We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
PayPal security a lot poorer than banks
Options
drkirkby
Posts: 1 Newbie
I consider myself pretty computer literate - I have earned momey writing software, produce open soure code, and so I would not be easy to trick to give my password away.
Anyway, some hacked into my business PayPal account and tried to pay a substantial amount of money to someone who I have paid before. Luckily the amount was more than I have in my business account so my bank declined the transaction and allerted me. After speaking to PayPal, it appears someone hacked my account, but no money has been successfully withdrawn.
It got me thinking just how lax the security is at PayPal compared to my bank.
With PayPal, to pay someone all I need is my email address and password and an email address to pay. Only the password is not readily available to others.
With my bank I need a customer number, pin number and password to log in. But only 3 random digits of the pin number are needed and these are not entered sequentially. Only some random digits from the password are neded. So logging in is much harder than with PayPal.
Once logged in to my bank, to add a new payee I need to have my debit card and a card reader supplied by the bank. To make a payment to a payee, I again need my debit card and card reader.
If paying another company, who accepts both BACS & PayPal, I would choose PayPal as it is much easier.
So in essence I think PayPal is quick & easy to use, but I feel it is a lot less secure than either my personal or business bank account.
Dave
Anyway, some hacked into my business PayPal account and tried to pay a substantial amount of money to someone who I have paid before. Luckily the amount was more than I have in my business account so my bank declined the transaction and allerted me. After speaking to PayPal, it appears someone hacked my account, but no money has been successfully withdrawn.
It got me thinking just how lax the security is at PayPal compared to my bank.
With PayPal, to pay someone all I need is my email address and password and an email address to pay. Only the password is not readily available to others.
With my bank I need a customer number, pin number and password to log in. But only 3 random digits of the pin number are needed and these are not entered sequentially. Only some random digits from the password are neded. So logging in is much harder than with PayPal.
Once logged in to my bank, to add a new payee I need to have my debit card and a card reader supplied by the bank. To make a payment to a payee, I again need my debit card and card reader.
If paying another company, who accepts both BACS & PayPal, I would choose PayPal as it is much easier.
So in essence I think PayPal is quick & easy to use, but I feel it is a lot less secure than either my personal or business bank account.
Dave
0
Comments
-
-
With paypal you can set your mobile as security key so every time you log in you will have to enter you email and password PLUS code which you will receive every time by text on you phone.0
-
If paying another company, who accepts both BACS & PayPal, I would choose PayPal as it is much easier.
1. Surely a company would only accept credit/debit cards never a simply BACS/Faster payments transfer from an individual.
2. As I recall using if Paypal you loose some section ???? protection from your credit card company (if funding your paypal account though that) in the event of a major "problem" as you are paying a third party rather than paying the supplier direct.0 -
With PayPal, to pay someone all I need is my email address and password and an email address to pay. Only the password is not readily available to others.
Turn on the two-factor authentication PayPal have provided as a security option for quite some time.
I would expect anyone considering themselves computer literate to do this as a matter of course with any service that offers 2FA.0 -
On a smartphone, you can also install the Symantic VIP App which makes 2FA possible when you have no mobile signal.0
-
And yet your bank will also accept a payment to be made by your card simply with the card number. All other data like expiry date, CCV, AVS, 3D Secure are all technically optional.
Your card number is most likely 16 digits long, the first 6 identify your bank and possibly product and a list of all these is easily found and the last digit is a calculated checksum for which the formula is freely available. Doesnt take much to create a 9 digit random number generator that then ties it to a know valid bank prefix and calculates the checksum to create a valid card number. Of cause not all valid numbers are in use but the volume you can push through with even a basic computer and net connection doesnt make it hard.
There are lots of gaps in all systems which is why in addition to the front end security you also have things like chargebacks and the PayPal dispute process for when you are a victim of fraud0 -
InsideInsurance wrote: »Your card number is most likely 16 digits long, the first 6 identify your bank and possibly product and a list of all these is easily found and the last digit is a calculated checksum for which the formula is freely available. Doesnt take much to create a 9 digit random number generator that then ties it to a know valid bank prefix and calculates the checksum to create a valid card number. Of cause not all valid numbers are in use but the volume you can push through with even a basic computer and net connection doesnt make it hard.
Interestingly, the last eight digits of my N&P debit card number are the same as my bank account number.
Presumably digit 7 or 8 is manipulated so that the last digit still works as the check digit.
If I posted my N&P bank account number here, there's less than a one in one hundred chance that someone would guess my card number.
And, as we all know, our bank account numbers don't need to be kept secret.
However, given PayPal's limited buyer protection and despite its promise that it's the safest way to pay, I would usually prefer to pay for things using a debit or credit card.0 -
It got me thinking just how lax the security is at PayPal compared to my bank.
Not that lax: 2FA means they send me a text whenever my username and password are used to login, plus they can't go further without having access to my mobile (giving me ample time to change my password). Plus, I also receive a notification whenever I pay someone (typically within seconds of the transaction), whilst my bank waits until the next day.
Still, unless I buy something on ebay or spend under £100, I still prefer my credit card. I use my debit card only for well known sites which charge for use of a CC (like the DVLA).0 -
Paypal is not a bank. Why would you expect it to have bank-level security?0
-
Not that lax: 2FA means they send me a text whenever my username and password are used to login, plus they can't go further without having access to my mobile (giving me ample time to change my password). Plus, I also receive a notification whenever I pay someone (typically within seconds of the transaction), whilst my bank waits until the next day.
Are there any emergency ways in like Gmail do with one time use only emergency codes just in case your mobile is lost/broken/unavailable or simply there there is no signal where you are.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards