Is PayPal safe compared to a credit card? It could be said that enabling safe transactions is PayPal's only job. But the job keeps growing, and the challenges are never-ending. PayPal now has an estimated 392 million active accounts around the world and offers several products. Each one is designed to make it safe to send or receive money, electronically or in person.
PayPal has been around since 1998 when it emerged as a popular way to pay for purchases on eBay. If it weren't as safe or safer to use than a credit card, cash, or a check, PayPal likely would have been consigned to the rubbish heap of dead technology platforms long ago.
Yet many still ask, is PayPal safe? That may not be quite the right question. PayPal has a range of weapons in place to keep other people's paws off your money. But the weapons are most effective when you, the PayPal customer, take some basic precautions as well.
- PayPal's business model is based on enabling safe transactions between buyers and sellers.
- Credit card issuers have a pretty good incentive to make transactions safe, too. You're not responsible for fraudulent purchases beyond a maximum of $50.
- There are basic security measures that you can take to guard against fraud whether using PayPal or a credit card.
What PayPal Offers
To this day, PayPal is the default payment option for eBay purchases. But it also is the fifth most-used payment method at all online retailers, after Visa, Mastercard, American Express, and Discover (as of August 2019).
It has a number of other products that enable its customers to send or receive money. Some of them are:
- The PayPal mobile app, which enables contactless payments at real-world retailers.
- The Venmo mobile app, which is primarily used for person-to-person money transfers and routine day-to-day transactions.
- Xoom, a person-to-person payment app that is used to make electronic money transfers globally.
- The PayPal Cash Card, a MasterCard debit card for use online or in-store.
- A PayPal credit card, where PayPal offers two cards issued by Synchrony Bank. It also offers a line of credit via Synchrony.
- PayPal entered the cryptocurrency arena in 2020, allowing its users to buy, hold, sell and check out with cryptocurrencies.
Every one of these products is designed with the sole purpose of transferring money securely.
How Safe Is PayPal?
All PayPal transaction data are sent with end-to-end encryption designed to thwart any hacker seeking to capture private information as it moves from buyer to seller. This means your financial information isn't revealed even to the recipient.
PayPal app users can employ a second authorization factor to make each transaction safer. After enabling the SecurityKey feature, you'll get a temporary security code by text message that you enter in addition to your password.
PayPal lays out six recommendations for businesses to prevent fraud:
- Keep track of transactions and reconcile accounts daily
- Set purchase amount limits
- Verify billing addresses using the address verification system
- Make sure the buyer has to enter the card's card verification value (CVV)
- Require users to set strong passwords
- Ensure the operating system and business software are up to date
Here's the problem: PayPal is safe from hackers, but you aren't. They are looking for vulnerabilities in your purchasing activity, online and in the real world.
PayPal's security measures
PayPal has other policies that are designed to address some of the fraudulent activities and miscellaneous shenanigans that evolved with e-commerce:
- The PayPal Purchase Protection policy ensures that users are reimbursed in full, including shipping costs, if a product purchased online using PayPal arrives and is "significantly different from its description." It doesn't cover absolutely all purchases, but if you order a wedding gown and get a dishrag, you're covered.
- If an order paid using PayPal doesn't arrive, you can report it and get a refund.
- If an unauthorized purchase is made on your account, you're not liable for it if it is reported within 60 days.
PayPal vs. credit cards: Which is safer?
PayPal's procedures are pretty much the top of the industry standard for electronic transactions these days. That doesn't mean that every bank that issues a credit card meets the industry standard.
PayPal even pays hackers if they find vulnerabilities in its systems—referred to in the industry as "ethical hacking." According to Dean Turner, director of security intelligence at PayPal, "If you care about the product [and] you care about your customers, you care about your customers' security—this is what you have to do."
How Safe Are Credit Cards?
Credit card companies have been known to be resistant to some of the cybersecurity practices that PayPal employs. According to the Financial Services Roundtable, the banking industry does not pay hackers to alert them to security flaws, for example.
The basics of credit card fraud
In the world of consumer credit fraud protection, there are two broad categories of fraud: "card present" and "card not present." The first means that a physical card was stolen and used by a human being. The latter means the information was stolen and used. And that, increasingly, means it was used to make transactions on the web quickly, before the theft can be detected.
The companies that issue credit cards have the most incentive to prevent both types of fraud. That's because your liability is limited to $50 under U.S. law, regardless of how much is charged. That said, there are other big downsides for the customer in credit card security breaches, including some serious inconvenience and possible credit rating damage.
Credit card security measures
Most credit card companies have invested heavily in leading security technology to match those adopted by PayPal and other industry leaders. Not every credit card company is the same though, with some more advanced than others.
The biggest change in "card present" anti-fraud technology is the switchover to a card that uses a chip that is inserted into a reader to make a transaction rather than a magnetic stripe that is swiped along the side of the reader. The microchip in the card sends encrypted data, making the information harder to steal.
