PayPal has been around since 1998 when it emerged as a popular way to pay for purchases on eBay. But many still ask, is PayPal safe? If PayPal wasn't as safe or safer to use than a credit card, cash, or a check, it would have been consigned to the rubbish heap of dead websites long ago.
In fact, it could be said that enabling safe transactions is PayPal's only job. But the job keeps growing and the challenges are never-ending. PayPal now has an estimated 360 million users around the world and offers several products. Every one of those products is designed to make it safe to send or receive money, electronically or in person.
So, is Paypal safe? That's not quite the right question. Paypal has a range of weapons in place to keep other people's paws off your money. But the weapons are most effective when you, the PayPal customer, take some basic precautions as well.
- PayPal's business model is based on enabling safe transactions between buyers and sellers. It is state-of-the-art.
- Credit card issuers have a pretty good incentive to make transactions safe, too. You're not responsible for fraudulent purchases beyond a maximum of $50.
- There are basic security measures that a customer can take to guard against fraud whether using PayPal or a credit card.
What PayPal Offers
To this day, PayPal is the default payment option for eBay purchases. But it also is the fifth most-used payment method at all online retailers, after Visa, MasterCard, American Express, and Discover.
...The number of PayPal users globally.
It has a number of other products that enable its customers to send or receive money. Some of them are:
- The PayPal mobile app, which enables contactless payments at real-world retailers.
- The Venmo mobile app, which is primarily used for person-to-person money transfers and routine day-to-day transactions.
- Xoom, a person-to-person payment app that is used to make electronic money transfers globally.
- The PayPal Cash Card, a debit card for use online or in-store, issued in a co-branding deal with MasterCard.
- A PayPal credit card, issued with CitiBank.
Every one of these products is designed with the sole purpose of transferring money securely.
How Safe Is PayPal?
Here's the problem: PayPal is safe from hackers, but you aren't. They are looking for vulnerabilities in your purchasing activity, online and in the real world.
All PayPal transaction data are sent with end-to-end encryption designed to thwart any hacker seeking to capture private information as it moves from buyer to seller. This means your financial information isn't revealed even to the recipient.
The increase in credit card fraud from 2017 to 2018, according to the Federal Trade Commission. PayPal recommends a number of counter-measures small businesses can take to keep their businesses safe.
PayPal app users can employ a second authorization factor to make each transaction safer. After enabling the SecurityKey feature, you'll get a temporary security code by text message to enter in addition to your password.
PayPal's Security Measures
PayPal has other policies that are designed to address some of the fraudulent activities and miscellaneous shenanigans that evolved with web commerce:
- The PayPal Purchase Protection policy ensures that users are reimbursed in full, including shipping costs, if a product purchased online using PayPal arrives and is "significantly different from its description." It doesn't cover absolutely all purchases, but If you order a wedding gown and get a dishrag, you're covered.
- If an order paid using PayPal doesn't arrive, you can report it and get a refund.
- If an unauthorized purchase is made on your account, you're not liable for it if it is reported within 60 days.
PayPal vs. Credit Cards: Which Is Safer?
PayPal's procedures are pretty much the top of the industry standard for electronic transactions these days. That doesn't mean that every bank that issues a credit card meets the industry standard.
Slava Gomzin, author of "Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions," supports PayPal's claims for safety. “If you have a choice on the web, always select PayPal,” Gomzin says.
PayPal even pays hackers if they find vulnerabilities in its systems. According to Dean Turner, director of security intelligence at PayPal, "If you care about the product [and] you care about your customers, you care about your customers' security—this is what you have to do."
How Safe Are Credit Cards?
Credit card companies have been known to be resistant to some of the cybersecurity practices that PayPal employs. According to the Financial Services Roundtable, the banking industry does not pay hackers to alert them to security flaws, for example.
The chip embedded in newer credit cards makes them safer by encrypting transaction data. If you come across the older "swipe" technology, avoid using it.
PayPal, on the other hand, is the Holy Grail for hackers. Just because the company hasn’t ever been seriously hacked doesn’t mean that it never will be.
The Basics of Credit Card Fraud
In the world of consumer credit fraud protection, there are two broad categories of fraud: "card present" and "card not present." The first means that a physical card was stolen and used by a human being. The latter means the information was stolen and used. And that, increasingly, means it was used to make transactions on the web quickly, before the theft can be detected.
The companies that issue credit cards have the most incentive to prevent both types of fraud. That's because your liability is limited to $50 under U.S. law, regardless of how much is charged. That said, there are other big downsides for the customer in credit card security breaches, including some serious inconvenience and possible credit rating damage.
Credit Card Security Measures
Most credit card companies have invested heavily in leading security technology to match those adopted by PayPal and other industry leaders. Not every credit card company is the same though. Some, notably Chase, American Express, and Bank of America, are more advanced than others.
The biggest change in "card present" anti-fraud technology is the switchover to a card that uses a chip that is inserted into a reader to make a transaction rather than a magnetic stripe that is swiped along the side of the reader. The microchip in the card sends encrypted data, making the information harder to steal.
This improved technology, called EMV, has made it safer to use a credit card in a store by preventing the theft of your information as it is transmitted to complete the transaction.
This leaves some responsibility for the user to take their own security precautions, particularly when making online purchases.
PayPal and Credit Card Security Breaches
Breaches of credit card data appear to be flowing at a greater rate than ever. The fault seems to lie with the retailers who accept credit cards, not with the credit card issuers. Krebs on Security, a blog devoted to breaches, has noted recent events involving some locations of Buckle Stores, Noodles & Co., and, possibly, Dairy Queen.
