AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Tue Dec 29 2015 11:54:25

How Safe Is Your PayPal Account?

By: Ina Steiner

Sponsored Link

Your PayPal account may not be as invulnerable as you think, according to security expert and blogger Brian Krebs. On Monday, he wrote about his own experience in having his PayPal account hacked on Christmas Eve, and then hacked again 20 minutes after PayPal said it would monitor the account for suspicious activity.

It wasn't through a sophisticated computer hacking program - here's how the fraudster managed the account takeover according to Krebs: 

"The attacker had merely called in to PayPal's customer support, pretended to be me and was able to reset my password by providing nothing more than the last four digits of my Social Security number and the last four numbers of an old credit card account."

Where people might not provide their full account numbers online or over the phone, many people feel comfortable providing the last four numbers of such accounts when seeking customer service assistance. But the problem goes well beyond that. 

Krebs says static identifiers (address, social security number, date of birth, phone number, credit card number, etc. are no longer secret and are available for sale in the cybercrime underground. (He should know, he's been intimately involved in sniffing out fraud for many years.)

His conclusion: "Most organizations - including many financial institutions - remain woefully behind the times in authenticating their customers and staying ahead of identity thieves."

He has some advice for PayPal - you can read the full post on the Krebs on Security blog. And we've asked PayPal for a response and asked if there are there measures users could take to protect themselves from the type of fraud Krebs encountered.

Update 12/30/15: PayPal provided us with the following statement:

"The safety and security of our customers' accounts, data and money is PayPal's highest priority. Due to our privacy policies that protect our customers, PayPal does not publicly disclose details about our customers' accounts or their specific cases. However, it appears that our standard procedures were not followed in this case. While the funds remained secure, we are sorry that this unacceptable situation arose and we are reviewing the matter in order to prevent it from happening again."




Comments (15) | Permalink

Readers Comments

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: sasikat9 This user has validated their user name.

Tue Dec 29 14:51:04 2015

Its so safe that we dump the days deposits into our banking account each afternoon. Now thats safe.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: comments This user has validated their user name.

Tue Dec 29 18:24:45 2015

I have my concerns with paypal, but account security is not one of them. Unauthorized payments are typically covered and most people don't know the last 4 of your social and CC unless they are family. If your family is stealing from you then you have bigger problems then the security of paypal.  

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: imbloated This user has validated their user name.

Wed Dec 30 00:22:50 2015

social security numbers are available in older publicly available court documents, to school,medical and insurance receptionists, and credit card numbers are available to any clerk where he card has been used.  These methods are useless, and this info are sold, as the poster wrote.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: Tiffee Jasso This user has validated their user name.

Wed Dec 30 02:14:05 2015

I think there ought to be at least one if not two security questions asked. If the person knows the name of your pet and your Aunt Tilda's name then it is family or they have broken into the back door and downloaded the info. I do recall getting a spoof email from Paypal. Since I had just registered the email with Paypal and no one else, I notified Paypal they had a leak somewhere or an employee that was selling information. It is kind of hard to cover all the various bases that are involved in security on the internet where a high school kid can break into the Pentagon. How can anyone keep ahead of them?

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: RawFoodGuy This user has validated their user name.

Wed Dec 30 09:02:13 2015

There has been a solution to this already for many years on Paypal and eBay. It should get more promo though. I have a physical Paypal security key that generates a unique new 6 digit login key every few seconds. When you sign up for that you must login with your password then enter a fresh, just-generated security key. I got it after being hacked and for years since haven't had another problem in PayPal or eBay. Highly recommended...and deals with this problem once and for all in my experience.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: frustrated This user has validated their user name.

Wed Dec 30 09:19:41 2015

How can they keep ahead of them??

Here.

Make the banks 125% responsible for ALL ACCOUNT thefts ALL OF THEM. 175% responsible if it's a cyber hack.   Make them pay damages to those affected.

Wanna see security holes patched in no time??

Do this and they will be.

Don't? Make consumers  responsible for stuff they have 0 control over? Gonna stay exactly like it is today.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: Volvo351 This user has validated their user name.

Wed Dec 30 09:25:12 2015

Identity thief had knowledge of the two pieces of info needed to get the password reset done. How did this "security expert" allow that to happen?

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

This user has validated their user name. by: Rexford

Wed Dec 30 11:31:38 2015

John Donahoe is at PayPal now. So to answer the question, no, PayPal is not safe.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

This user has validated their user name. by: Shop and Ship

Wed Dec 30 13:16:22 2015

Well, as a suggested answer to "how could this happen?" it appears that the Georgia Secretary of State's office released private data on 6 MILLION registered voters including their Birth Dates, Social Security Numbers, Driver's License Numbers, and Street Addresses. SIX MILLION. The U.S. Census Bureau counts 10 Million residents in Georgia - and 25% are under 18 years of age.

According to later news reports, Georgia does not believe this is a problem because "all of the data" was recovered about 6 to 8 weeks later. ha ha ha  

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

This user has validated their user name. by: The End

Wed Dec 30 13:30:30 2015

That's why we DON'T USE PAYPAL !
For cryin' out loud.
And : NEVER EVER store your credit card information on Ebay.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: Mark4 This user has validated their user name.

Wed Dec 30 16:13:18 2015

Well good old JOhnny HO is not at paypal so expect paypal to have the same problems that ebay has been experiencing the last few years. Paypal is not safe.....

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

This user has validated their user name. by: White Rabbit

Thu Dec 31 09:25:51 2015

a tad off topic but related.

I think a few already mentioned this here. Be very sure to have a special extra bank account for online deposits. this puts a firewall up. transfer the funds to a regular account often and doing this keeps a minimal balance in your special online deposit account. any monthly fees for the extra account is well worth the added peace of mind.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: Volvo351 This user has validated their user name.

Fri Jan 1 09:22:08 2016

@sasikat9

You may "dump" PayPig balance INTO your bank account, but hacker can access said bank account via your PayPig account. What is needed is a ONE WAY "Check Valve" feature to prevent this.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

This user has validated their user name. by: White Rabbit

Fri Jan 1 13:25:57 2016

I am hoping by removal of said funds in checking account to an addition checking account (that you give NO ONE the info on) will relieve a lot of concern. including devastating chargebacks from PP , Venues and like institutions. :-) It puts the power and timing in your hands if you decide to settle up or not. I doubt hackers are a concern as much as venue actions and Hackers are stopped to the extent of your balance in this manner. PP and Banks cover problems with hackers but their timing could take a bad situation and make it worse. Just saying for $5 a month or nothing you can have an account that these guys ''know'' (they have the account info pp Ebay, other venues) between you and an account they have zero access to as they do not have the account number.

this has been mentioned here by many.. not my idea but a very good one that I did set up after reading it on this site. just be sure you NEVER give out the account info of the final account to Ebay, venues or PP. as you authorize them to use it in the TOS you sign legally as you set up the account or in Ebay's case the updated agreement you signed.

How Safe Is Your PayPal Account?   How Safe Is Your PayPal Account?

by: justchangecarriers This user has validated their user name.

Fri Jan 8 16:51:08 2016

I thought they told us it was guarded by ninjas?



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.