Is PayPal Safe? Discover PayPal’s safety features and potential risks

With over 426 million users worldwide and 25 billion total payment transactions, PayPal is among the most widely used payment processing systems. But just how safe is PayPal? Keep reading to explore its security features and potential risks.

Is PayPal safe?

Yes, PayPal is a secure platform that uses encryption and fraud detection to protect your personal information. It also offers buyer protection, which helps resolve disputes with merchants and secure refunds for certain purchases.

But not all PayPal transactions offer the same level of protection. Payments categorized under “Friends and Family” don’t include purchase protection, so using this option to buy goods is riskier. When shopping online, always mark the payment “Goods and Services,” which includes dispute resolution and refund options.

Is PayPal safer than Cash App or Zelle?

PayPal, Cash App, and Zelle are all fairly safe to use if you take advantage of their security features and carefully vet payment recipients. But when it comes to buyer protection, PayPal has the edge — Zelle and Cash App don’t offer purchase protection on most transactions, making them riskier for online shopping.

A 2023 FTC report showed that scams and fraud are fairly common across all three payment apps, with PayPal mentioned in 28% of reports, Cash App in 24%, and Zelle in 20%. While Zelle may seem more secure since it operates directly through banks, PayPal and Cash App rely on FDIC-insured partner banks to protect user funds.

Is PayPal safer than credit cards?

While both PayPal and credit cards offer strong security features, credit cards generally provide better fraud protection and more chargeback options. PayPal, however, adds a layer of privacy by keeping your financial details hidden from merchants.

PayPal security features explained

PayPal’s security features include encryption, security keys, protection for buyers and sellers, fraud monitoring, payment confirmation, two-factor authentication (2FA), and browser integrity checks.

Here’s how each of these features works:

Encryption

PayPal employs advanced encryption protocols to protect your personal and financial data by converting it into unreadable code during transmission and storage, preventing unauthorized access by hackers. And instead of sharing your payment details, the app generates a unique transaction ID for sellers, helping to ensure buyers’ full credit card or bank account numbers remain private.

PayPal security key

PayPal passkeys offer a secure, password-free way to access your account using biometric authentication, such as facial recognition or fingerprints, along with a passkey. This technology enhances security by requiring multiple verification methods, making it significantly harder for hackers to gain access.

Purchase protection

PayPal Buyer Protection helps safeguard your purchases by offering refunds for eligible transactions if an item never arrives or is significantly different from its description. If you fall victim to a PayPal scam, you may qualify for reimbursement.

Once your claim is approved, PayPal may refund the full purchase price plus the original shipping costs. However, only transactions marked as Goods and Services are covered. Certain purchases, including real estate, vehicles, and digital currencies, are excluded from protection.

To qualify for buyer protection, you must report issues through PayPal’s Resolution Center within 180 days of the transaction date and provide any required documentation.

Seller protection

The PayPal Seller Protection program helps protect sellers against claims of unauthorized transactions and missing items. By meeting eligibility requirements — such as shipping to the address listed on the transaction details page and providing proof of delivery — you may retain the full purchase amount even if a buyer disputes the charge.

Physical goods that you can ship and some intangible goods are covered, as are certain services, but custom-made items and real estate transactions typically aren’t eligible for protection.

Fraud monitoring

Fraud can occur on PayPal when someone illegally gains access to your personal information or conducts unauthorized transactions. To combat this, PayPal employs advanced security measures, including 24/7 monitoring to detect unusual account activity.

For instance, if a login attempt is made from an unfamiliar device or location, PayPal may flag the account or require identity verification. Additionally, the platform leverages machine learning and predictive algorithms to identify suspicious patterns, such as rapid transactions or irregular spending habits.

Email payment confirmation

PayPal email confirmation helps you keep track of your transactions and detect unauthorized activity. Whenever a payment is sent or received, PayPal sends you an email confirmation. If you receive a confirmation for a payment you didn’t authorize, you can report it immediately, allowing PayPal to investigate and take action to protect your account.

Two-factor authentication

2FA adds an extra layer of security to your PayPal account by requiring a second step to verify your identity when logging in. Along with your password, you'll need a unique code from an authenticator app like Google Authenticator or Microsoft Authenticator. This helps prevent unauthorized access, even if someone has your password.

