In fact, it could be said that enabling safe transactions is PayPal's only job. But the job keeps growing and the challenges are never-ending. PayPal now has an estimated 377 million active accounts around the world and offers several products. Every one of those products is designed to make it safe to send or receive money, electronically or in person.
PayPal has been around since 1998 when it emerged as a popular way to pay for purchases on eBay. But many still ask, is PayPal safe? If PayPal wasn't as safe or safer to use than a credit card, cash, or a check, it would have been consigned to the rubbish heap of dead websites long ago.
So, is PayPal safe? That's not quite the right question. PayPal has a range of weapons in place to keep other people's paws off your money. But the weapons are most effective when you, the PayPal customer, take some basic precautions as well.
- PayPal's business model is based on enabling safe transactions between buyers and sellers.
- Credit card issuers have a pretty good incentive to make transactions safe, too. You're not responsible for fraudulent purchases beyond a maximum of $50.
- There are basic security measures that a customer can take to guard against fraud whether using PayPal or a credit card.
What PayPal Offers
To this day, PayPal is the default payment option for eBay purchases. But it also is the fifth most-used payment method at all online retailers, after Visa, MasterCard, American Express, and Discover (as of August 2019).
Active PayPal accounts globally
It has a number of other products that enable its customers to send or receive money. Some of them are:
- The PayPal mobile app, which enables contactless payments at real-world retailers.
- The Venmo mobile app, which is primarily used for person-to-person money transfers and routine day-to-day transactions.
- Xoom, a person-to-person payment app that is used to make electronic money transfers globally.
- The PayPal Cash Card, a MaserCard debit card for use online or in-store.
- A PayPal credit card, where PayPal offers two cards issued by Synchrony Bank. They also offer a line of credit offered by Synchrony.
Every one of these products is designed with the sole purpose of transferring money securely.
How Safe Is PayPal?
Here's the problem: PayPal is safe from hackers, but you aren't. They are looking for vulnerabilities in your purchasing activity, online and in the real world.
All PayPal transaction data are sent with end-to-end encryption designed to thwart any hacker seeking to capture private information as it moves from buyer to seller. This means your financial information isn't revealed even to the recipient.
PayPal app users can employ a second authorization factor to make each transaction safer. After enabling the SecurityKey feature, you'll get a temporary security code by text message to enter in addition to your password.
PayPal lays out six recommendations for businesses to prevent found:
- Keep track of transactions and reconcile accounts daily
- Set purchase amount limits
- Verify billing addresses using the address verification system
- Make sure the buyer has to enter the card's card verification value (CVV)
- Require users set strong passwords
- Ensure the operating system (OS) and business softwares are up to date
PayPal's Security Measures
PayPal has other policies that are designed to address some of the fraudulent activities and miscellaneous shenanigans that evolved with web commerce:
- The PayPal Purchase Protection policy ensures that users are reimbursed in full, including shipping costs, if a product purchased online using PayPal arrives and is "significantly different from its description." It doesn't cover absolutely all purchases, but If you order a wedding gown and get a dishrag, you're covered.
- If an order paid using PayPal doesn't arrive, you can report it and get a refund.
- If an unauthorized purchase is made on your account, you're not liable for it if it is reported within 60 days.
PayPal vs. Credit Cards: Which Is Safer?
PayPal's procedures are pretty much the top of the industry standard for electronic transactions these days. That doesn't mean that every bank that issues a credit card meets the industry standard.
Slava Gomzin, author of "Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions," supports PayPal's claims for safety. “If you have a choice on the web, always select PayPal,” Gomzin says.
PayPal even pays hackers if they find vulnerabilities in its systems—referred to as "ethical hacking" in the industry. According to Dean Turner, director of security intelligence at PayPal, "If you care about the product [and] you care about your customers, you care about your customers' security—this is what you have to do."
How Safe Are Credit Cards?
Credit card companies have been known to be resistant to some of the cybersecurity practices that PayPal employs. According to the Financial Services Roundtable, the banking industry does not pay hackers to alert them to security flaws, for example.
The chip embedded in newer credit cards makes them safer by encrypting transaction data.
The Basics of Credit Card Fraud
In the world of consumer credit fraud protection, there are two broad categories of fraud: "card present" and "card not present." The first means that a physical card was stolen and used by a human being. The latter means the information was stolen and used. And that, increasingly, means it was used to make transactions on the web quickly, before the theft can be detected.
The companies that issue credit cards have the most incentive to prevent both types of fraud. That's because your liability is limited to $50 under U.S. law, regardless of how much is charged. That said, there are other big downsides for the customer in credit card security breaches, including some serious inconvenience and possible credit rating damage.
Credit Card Security Measures
Most credit card companies have invested heavily in leading security technology to match those adopted by PayPal and other industry leaders. Not every credit card company is the same though, with some more advanced than others.
The biggest change in "card present" anti-fraud technology is the switchover to a card that uses a chip that is inserted into a reader to make a transaction rather than a magnetic stripe that is swiped along the side of the reader. The microchip in the card sends encrypted data, making the information harder to steal.
This improved technology, called EMV, has made it safer to use a credit card in a store by preventing the theft of your information as it is transmitted to complete the transaction. This leaves some responsibility for the user to take their own security precautions, particularly when making online purchases.
PayPal and Credit Card Security Breaches
Breaches of credit card data appear to be flowing at a greater rate than ever. The fault seems to lie with the retailers who accept credit cards, not with the credit card issuers. Some of the biggest breaches recently include Capital One, TJX Companies, and The Home Depot.
The problem in these and most other cases appears to be malware targeted at point-of-sale devices. That is, the retailer is storing credit card information in a way that makes it vulnerable to theft by hackers.
Recently, however, PayPal's security protocols have been called into question. The ethical hackers found ways to bypass certain PayPal security features, such as the one-time pin and two-factor authentication (2FA). PayPal reportedly brushed the issues off.
Tips for Protecting Yourself
When it comes right down to it, much of the responsibility for account security needs to be taken by the user, not the issuer. And that's true whether the company is PayPal or American Express, and whether it's a virtual account or a plastic card.
Here's the issue: PayPal and credit cards can make themselves relatively "safe" from hackers, but so should you. They are looking to exploit the vulnerabilities that you create in your online activities.
When Using a Credit Card
A few tips for protecting yourself when using plastic credit cards:
- Cut up any card you still have that doesn't have a chip in it. If you come across a reader that requires you to swipe the card, because the chip reader is malfunctioning or the store has an out-of-date-machine, avoid using it.
- Use only bank-owned ATMs to get cash.
- Pay for gas inside the station, not at the pump. Gas pumps are notoriously easy to outfit with a card skimmer that steals account information as it is used.
When Using PayPal Or a Credit Card Online
- Make online purchases only on secure sites. These usually have a url that starts with "https" (rather than "http") and display a symbol of a lock. These are signals that the connection between your web browser and the site's server is encrypted. This is by no means guaranteed protection but it closes off one avenue for fraud.
- Don't use the public wifi available at coffee shops and airports. Use a virtual private network (VPN) instead.
- Don't store your credit card information online at your favorite retailers. Type it in every time.
- Beware of phishing attacks. These usually arrive via an email or text message promising you something great, if you only click this link.
- Change the passwords on your credit card accounts (and your PayPal account) frequently, and don't use your name, your kids' birth dates, or any other too-obvious password.
A Special Precaution When Using PayPal
As noted above, PayPal has a safety feature called SecurityKey. After enabling this key feature, you'll get a temporary security code by text message to enter in addition to your password. So, even if someone breaks into your account, no transaction can be made.
Who Is PayPal Anyway?
PayPal Holdings Inc. is now a public company listed on the Nasdaq. It rolled out its first initial public offering in 2002 but was then acquired by eBay. At one point, PayPal was growing faster than its parent company. eBay decided to spin it off in 2014, and it again became a separate public company. In addition to Xoom, PayPal has acquired several other companies. These include Honey Science Corp., an online couponing site, iZettle, a payments processor, and Braintree, yet another mobile payments app.
Here are some brief answers to a few burning questions about PayPal and credit card security.
Is It Safer to Use PayPal or a Credit Card?
PayPal is at the top of the heap, security-wise. That's not surprising since it evolved with the web, and has had to keep up with every fraudulent scheme that evolved with it. It has some additional features to give online shoppers ease of mind, such as a money-back guarantee if your online purchase turns out to be nothing like the description.
The credit card companies have spent a great deal of money and time putting security measures in place, as well they should. They are legally on the hook for all but the first $50 of any purchase fraudulently made through your account.
For any and all of these companies, thwarting fraudsters is a never-ending battle. Their customers can help by being careful how they use their accounts, whether it's a plastic credit card or an electronic app.
Is PayPal Safe to Link to a Bank Account?
To use PayPal, you have to link to a bank account or credit card, or deposit money directly to PayPal, or some combination of all of these. When any of these is used, the transaction is accomplished using encrypted data, meaning that your private account information is not revealed, even to the recipient of the money. It's cheaper to pay directly from your bank account. No additional fees are charged.
Can You Get Scammed with PayPal?
There are plenty of scam artists online who will accept PayPal or any other form of payment and deliver nothing in return, or nothing that resembles what you paid for. In that case, the PayPal Protection program promises to fully reimburse your loss.
This is a generous policy, and there are at least two good reasons for it: PayPal can then collect enough information to report the malefactors to the authorities, and it can provide the confidence that its users need to use the PayPal platform.
One other type of scam to watch out for: If you get an email suggesting you download a new version of the PayPal app, don't click on it. Go to the PayPal site and confirm that there is a new version.
Is PayPal Safe for Debit Cards?
Same as above. When you pay using the debit card option, the information is transmitted only in encrypted form.
Is PayPal Safe to Receive Money?
Yes, and you can transfer it directly to your checking account from there.
The Bottom Line
PayPal or a credit card, or a PayPal credit card, can be used online and offline for routine transactions between buyers and sellers. Choosing which to use is also a matter of convenience, the special features that come with the account, and the interest rates charged by the institution.
Whichever you use, some of the responsibility for safety rests with you. Use tough passwords and change them occasionally. Choose web retailers you use wisely. Avoid public wifi and log into your account frequently to check for mystery purchases.
If you want an alternative to PayPal, you might consider one of its big rivals. They include Google Pay, Stripe, Payoneer, and Skrill.