All of our content is written by humans, not robots. Learn More
Antivirus Guide

Is PayPal Safe?

Let’s take a close look at PayPal’s security practices, customer protection, and privacy policy.

All of our content is written by humans, not robots. Learn More
By
&
Gabe Turner
Gabe Turner Chief Editor
Last Updated Sep 26, 2024

Long before Venmo, Payoneer, Google Pay, and Apple Pay existed, there was PayPal. And now, with hundreds of millions of users, PayPal continues to dominate the digital payment market. Since people and businesses continue to use it, it’s easy to assume it’s safe. But, exactly how safe is it to use PayPal? And does PayPal come with any risks? Those are the questions our cybersecurity experts answer in this report.

Is PayPal Safe?

Security and fund safety have always been the top priorities for PayPal. The service acts as a secure intermediary for online payments. By trusting PayPal with your payment information, you can transact online without revealing your credit card or bank account information to whoever is on the other end. Since your payment information is obscured, it’s safe in case the website you’re transacting with experiences a data breach. It also protects you from a new type of malware that skims credit card information from e-commerce websites.1

To answer the question: Yes, PayPal is safe to use and is generally a safe way to move money around. But that doesn’t mean there aren’t any drawbacks to using PayPal. There are — and we’ll discuss them below.

PayPal Security and User Safety Features

The secret to PayPal’s security lies in the service’s technology and policies. Below, we highlighted some of the features and policies that make PayPal secure and safe to use.

End-to-End Encryption

Every transaction you make through PayPal is end-to-end encrypted, which means your transaction data is encrypted before it leaves your device and will remain that way until it reaches the receiving end. Intercepting your transaction data will do no good for hackers because all they’ll see is gibberish, encrypted data packets that they can’t decrypt unless they have the encryption key. That’s a good start considering Venmo, another digital payment service owned by PayPal, makes transaction data available to the public by default.

Did You Know: Read our safety assessment of Venmo for more about the security side of using this peer-to-peer payment app.

Additional Information: PayPal uses a secure socket layer (SSL) protocol with 128-bit encryption to secure transaction data. SSL is a method used to encrypt and decrypt data transferred between a user’s browser and a website’s server. Currently, 256-bit SSL is the gold standard, but 128-bit SSL is still logically unbreakable.

Browser Integrity Checks

Another great thing about PayPal is that it checks the integrity of the browser you’re using before it lets you log in to your account. It makes sure your browser uses a secure HTTPS connection and that its Transport Layer Security (TLS) configuration is strong. In layperson’s terms, PayPal checks whether your browser is capable of sending data through the internet securely. If your browser doesn’t meet PayPal’s security standards, it simply won’t let you log in.

PayPal set forth this process to reduce the likelihood of online attacks that could compromise your PayPal account, personal data, and payment information. One type of attack PayPal hopes to stop is man-in-the-middle (MITM) attacks, in which a hacker positions themselves between you and the website you’re transacting with.2 MITM attackers passively collect information from your traffic, which they could use to commit fraud or identity theft.

Tip: Using a VPN is an effective way to make MITM attackers clueless about your online communications. Much like how PayPal encrypts transactions from end to end, VPNs secure your network by encrypting all your online traffic – not just your online transactions – before it leaves your device.

PayPal Security Key

Unlike the features above, PayPal’s security key feature is optional, but PayPal offers it as a great way to protect your account. Whenever you or someone else tries to log in to your PayPal account, a one-time PIN sent to your registered phone number will have to be entered as well. Without it, you — or someone impersonating you — can’t gain access to your account. This process is also known as two-factor authentication.

Pro Tip: Using a strong password can also help keep your accounts secure. Use our trusted password generator to safely come up with a passcode that’s far from easy to guess.

Buyer Protection

Beyond security features, PayPal has policies that can keep its users safe from scams and fraud. One of those policies is Buyer Protection.3 If an item you bought online doesn’t arrive, doesn’t match the seller’s description, is defective, or turns out to be counterfeit, PayPal will reimburse the full cost — including shipping — after launching an investigation. All you have to do is file a report within 180 days of the transaction. It’s a great way to protect buyers from fake listing scams and other forms of online shopping scams.

To be eligible for this program, your online purchase must be paid:

  • Through PayPal
  • In a single payment
  • Using a PayPal account in good standing

Did You Know: The Buyer Protection Program is one of the reasons people choose PayPal over paying directly using credit cards. Most credit cards with the same policy cover costs only up to $50, if at all. With PayPal, you’ll get your money back in full.