The problem in these and most other cases appears to be malware targeted at point-of-sale devices. That is, the retailer is storing credit card information in a way that makes it vulnerable to theft by hackers.
The only reported major hack of PayPal data occurred in late 2017, when the company revealed that personal information on about 1.6 million users had "potentially been compromised" at its TIO Networks unit, a digital bill-payment tools provider that it had recently acquired. The TIO systems were entirely separate from the PayPal platform and no PayPal customers were affected. Still, PayPal closed TIO down in response.
In another incident, reported in early 2020, a researcher discovered a flaw in the site's security that could have been used to allow hackers to capture users' login information. PayPal patched the problem and paid the researcher a $15,300 reward.
Tips for Protecting Yourself
When it comes right down to it, much of the responsibility for account security needs to be taken by the user, not the issuer. And that's true whether the company is PayPal or American Express, and whether it's a virtual account or a plastic card.
Here's the problem: PayPal is safe from hackers, but you aren't. They are looking to exploit the vulnerabilities that you create in your online activities.
Consider those two categories of fraud, "card present" and "card not present."
When Using a Credit Card
A few tips for protecting yourself when using plastic credit cards:
- Cut up any card you still have that doesn't have a chip in it. If you come across a reader that requires you to swipe the card, because the chip reader is malfunctioning or the store has an out-of-date-machine, avoid using it.
- Use only bank-owned ATMs to get cash.
- Pay for gas inside the station, not at the pump. (Gas pumps are notoriously easy to outfit with a card skimmer that steals account information as it is used.)
When Using PayPal Or a Credit Card Online
- Make online purchases only on secure sites. These usually have a url that starts with "https" (rather than "http") and display a symbol of a lock. These are signals that the connection between your web browser and the site's server is encrypted. This is by no means guaranteed protection but it closes off one avenue for fraud.
- Don"t use the public wifi available at coffee shops and airports. Use a virtual private network (VPN) instead.
- Don't store your credit card information online at your favorite retailers. Type it in every time.
- Beware of phishing attacks. These usually arrive via an email or text message promising you something great, if you only click this link.
- Change the passwords on your credit card accounts (and your PayPal account) frequently, and don't use your name, your kids' birth dates, or any other too-obvious password.
A Special Precaution When Using PayPal
As noted above, PayPal has a safety feature called SecurityKey. After enabling this key feature, you'll get a temporary security code by text message to enter in addition to your password.
So, even if someone breaks into your account, no transaction can be made.
Who Is PayPal Anyway?
PayPal Holdings Inc. is now a public company listed on the Nasdaq. It rolled out its first initial public offering in 2002 but was then acquired by eBay.
At one point, PayPal was growing faster than its parent company. eBay decided to spin it off in 2014, and it again became a separate public company.
In addition to Xoom, PayPal has acquired several other companies. These include Honey Science Corp., an online couponing site, iZettle, a payments processor, and Braintree, yet another mobile payments app.
Here are some brief answers to a few burning questions about PayPal and credit card security.
Is It Safer to Use PayPal or a Credit Card?
PayPal is at the top of the heap, security-wise. That's not surprising since it evolved with the web, and has had to keep up with every fraudulent scheme that evolved with it. It has some additional features to give online shoppers ease of mind, such as a money-back guarantee if your online purchase turns out to be nothing like the description.
The credit card companies have spent a great deal of money and time putting security measures in place, as well they should. They are legally on the hook for all but the first $50 of any purchase fraudulently made through your account.
For any and all of these companies, thwarting fraudsters is a never-ending battle. Their customers can help by being careful how they use their accounts, whether it's a plastic credit card or an electronic app.
Is PayPal Safe to Link to a Bank Account?
To use PayPal, you have to link to a bank account or credit card, or deposit money directly to PayPal, or some combination of all of these.
When any of these is used, the transaction is accomplished using encrypted data, meaning that your private account information is not revealed, even to the recipient of the money.
It's cheaper to pay directly from your bank account. No additional fees are charged.
Can You Get Scammed with PayPal?
There are plenty of scam artists online who will accept PayPal or any other form of payment and deliver nothing in return, or nothing that resembles what you paid for. In that case, the PayPal Protection program promises to fully reimburse your loss.
This is a generous policy, and there are at least two good reasons for it: PayPal can then collect enough information to report the malefactors to the authorities, and it can provide the confidence that its users need to use the PayPal platform.
One other type of scam to watch out for: If you get an email suggesting you download a new version of the PayPal app, don't click on it. Go to the PayPal site and confirm that there is a new version.
Is PayPal Safe for Debit Cards?
Same as above. When you pay using the debit card option, the information is transmitted only in encrypted form.
Is PayPal Safe to Receive Money?
Yes, and you can transfer it directly to your checking account from there.
The Bottom Line
PayPal or a credit card, or a PayPal credit card, can be used online and offline for routine transactions between buyers and sellers. Choosing which to use is also a matter of convenience, the special features that come with the account, and the interest rates charged by the institution.
Whichever you use, some of the responsibility for safety rests with you. Use tough passwords and change them occasionally. Choose web retailers you use wisely. Avoid public wifi. And, log into your account frequently to check for mystery purchases.
To the question, "Is PayPal safe?" the only good answer is, PayPal is working to keep it safe as if the company's very life depends on it, and it does.
If you want an alternative to PayPal, you might consider one of its big rivals. They include Google Pay, Stripe, Payoneer, and Skrill.