Long before Venmo, Payoneer, Google Pay, and Apple Pay existed, there was PayPal. And now, with hundreds of millions of users, PayPal continues to dominate the digital payment market. Since people and businesses continue to use it, it’s easy to assume it’s safe. Exactly how safe is it to use PayPal? And does PayPal come with any risks? Those are the questions we answer in this report.
Is PayPal Safe?
Security and fund safety have always been the top priorities for PayPal. The service acts as a secure intermediary for online payments. By trusting PayPal with your payment information, you can transact online without revealing your credit card or bank account information to whoever is on the other end. Since your payment information is obscured, it’s safe in case the website you’re transacting with experiences a data breach. It also protects you from a new type of malware that skims credit card information from e-commerce websites.1
To answer the question: Yes, PayPal is safe to use. But that doesn’t mean there aren’t any drawbacks to using PayPal. There are — and we’ll discuss them below — but PayPal generally is a safe way to move money around. How safe? We’ll answer that in the next section.
PayPal Security and User Safety Features
The secret to PayPal’s security lies in the service’s technology and policies. Below, we highlighted some of the features and policies that make PayPal secure and safe to use.
Every transaction you make through PayPal is end-to-end encrypted, which means your transaction data is encrypted before it leaves your device and will remain that way until it reaches the receiving end. Intercepting your transaction data will do no good for hackers, because all they’ll see are encrypted data packets and not the content itself. That’s a good start considering Venmo, another digital payment service owned by PayPal, makes transaction data available to the public by default. You can read our safety assessment of Venmo for more information.
Additional Information: PayPal uses secure socket layer (SSL) protocol with 128-bit encryption to secure transaction data. SSL is a method used to encrypt and decrypt data transferred between a user’s browser and a website’s server. Currently, 256-bit SSL is the gold standard, but 128-bit SSL is still logically unbreakable.
Browser Integrity Checks
Another great thing about PayPal is that it checks the integrity of the browser you’re using before it lets you log in to your account. It makes sure your browser uses a secure HTTPS connection and that its Transport Layer Security (TLS) configuration is strong. In layperson’s terms, PayPal checks whether your browser is capable of sending data through the internet securely. If your browser doesn’t meet PayPal’s security standards, it simply won’t let you log in.
PayPal set forth this process to reduce the likelihood of online attacks that could compromise your PayPal account, personal data, and payment information. One type of attack PayPal hopes to stop is man-in-the-middle (MITM) attacks, in which a hacker positions themselves between you and the website you’re transacting with.2 MITM attackers passively collect information from your traffic, which they could use to commit fraud or identity theft.
PayPal Security Key
Unlike the features above, PayPal’s security key feature is optional, but PayPal offers it as a great way to protect your account. Whenever you or someone else tries to log in to your PayPal account, a one-time PIN sent to your registered phone number will have to be entered as well. Without it, you — or someone impersonating you — can’t gain access to your account. This process is also known as two-factor authentication.
Beyond security features, PayPal has policies that can keep its users safe from scams and fraud. One of those policies is Buyer Protection.3 If an item you bought online doesn’t arrive, doesn’t match the seller’s description, is defective, or turns out to be counterfeit, PayPal will reimburse the full cost — including shipping — after launching an investigation. All you have to do is file a report within 180 days of the transaction. It’s a great way to protect buyers from fake listing scams and other forms of online shopping scams.
To be eligible for this program, your online purchase must be paid:
- Through PayPal
- In a single payment
- Using a PayPal account in good standing
Did You Know: The Buyer Protection Program is one of the reasons people choose PayPal over paying directly using credit cards. Most credit cards with the same policy cover costs only up to $50, if at all. With PayPal, you’ll get your money back in full.
The Risks of Using PayPal and How You Can Protect Yourself
Despite all of PayPal’s security features, it has downsides. After all, no service — no matter how good — is perfect. PayPal, however, really is one of the safer digital-payment services, and the risks of using it are minimal. As long as you know how to protect yourself, you shouldn’t have to worry.
What it is: Phishing scams are everywhere, and they come in many forms. Email phishing involves sending an email falsely claiming to be from PayPal or another legitimate company. The email asks victims to log in to their PayPal accounts, sometimes with the pretext that their accounts will be suspended if they don’t take action. The link in the email, however, actually leads to a copycat website that captures usernames and passwords. Scammers will then use the stolen information to take over PayPal accounts and make unauthorized payments.
What you can do: Phishing scams have existed for decades, but companies like PayPal can’t completely put an end to them because they target users directly. No matter how secure PayPal is, scammers can get login credentials directly from unsuspecting users. Your best protection is to train yourself to catch phishing attempts. Here are a few tips:
- Look for grammar mistakes. They are usually a telltale sign that the email is from a scammer rather than PayPal.
- Check the email address. Legitimate PayPal email addresses often end in “@paypal.com.”
- Look at the opening line. PayPal always uses the user’s full name when addressing them in emails. If the email opens with a generic greeting such as “Dear user” or “Ma’am/Sir,” be wary.
- Check the logo. To make their emails look legitimate, phishing scammers often include the real logo of the company they’re impersonating. Sometimes, however, the logos they use are outdated.
- Don’t click links. If the email asks you to click a link, hover over it with your mouse but don’t click it. The preview will show you whether the link is indeed to PayPal’s website or a copycat.
We’d like to applaud PayPal for making efforts to keep its users’ accounts secure. It gives users the option to enable two-factor authentication through security keys. Even if a scammer gets ahold of your login credentials, they won’t be able to access your account without your one-time PIN. PayPal also urges users to report phishing attempts so it can block stolen PayPal accounts and prevent further financial damage.