The Risks of Using PayPal and How You Can Protect Yourself

Despite all of PayPal’s security features, it has downsides. After all, no service — no matter how good — is perfect. PayPal, however, really is one of the safer digital-payment services, and the risks of using it are minimal. As long as you know how to protect yourself, you shouldn’t have to worry.

Phishing Scams

What it is: Phishing scams are everywhere, and they come in many forms. Email phishing involves sending an email falsely claiming to be from PayPal or another legitimate company. The email asks victims to log in to their PayPal accounts, sometimes with the pretext that their accounts will be suspended if they don’t take action. The link in the email, however, actually leads to a copycat website that captures usernames and passwords. Scammers will then use the stolen information to take over PayPal accounts and make unauthorized payments.

Smishing or phishing text messages are similar. Cybercriminals craft texts that appear as though they are from trusted and reputable sources. Like email scams, the goal of these messages is to get you to click on a link or to share your personally identifiable information.

What you can do: Phishing scams have existed for decades, but companies like PayPal can’t completely put an end to them because they target users directly. No matter how secure PayPal is, scammers can get login credentials directly from unsuspecting users. Your best protection is to train yourself to catch phishing attempts. Here are a few tips:

  • Look for grammar and spelling mistakes. They are usually a telltale sign that the email or text message is from a scammer rather than PayPal.
  • Check the email address. Legitimate PayPal email addresses often end in “@paypal.com.”
  • Look at the opening line. PayPal always uses the user’s full name when addressing them in emails. If the email opens with a generic greeting such as “Dear user” or “Ma’am/Sir,” be wary.
  • Check the logo. To make their emails look legitimate, phishing scammers often include the real logo of the company they’re impersonating. Sometimes, however, the logos they use are outdated.
  • Don’t click links. If the email or text message asks you to click a link, hover over it with your mouse but don’t click it. The preview will show you whether the link is indeed to PayPal’s website or a copycat.
  • A sense of urgency. Be wary of messages telling you urgent action is required. Legitimate banks and financial institutions, like PayPal, will not communicate in a threatening way.
  • Asking for sensitive information. PayPal won’t ask you to text back any personal or banking information.
  • Wrong number of digits. Text messages will usually be sent from 10-digit numbers. Some political or advertising messages will be sent from a five- or six-digit shortcode. Use https://usshortcodedirectory.com to make sure the shortcode is legit. If you get a text from an 11-digit phone number, it’s most likely a scam.

We’d like to applaud PayPal for making efforts to keep its users’ accounts secure. It gives users the option to enable two-factor authentication through security keys. Even if a scammer gets ahold of your login credentials, they won’t be able to access your account without your one-time PIN. PayPal also urges users to report phishing attempts so it can block stolen PayPal accounts and prevent further financial damage.

Pro Tip: Sometimes copycat websites used in phishing scams also contain spyware or a remote access trojan. Your computer could get infected simply by clicking a link. If you think you may have opened a phishing link, then use a good antivirus software, such as Norton, to cleanse your device right away. You can read our Norton antivirus review for more information.

Internet Scams

What it is: There are lots of internet scams besides phishing scams that you should be wary of if you’re using payment services such as PayPal. These scams don’t usually originate from PayPal’s structure, but rather social-media websites, online games, emails, forums, and any other service or website where strangers can interact with you. Some of these scams are:

  • Romance scams
  • Fake software scams
  • Easy-money investment scams
  • Fake virtual item scams

These scams often persuade people using social engineering to send money through PayPal. For example, an easy-money investment scammer might tell you that you’ll receive generous returns if you let them invest your money.

What you can do: Like with phishing scams, you must do your part to make sure you don’t get scammed. A good rule of thumb is to not send money to strangers, even if they give you a good reason to. Before transacting with anyone, do a thorough background check on them. If you’re not completely certain they’re not scamming you, then it’s better stay on the safe side and not transact. Remember: Good opportunities knock only once, but scams pretending to be good opportunities knock incessantly.

Frozen PayPal Accounts

What it is: This one is different in that it’s a risk that comes from PayPal directly. In an effort to stop fraudulent transactions, PayPal may freeze an account if it has good reason to believe it’s being used fraudulently. The circumstances differ from one frozen account to another, but the common ground is that, if your account is frozen, you won’t be able to use PayPal until it’s resolved.

Some people claim, however, that their accounts were frozen mistakenly and that they weren’t able to reclaim their accounts after the fact. There was even a class-action lawsuit filed against PayPal recently for allegedly freezing accounts without explanation.4 The problem is that, if you had funds stored in your PayPal account at the time it was frozen, you wouldn’t be able to retrieve them.