This improved technology, called EMV, has made it safer to use a credit card in a store by preventing the theft of your information as it is transmitted to complete the transaction. This leaves some responsibility for the user to take their own security precautions, particularly when making online purchases.
PayPal and credit card security breaches
Breaches of credit card data appear to be flowing at a greater rate than ever. The fault seems to lie with the retailers who accept credit cards, not with the credit card issuers. Some of the biggest breaches in recent years include Capital One, TJX Companies, and The Home Depot.
The problem in these and most other cases appears to be malware targeted at point-of-sale devices. That is, the retailer is storing credit card information in a way that makes it vulnerable to theft by hackers.
Recently, however, PayPal's security protocols have been called into question. The ethical hackers found ways to bypass certain PayPal security features, such as the one-time pin and two-factor authentication (2FA). PayPal reportedly brushed the issues off.
The amount of digital payments PayPal processed in the first quarter of 2021.
Tips for Protecting Yourself
When it comes right down to it, much of the responsibility for account security needs to be taken by the user, not the issuer. And that's true whether the company is PayPal or American Express, and whether it's a virtual account or a plastic card.
When using a credit card
A few tips for protecting yourself when using plastic credit cards:
- Cut up any card you still have that doesn't have a chip in it. If you come across a reader that requires you to swipe the card, because the chip reader is malfunctioning or the store has an out-of-date-machine, avoid using it.
- Use only bank-owned ATMs to get cash.
- Pay for gas inside the station, not at the pump. Gas pumps are notoriously easy to outfit with a card skimmer that steals account information as it is used.
When using PayPal or a credit card online
- Make online purchases only on secure sites. These usually have a url that starts with "https" (rather than "http") and display a symbol of a lock. These are signals that the connection between your web browser and the site's server is encrypted. This is by no means guaranteed protection but it closes off one avenue for fraud.
- Don't use the public Wi-Fi available at coffee shops and airports. Use a virtual private network (VPN) instead.
- Don't store your credit card information online at your favorite retailers. Type it in every time.
- Beware of phishing attacks. These usually arrive via an email or text message promising you something great, if you only click this link.
- Change the passwords on your credit card accounts (and your PayPal account) frequently, and don't use your name, your kids' birth dates, or any other too-obvious password.
Who Is PayPal Anyway?
PayPal Holdings Inc. is now a public company listed on the Nasdaq. It rolled out its first initial public offering in 2002 but was then acquired by eBay. At one point, PayPal was growing faster than its parent company. EBay decided to spin it off in 2014, and it again became a separate public company. In addition to Xoom, PayPal has acquired several other companies. These include Honey Science Corp., an online couponing site; iZettle, a payments processor; and Braintree, another mobile payment app.
Here are some brief answers to a few burning questions about PayPal and credit card security.
Is it safer to use PayPal or a credit card?
PayPal is at the top of the heap, security-wise. That's not surprising since it evolved with the web, and it has had to keep up with every fraudulent scheme that evolved with it. It has some additional features to give online shoppers ease of mind, such as a money-back guarantee if your online purchase turns out to be nothing like its description.
The credit card companies have spent a great deal of money and time putting security measures in place, as well they should. They are legally on the hook for all but the first $50 of any purchase fraudulently made through your account.
For any and all of these companies, thwarting fraudsters is a never-ending battle. Their customers can help by being careful how they use their accounts, whether it's a plastic credit card or an electronic app.
Is PayPal safe to link to a bank account?
To use PayPal, you have to link to a bank account or credit card, or deposit money directly to PayPal, or some combination of all of these. When any of these is used, the transaction is accomplished using encrypted data, meaning that your private account information is not revealed, even to the recipient of the money. It's cheaper to pay directly from your bank account. No additional fees are charged.
Can you get scammed with PayPal?
There are plenty of scam artists online who will accept PayPal or any other form of payment and deliver nothing in return, or nothing that resembles what you paid for. In that case, the PayPal protection program promises to fully reimburse your loss.
This is a generous policy, and there are at least two good reasons for it: PayPal can then collect enough information to report the malefactors to the authorities, and it can provide the confidence that its users need to use the PayPal platform.
One other type of scam to watch out for: If you get an email suggesting you download a new version of the PayPal app, don't click on it. Go to the PayPal site and confirm that there is a new version.
Is PayPal safe for debit cards?
Same answer as above. When you pay using the debit card option, the information is transmitted only in encrypted form.
Is PayPal safe to receive money?
Yes, and you can transfer it directly to your checking account from there.
The Bottom Line
PayPal or a credit card, or a PayPal credit card, can be used online and offline for routine transactions between buyers and sellers. When choosing which to use, consider convenience, the special features that come with the account, and the interest rates charged by the institution.
Whichever you use, some of the responsibility for safety rests with you. Use tough passwords and change them occasionally. Choose the online retailers you use wisely. Avoid public Wi-Fi, and log into your account frequently to check for mystery purchases.
If you want an alternative to PayPal, you might consider one of its big rivals. They include Google Pay, Stripe, Payoneer, and Skrill.