 26 currencies, making it one of the largest payment services in the world. With this much money flowing and little heard about security issues, PayPal appears to be a safe and valuable service. Beyond appearances, what is the safety level to you as a consumer to set up a PayPal account?
Part of PayPal’s security system is based on verification. The seller should be verified. To be verified is fairly straightforward. The seller connects their personal bank account to their PayPal account. This verification provides an additional level of identification confirmation. Verification isn’t required, but of course, it’s a big waving red flag if you’re looking to purchase something from an unverified vendor.
In addition, PayPal has round the clock monitoring of every transaction to detect fraudulent activity. If a transaction occurs that seems connected to phishing or other suspicious activity, their security team may contact you, impose spending limits or restrict activity on your account while the activity in question is being resolved.
Personal Best Practices
As safe as PayPal can be, the danger of someone hacking into your account often comes from human error or, in some cases, human laziness. For starters, your password should be characterized as very strong. I know it can be a pain to keep highly complex passwords unique to each website you use straight, but you should take extra care with your PayPal password. You can also take advantage of PayPal’s security key option. The key is free for mobile and $5 for shipping and handling for a hardware version. The key produces a digital code that is provided on demand via text from PayPal for mobile or every 30 seconds for the hardware. The security key is a great option to up your PayPal security game.
Hackers often access PayPal accounts through phishing emails. One type of email has an infected attachment that downloads keylogger software. The keylogger records your keystrokes, including the passwords you type in and sends the information back to the hacker. The hacker can then login to your PayPal account and reset your password. The second type of phishing email is one where you’re redirected to a fake PayPal website, and once you login with your email and password, that information is recorded and sent to the hacker.
For phishing attachments, never download any attachment from an email that you don’t trust. Before clicking on any PayPal email link, hover over the link with your cursor. Your browser will show the link on the bottom of the browser, so you can verify your destination. Anything besides a secure paypal.com link variation should never be clicked on. You can even forward the email to a specific PayPal address and they will confirm whether or not it’s legitimate. To be safer still, never click links through your email. Type in the secure PayPal link in your browser directly.
For the bank account that you connect to your PayPal account, your main account is fine to use, though an extra security precaution is to set up a secondary chequing account that you use only for PayPal. This arrangement will provide a clear record of all your PayPal activity that can be matched to your PayPal account, and also keep your main banking disconnected from your online activities. The same goes with your credit card. A secondary credit card used for PayPal purchases can limit the risk and will be easy to monitor. Your PayPal account is just like a bank account, so it should be watched in the same way.
By keeping your password very strong, being aware of potential phishing scams, and using separate banking information, you can greatly minimize the human error risk of a PayPal account.
What If There’s an Issue?
If your account is suspected by PayPal to have fraudulent activity, they may limit spending or limit the activity allowed on your account. If you discover charges that you did not allow, report it immediately to PayPal. If you report it within 60 days of the transaction, you are eligible for $0 liability for unauthorized transactions. Yep, the reported fraud, if eligible, will be fully refunded to you. There are some limitations, as the Protection does not cover things like real estate or custom-made items, but the vast majority of purchases will be covered.
Then there’s the kind of issues that could arise not from your account, but from the actual purchases you made. If you purchase something through PayPal and it’s not as expected, you are protected under the Purchase Protection. The unexpected purchase could be a knock-off version when you purchased a brand name product, two books instead of the three you ordered, a new gadget that arrives damaged or with missing pieces, or something never arrived at all. The first step is to open a dispute with the seller. Most times, issues can be easily resolved. However, if not, you can escalate the claim after 20 days and PayPal will make a decision, either for you or the seller based on the claim. You can easily file a report through the PayPal website, snail mail or via phone. It’s best to make a claim it immediately, but be sure to do so within 180 days so that if the decision is made in your favor, you will be eligible for the protection.
PayPal is and will continue to be a big player in the way that we pay online. As more of our money is transferred via sites like PayPal, as good consumers, we have to know what is their security policy and protection for its users. It is equally important to have solid personal practices. Unfortunately, as PayPal is a major monetary player, it will be the subject of phishing emails and other fraud efforts. While they can only do so much, your own security practices will ensure you continually minimize your risk, making PayPal safe to use.