What you can do: There are several things you can do to avoid a PayPal account freeze, such as avoiding making large withdrawals, limiting the amount you receive per day, or informing PayPal if you’re expecting to receive a large deposit. Unfortunately, if it happens, it happens. The best thing you can do is keep your PayPal fund to a minimum. Your money is better off stored in a bank account.

Pro Tip: If you’re looking to shore up your digital privacy and security, then consider one of the top-rated VPNs or one of the best antivirus software packages available.

PayPal and Your Privacy

Another angle to consider is how safe PayPal is with respect to your privacy. Payment services like PayPal are required by law to collect and verify information about their users to make it easier for the government to catch money laundering and other illegal activities.

When you create a PayPal account, it collects your personal information, including your name, postal address, phone number, email address, and other identification information. PayPal may also obtain information about its users from third-party sources, such as merchants you’ve transacted with, data providers, and credit bureaus. To use PayPal, you need to provide the company with your payment information. There are so many more types of data that PayPal collects, but the ones we mentioned are the most critical since they can be used to steal your identity or commit fraud.

The Good News

Now for the good news: To prevent information theft, PayPal uses a variety of technologies to securely store your data. That includes encryption, firewalls, and physical access controls to its data centers. It also stores its customers’ financial information in a single online “vault.” Think of it like this: It’s easier to protect your valuables if they are all in one vault because you can focus on securing only that vault. The same is true with your payment information collected by PayPal.

The Bad News

PayPal’s privacy policy expressly states that it may share users’ personal information with third parties, including other services involved in a transaction with you, members of the PayPal corporate family, companies that provide services to PayPal, and financial institutions. That’s not necessarily a bad thing; data sharing has become a part of how the corporate world works. As more companies and entities gain access to your personal information, however, the risk of identity theft increases as well.

Here’s a hypothetical scenario: You’re confident that your personal information is safe because PayPal hasn’t had a security breach. However, a service provider to PayPal — one that has access to your information — had a security mishap and your information was leaked. Since you’re not directly connected to the company, you’re not aware of the breach — leaving you with no opportunity to take action immediately.

That’s a grim scenario, and the reason we recommend using an identity theft protection service even if you deal only with reputable companies like PayPal. The Aura identity protection service we reviewed, for example, alerts its customers to data breaches that involve their personal information.

Aura App - Alert Thresholds
Aura App – Alert Thresholds

The Bottom Line

With over two decades of service under its belt, it’s impressive how PayPal keeps improving the level of security it provides. From implementing necessary safeguards to having policies that protect the financial interests of its users, PayPal is doing what it can to remain a secure payment service provider.

If you use PayPal, however, remember that you also bear the responsibility of protecting yourself from scams. Educating yourself is a good first step.

FAQs About PayPal

Want to learn more about PayPal? Let’s review some frequently asked questions about the service.

  • Is it safe to put my bank account on PayPal?

    Yes, it is completely safe to link your bank account to PayPal. PayPal has extensive security measures in place to secure bank account information, including the use of end-to-end encryption on every transaction, firewalls, and storing all financial information in one secure online vault.

  • Can my PayPal account get hacked?

    Technically, your PayPal account is safe from hacking. PayPal is a secure platform, and it takes all necessary measures to safeguard accounts. That said, a hacker could potentially access your PayPal account by obtaining login information from you through phishing attacks.

  • Is paying through PayPal safer than paying using a credit card?

    Paying through PayPal is about as safe as paying using a credit card, but there are indirect advantages to using PayPal. Merchants won’t see your credit card information if you use PayPal, for example, thus reducing the risk of data exposure.

  • Is PayPal a bank?

    No, PayPal is not a bank, but it offers features similar to banks through partnerships with banks such as the Bancorp Bank. You can obtain a debit card, credit cards, and lines of credit.

Citations
  1. Sansec. (2022). NaturalFreshMall: a mass store hack.
    sansec.io/research/naturalfreshmall-mass-hack

  2. Imperva. (2022). Man in the middle (MITM) attack.
    imperva.com/learn/application-security/man-in-the-middle-attack-mitm/

  3. PayPal. (2022). PayPal’s Buyer Protection Program.
    paypal.com/ph/webapps/mpp/ua/useragreement-full#pp-purchase-protection

  4. Bloomberg. (2022). PayPal Sued for Freezing Customer Accounts Without Explanation.
    bloomberg.com/news/articles/2022-01-13/paypal-sued-for-freezing-customer-accounts-without-explanation