PayPal is one of the most popular payment platforms in the world. Whether you want to accept payments on your ecommerce site, make in-app purchases while gaming, or pay back a friend for concert tickets, PayPal offers a convenient and affordable solution. But is PayPal safe? Here are the scams, security features, and healthy habits you need to know about to stay safe and secure on PayPal.

What Is PayPal?

PayPal is a popular online payment system that is supported by a wide range of marketplaces and retailers of all kinds. To sign up, all you need is an email address. You can link your PayPal account to your bank account, debit card, or credit card. Once set up, a PayPal account can be used for:

How Do Businesses Use PayPal?

PayPal is useful for personal purposes, like splitting a bill or sending money to family, but it is also quite popular with businesses because it makes it easier for customers to make a purchase. Generally, making purchases easier helps boost conversions significantly so many vendors support the app.

  1. Payments. Sellers use PayPal to accept in-person and online payments, create invoices, and generate QR codes and payment links that make it easier for their customers to pay.
  2. Financial services. PayPal offers a debit card and cash advances for eligible businesses.
  3. Enterprise solution. The enterprise version of PayPal helps big businesses with data insights, marketing solutions, and buy-now-pay-later checkout options.

Why Use PayPal?

PayPal has over 433m active users and has processed $22B in financial transactions. According to one source, PayPal is the preferred payment service for 70% of millennials. And the PayPal app is rated 4.7 out of 5 on the App Store.

So why is PayPal so popular?

  1. No fees: It’s free to set up a PayPal account and there are no fees when you make a purchase or a personal transaction e.g. sending money to a friend (unless there is a currency conversion or you’re purchasing cryptocurrency). For merchants, however, PayPal charges a transaction fee on payments received through the platform.
  2. Convenience: If you want to send someone money, all you need is an email address, PayPal username, or mobile number. There’s no messing about with bank details. Similarly, when you make an online payment, there’s no need to enter bank details.
  3. Speed: Many PayPal transactions are instant – including some international transfers. PayPal transaction
  4. Safety: According to PayPal, 80% of people who shop using a mobile device say they feel more secure using PayPal than sharing their debit or credit card details. This way, you can feel better about purchasing from websites that you might not have trusted with your payment information.
  5. Global reach: PayPal users can send money to over 160 countries and accept payments in 25 currencies.
  6. Business Growth: PayPal claims customers are 54% more willing to buy when merchants accept PayPal as a payment method.
  7. Buy-Now, Pay-Later: PayPal Pay In 4 allows customers to split purchases into smaller payments with no fees or interest.

Is PayPal Safe?

PayPal is generally considered to be a safe, secure platform and is used by people all over the world to make safe transactions every day. The platform has several protections and security measures in place to protect users.

PayPal's buyer protections and data protections

1. Buyer Protection

PayPal offers Buyer Protection which promises:

  • full refunds for eligible items that don’t arrive or don’t match their description
  • a refund if you’re charged for something you didn’t buy
  • dispute resolution for buyer-seller conflicts

Note: This policy does not cover certain products including high-value NFTs, real estate, and transactions made using the ‘friends and family’ function.

Top tip: To access protection, your transaction must happen through PayPal. Don’t let merchants persuade you to use other payment methods and never use the ‘friends and family’ function to pay a merchant.

2. Seller Protection

PayPal offers a Seller Protection program that protects merchants against losing money when a buyer claims that:

  • a payment from their account to the seller was unauthorized
  • the item they purchased from the seller was not received

In eligible cases, sellers are covered for the total purchase amount. However, if you don’t have proof that you shipped the item or you shipped an item to the wrong shipping address, you will not be eligible for cover. Real estate, gift cards, and various other items are also excluded.

Top tip: Keep extensive records of every item you sell including proof of shipping and delivery.

Data and Fraud Protection

One reason PayPal is popular is that it enables you to shop on various websites or make other payments without having to share your bank account number or card details. This keeps your data safe if the ecommerce website you’ve purchased from experiences a data breach.

PayPal’s security features include:

  • 24/7 fraud monitoring
  • email confirmation of every transaction
  • the latest authentication methods
  • secure databases to protect personal and payment information
  • end-to-end encryption

In its privacy statement, PayPal is transparent about the customer data it gathers and how that data is used. Unfortunately, they do share users’ personal information with third parties including financial institutions and service providers. This increases the risk of a data breach because your data will be in more places, however, it is not an uncommon practice for a financial organization.

What About The Data Breach?

In December 2022, more than 34k PayPal accounts were accessed by a criminal hacker. However, the hacker did not compromise PayPal itself.

