|Sat Feb 28 2009 11:38:38|
Does PayPal Really Ask for Bank Account Passwords?
By: Ina Steiner
Some eBay sellers on a discussion board were questioning why PayPal was asking them to reveal passwords to their bank accounts. It certainly seemed like a valid concern, so I asked PayPal spokesperson Michael Oldenburg for more information.
Michael said PayPal does under some circumstances ask for that information if users want to instantly confirm their bank accounts. PayPal only asks that question - which is optional - when users are signed in to PayPal as a way to confirm a bank account instantly. Users may opt to use a different confirmation method that takes longer. Here's what he wrote in an email:
What the member referenced is our instant bank confirmation process. When members add a bank account to their PayPal accounts, we need to confirm that they are the owner of the account. There are two options to do this:
1) Random deposits - PayPal makes two small deposits to the member's bank account. The member then confirms the actual amount of these depots to let us know that they are the owner of the account. This process usually takes 2-3 days for the deposits to appear in the member's s bank account.
2) Instant bank confirmation - Using this option, members can confirm their account in minutes. It requires the member to type in his/her online banking username and password. PayPal then uses this data to validate ownership of the account. This instant process is relatively common today and is also used by many large financial institutions - such as Bank of America and eTrade - as a way of authenticating bank accounts.
It is important to know that during the instant process, PayPal does not save the member's online banking credentials. Also, instant bank confirmation is an optional process. Members can always elect to use the random deposit option if they prefer.
Given that PayPal, like other financial services, is a target of phishers, I'm not convinced it's a good idea to set a precedent for asking for someone's bank account password. Wouldn't it be better if the rule was, never give out your bank account password to anyone under any circumstances, no exceptions?
Michael explained that PayPal would never ask for such information in an email, nor would an agent ever ask for that. (So beware of phishing emails and phone calls.) He also pointed to a recent PayPal blog post that reminded users to update their Internet browsers to the latest version. PayPal has worked with Verisign's Extended Validation Certificate program so the latest browsers will glow green if you're really on the PayPal site, and will glow red if it believes you're on a spoof site.
This is feeling like cyber-security month, so remember - make sure you use up-to-date browsers and anti-virus software (preferably ones that keep themselves up-to-date automatically - check your settings), and be safe!