Pro Tip: Sometimes copycat websites used in phishing scams also contain spyware or a remote access trojan. Your computer could get infected simply by clicking a link. If you think you may have opened a phishing link, then use a good antivirus software, such as Norton, to cleanse your device right away. You can read our Norton antivirus review for more information.
What it is: There are lots of internet scams besides phishing scams that you should be wary of if you’re using payment services such as PayPal. These scams don’t usually originate from PayPal’s structure, but rather social-media websites, online games, emails, forums, and any other service or website where strangers can interact with you. Some of these scams are:
- Romance scams
- Fake software scams
- Easy-money investment scams
- Fake virtual item scams
These scams often persuade people using social engineering to send money through PayPal. For example, an easy-money investment scammer might tell you that you’ll receive generous returns if you let them invest your money.
What you can do: Like with phishing scams, you must do your part to make sure you don’t get scammed. A good rule of thumb is to not send money to strangers, even if they give you a good reason to. Before transacting with anyone, do a thorough background check on them. If you’re not completely certain they’re not scamming you, then it’s better stay on the safe side and not transact. Remember: Good opportunities knock only once, but scams pretending to be good opportunities knock incessantly.
Frozen PayPal Accounts
What it is: This one is different in that it’s a risk that comes from PayPal directly. In an effort to stop fraudulent transactions, PayPal may freeze an account if it has good reason to believe it’s being used fraudulently. The circumstances differ from one frozen account to another, but the common ground is that, if your account is frozen, you won’t be able to use PayPal until it’s resolved.
Some people claim, however, that their accounts were frozen mistakenly and that they weren’t able to reclaim their accounts after the fact. There was even a class-action lawsuit filed against PayPal recently for allegedly freezing accounts without explanation.4 The problem is that, if you had funds stored in your PayPal account at the time it was frozen, you wouldn’t be able to retrieve them.
What you can do: There are several things you can do to avoid a PayPal account freeze, such as avoiding making large withdrawals, limiting the amount you receive per day, or informing PayPal if you’re expecting to receive a large deposit. Unfortunately, if it happens, it happens. The best thing you can do is keep your PayPal fund to a minimum. Your money is better off stored in a bank account.
Pro Tip: If you’re looking to shore up your digital privacy and security, then consider one of the top-rated VPNs or one of the best antivirus software packages available.
PayPal and Your Privacy
Another angle to consider is how safe PayPal is with respect to your privacy. Payment services like PayPal are required by law to collect and verify information about their users to make it easier for the government to catch money laundering and other illegal activities.
When you create a PayPal account, it collects your personal information, including your name, postal address, phone number, email address, and other identification information. PayPal may also obtain information about its users from third-party sources, such as merchants you’ve transacted with, data providers, and credit bureaus. To use PayPal, you need to provide the company with your payment information. There are so many more types of data that PayPal collects, but the ones we mentioned are the most critical since they can be used to steal your identity or commit fraud.
The Good News
Now for the good news: To prevent information theft, PayPal uses a variety of technologies to securely store your data. That includes encryption, firewalls, and physical access controls to its data centers. It also stores its customers’ financial information in a single online “vault.” Think of it like this: It’s easier to protect your valuables if they are all in one vault because you can focus on securing only that vault. The same is true with your payment information collected by PayPal.
The Bad News
Here’s a hypothetical scenario: You’re confident that your personal information is safe because PayPal hasn’t had a security breach. However, a service provider to PayPal — one that has access to your information — had a security mishap and your information was leaked. Since you’re not directly connected to the company, you’re not aware of the breach — leaving you with no opportunity to take action immediately.
That’s a grim scenario, and the reason we recommend using an identity theft protection service even if you deal only with reputable companies like PayPal. The Aura identity protection service we reviewed, for example, alerts its customers to data breaches that involve their personal information.
The Bottom Line
With over two decades of service under its belt, it’s impressive how PayPal keeps improving the level of security it provides. From implementing necessary safeguards to having policies that protect the financial interest of its users, PayPal is doing what it can to remain a secure payment service provider.
If you use PayPal, however, remember that you also bear the responsibility of protecting yourself from scams. Educating yourself is a good first step, and you can start by reading our report on the latest internet scams and how you can protect yourself.
FAQs About PayPal
Want to learn more about PayPal? Let’s review some frequently asked questions about the service.
Is it safe to put my bank account on PayPal?
Yes, it is completely safe to link your bank account to PayPal. PayPal has extensive security measures in place to secure bank account information, including the use of end-to-end encryption on every transaction, firewalls, and storing all financial information in one secure online vault.
Can my PayPal account get hacked?
Technically, your PayPal account is safe from hacking. PayPal is a secure platform, and it takes all necessary measures to safeguard accounts. That said, a hacker could potentially access your PayPal account by obtaining login information from you through phishing attacks.
Is paying through PayPal safer than paying using a credit card?
Paying through PayPal is about as safe as paying using a credit card, but there are indirect advantages to using PayPal. Merchants won’t see your credit card information if you use PayPal, for example, thus reducing the risk of data exposure.
Is PayPal a bank?
No, PayPal is not a bank, but it offers features similar to banks through partnerships with banks such as the Bancorp Bank. You can obtain a debit card, credit cards, and lines of credit.
Sansec. (2022). NaturalFreshMall: a mass store hack.
Imperva. (2022). Man in the middle (MITM) attack.
PayPal. (2022). PayPal’s Buyer Protection Program.
Bloomberg. (2022). PayPal Sued for Freezing Customer Accounts Without Explanation.