The method of the attack was credential stuffing which means a large collection of passwords was stolen from elsewhere and then targeted at PayPal until the hackers found accounts that matched. In other words, they logged into accounts using the account holder’s log-in details. This attack was not due to any failure on PayPal’s part.

diagram of a credential stuffing attack

The breach gives us all an important reminder to keep good password hygiene.

To secure your data against this kind of attack:

  • Never use the same password for two different apps or websites.
  • Use two-factor authentication as a second layer of defense (ideally local MFA like Google Authenticator).

PayPal Vs Credit Cards

Both PayPal and credit card companies spend a lot of time and money on fraud monitoring, online security, and measures to tackle identity theft. So which is safer?

Credit card companies generally have a good reputation when it comes to consumer protection. That’s because card issuers are required by law to provide a minimum level of purchase protection in the form of chargebacks.

A chargeback is an action taken by a bank or card issuer to reverse a payment and can result in the disputed payment being returned to the cardholder.

You can ask your credit card company for a chargeback for:

  • fraudulent transactions
  • goods and services that were not delivered, not as described, faulty, or counterfeit
  • returns that have not been credited to your account
  • overcharging
  • payments for cancelled subscriptions

In other words, if you pay by credit card, you’re coverage is similar to the coverage provided by PayPal’s Buyer Protection, with some important differences.

1. Eligible Purchases

Credit card protections cover a lot of items and transactions that are not covered by PayPal‘s protection policies including custom-made items, gaming, items intended for resale, and investments. For items that are excluded from PayPal’s protections, consider using a credit card instead.

2. Minimum Liability

Most banks have a zero liability policy meaning you can be refunded in full for fraudulent purchases but some credit card issuers only cover purchases over a minimum value.

For example, cardholders may legally be held liable for fraudulent charges up to:

PayPal’s Buyer Protection covers the full price of your purchase and buyers carry zero liability for eligible unauthorized transactions. This means that, compared to some credit cards, PayPal may be safer for small purchases.

It’s worth noting that using a credit card-linked PayPal account may invalidate your credit card protection. For example, under the UK’s Section 75 consumer protection laws, if you make a purchase using your PayPal balance, you’re not covered by your credit card protections.

Experts warn that, unlike most credit card protections, PayPal’s Buyer Protection policy is not enshrined in law.

Top tip: If you want to initiate a chargeback, make sure you submit it quickly. You have a maximum of 180 days to raise a dispute over a PayPal purchase while most US card issuers will allow for 120 days.

Common PayPal Scams (And How To Avoid Them)

While most PayPal transactions are safe and secure, the platform is also a popular target for scammers. According to the Federal Trade Commission, 16% of fraud reports in 2020 involved “a payment app or service like PayPal.” Here are some of the most common scams and the best ways to protect yourself.

Online Purchase Scams

Some scammers set up fake online stores and offer shoppers amazing deals on tickets or products that don’t exist. Many of these scammers will ask their victims to pay with PayPal.

To avoid online purchase scams:

  • Think twice if the deal seems “too good to be true.”
  • Look for reviews. Scammers may use fake reviews but it’s hard to fake a large volume of positive, authentic-sounding reviews from a reputable source like Google or Trustpilot.
  • Look for detailed information like contact details and privacy policies on vendor websites. Check if they have a presence on social media.
  • Choose online retailers carefully on marketplaces like eBay or Temu. Here are some more tips on staying safe on Temu.

Phishing Scams

Fake PayPal email phishing scam

Phishing is the most common type of cybercrime and it can affect just about anyone. Phishing scammers send emails (or other kinds of messages like texts or DMs) pretending to be a legitimate company.

A PayPal phishing email may ask the recipient to update their account information, confirm a purchase, or change their password. They may ask for an additional payment for a purchase to cover shipping costs. These emails usually contain a link to a fake version of the PayPal website or a fake phone number.

If recipients enter their login credentials, scammers can use that information to access their PayPal accounts and make financial transactions. Clicking on a link could also trigger the installation of spyware – software that allows scammers to access information from your device.

Scammers may also email you a fake invoice with a request to call them to further their communications.

To avoid phishing scams:

  1. Never share sensitive information via email. PayPal will not ask for bank account information, payment information, card details, or personal info via email.
  2. Get good at spotting phishing emails. If you receive an email that looks like it’s from PayPal, examine it carefully. Is there anything that doesn’t make sense? Are there any typos in the sender email or the message? Does it come from an email address ending “@paypal.com”? If not, it’s not from PayPal. Grammar errors, out-of-date logos, demands to act quickly, and generic greetings (e.g. Dear user) are also red flags.
  3. Think beyond email. Scammers may phone or send a message via text or social media. Carefully examine all online communications that seem to come from PayPal. If you follow a link to a website, study it carefully to check if you are on the legitimate PayPal website.
  4. Avoid emails altogether. Instead of clicking on a link in an email, open the PayPal app or type in the URL for the official PayPal website and log in to check for new messages.
  5. If you are even vaguely suspicious of an email, do not click any links, download any attachments, or call any phone numbers in the email. Simply go to Paypal.com and call the number there (or go through the official support page) to check if the email is legitimate.
  6. Enable two-factor authentication so that anyone who steals your login credentials will not be able to access your account.
  7. Report phishing attempts by forwarding emails [email protected] so PayPal can take action.
  8. Use trusted antivirus software to keep your device safe from spyware.

Impersonation Scams

Scammers may contact you pretending to be:

  • from the IRS or another government agency like the FTC (sometimes they even claim to be the President)
  • a PayPal customer service agent who needs your personal or financial information
  • a friend or family member who needs money for an emergency
  • a fundraiser for a charity or crisis response effort

To avoid impersonation scams:

Do not share personal or financial information over the phone or email and hang up on unexpected calls that don’t sound right. Contact PayPal directly via their official channels if you are unsure about the authenticity of a communication. Contact friends or family to double-check any requests for money. For example, if you received the request via Facebook, give them a call.

False Promises Scams

PayPal phishing email scammer

If anyone contacts you promising a free gift, loan, easy-money investment, or job opportunity, or claiming you’ve won a prize – be suspicious! These claims are rarely (if ever) legitimate. If they ask you to provide sensitive financial information, click a link, call a phone number, or send them money via PayPal to unlock these rewards – be extra suspicious! These are classic scams.

Romance Scam

Some especially cruel scammers pose as someone looking for love online. They try to earn their victims’ trust and make them believe they are in a genuine romantic relationship. Then they ask for money, perhaps claiming some kind of emergency or to pay for a flight to see the victim.

To avoid romance scams: Think twice before sending money to a new romantic interest. Have you met them and their friends and family in person? Do you have any evidence that they are who they say they are? If there are any red flags, consider running a background check to verify their identity.

Here are some of the lies to look out for, according to the Federal Trade Commission.

Romance scammer numbers chart

What To Do If You Are Scammed

If you think you may have fallen victim to scam:

  1. Update your password.
  2. Report the scam to PayPal, your bank or credit card company, and, if appropriate, the police.
  3. Keep a close eye on your account.

Tips For Staying Safe on PayPal

Here are some things you can do to keep your data and money secure while you’re shopping, selling, sending, or receiving money on PayPal.

  1. Use a VPN. A virtual private network disguises your online identity providing an extra layer of protection against hackers and fraudsters.
  2. Link your credit card. Many credit cards offer $0 fraud liability so, if your PayPal account is compromised, you may be protected if it is linked to your credit card than if it is linked to your checking account or debit card. Beware, however, that credit card payment protection does not always apply to PayPal transactions.
  3. Monitor your account. Pay attention to payment confirmation emails and keep an eye on your account so you can act quickly if there is any suspicious activity.
  4. Keep records. Whether you’re a buyer or a seller, keep records of your transactions so you have the proof you need if there are any problems.
  5. Practice good cyber hygiene with these best-practice habits:
    • Avoid logging into your PayPal account on a public WiFi connection or a public computer.
    • Use antivirus software on your computer.
    • Only make downloads from reputable sites.
    • Install app and software updates when they become available (or set-up your device to do this automatically).
    • Enable Find My Device so you can wipe your device if it is lost or stolen.

Does PayPal Refund Money If You Get Scammed?

PayPal will refund you for eligible products that are not delivered or do not match their description as well as for unauthorized payments.

However, if you voluntarily sent money to a fraudster using the ‘family and friends’ option, you will not be covered.

You will also not be covered if you did not use PayPal to make the payment – even if the website you used looked like PayPal.

Certain items are excluded from their refund policy, including cars and illegal purchases.

Bottom Line

So, is PayPal safe? The platform itself is about as safe as it gets with all the security features you would want from a payments provider. However, you should still follow best practices whenever you do any online transactions and use a private, updated, virus-free computer with a safe internet connection and a strong account password. The real risks lie when you go off-site so stick to the official PayPal website and educate yourself about common scams.

FAQs

Is PayPal secure?

Is PayPal safer than a credit card?