Browser integrity checks

PayPal performs checks to verify that your browser uses a secure HTTPS connection and a strong Transport Layer Security (TLS) configuration to transmit data safely. If your browser doesn’t meet these security standards, PayPal will block login attempts, protecting you against man-in-the-middle attacks and other threats arising from an unsecured connection.

For added security, consider using Norton VPN to encrypt your internet connection and help ensure the data you send and receive remains private and protected, even on public networks.

Risks of using PayPal

While PayPal is mostly secure, users could be exposed to scams, data breaches, or undesirable data collection practices while using the service.

Scams

While PayPal is mostly a secure platform, you can still fall victim to scams if you aren’t careful. Scam risks aren’t inherent to the PayPal platform itself, but fraudsters may impersonate PayPal or trick users into sending money to fraudulent accounts.

In a recent PayPal scam, hackers exploited a vulnerability to send phishing emails from PayPal’s legitimate address, falsely claiming a MacBook had been purchased through the recipient’s account. The emails urged users to call a scam support number, where fraudsters posed as PayPal reps to steal login credentials and financial data to make unauthorized purchases or commit identity theft.

Other common PayPal scams include:

• Fake invoice scams: Scammers send fraudulent invoices requesting payment for goods or services you never purchased.
• Overpayment scams: A buyer “accidentally” overpays for an item and asks you to refund the extra amount, but the initial payment later turns out to be fraudulent.
• Phishing emails: Emails impersonating PayPal claim there’s an issue with your account, urging you to click a link and enter login details on a fake website.
• Charity scams: Fraudsters pose as charities requesting PayPal donations. They often exploit natural disasters or humanitarian crises to trick you into sending money.
• Customer service impersonation: Scammers pose as PayPal support representatives, contacting you via phone, email, or text and requesting sensitive information to fix a made-up issue.
• Government impersonation: Fraudsters pretend to be from government agencies, claiming you owe fines or taxes you have to pay immediately through PayPal to avoid legal consequences.

Curious about exactly what types of PayPal scams may pop up in your inbox? Take a look at some examples below:

• PayPal tech support scam: A PayPal invoice scam may claim a payment is due or was processed by mistake. Though it looks legitimate, it's from scammers seeking personal data or unauthorized payments. The invoice may include a phone number, but calling it risks exposure to fraud, as scammers may steal login details, payment info, or install malware.
• No-pishing PayPal phishing scam: In the “phish-free” PayPal phishing scam, you receive a legit-looking email with a payment request link. However, it’s actually addressed to someone else, tricking you into thinking it’s yours. Since it uses PayPal’s real payment request feature, everything seems authentic — except for the easily overlooked “to” address.
• PayPal customer care scam: In this PayPal email scam, a fake email claims an unauthorized transaction occurred, urging you to contact a "fraud prevention team" via a DocuSign link. The email comes from a suspicious .net address with a Gmail reply-to. Clicking the link leads to a fake site designed to steal your personal information.

Data breaches

When corporate networks containing sensitive personal and financial information are compromised, data breaches can expose customers to identity theft and fraud. In a high-profile 2022 incident, hackers breached PayPal’s systems, exposing nearly 35,000 customers' data, including names, addresses, Social Security numbers, and financial details.

And while PayPal has invested heavily in boosting and maintaining its security, no system is entirely hack-proof, making future breaches possible. So, there is a risk associated with sharing your data with PayPal, or any organization.

Data sharing

PayPal collects information like financial details, personal identifiers, and geolocation data and shares it with third parties such as payment processors, service providers, and merchants to deliver services, process transactions, and personalize your experience. Most sharing requires your consent.

This data sharing streamlines transactions, prevents fraud, and tailors services, but it also carries risks. Hackers can exploit your personal information if a vendor or financial institution mishandles or leaks this data.

If you’re uncomfortable with PayPal analyzing your transaction data to understand what you like to buy and sell, you can customize your interest-based marketing preferences.

Tips for using PayPal safely

To help ensure your safety while using PayPal, it’s crucial to follow simple yet effective steps for significantly reducing the risk of fraud, unauthorized transactions, and account breaches.

Here's a list of the most important best practices for protecting your PayPal account:

• Create strong passwords: Ensuring your passwords are unique will make them stronger and harder for hackers to guess.
• Don’t respond to fishy messages: Watch out for phishing attempts. Avoid responding to unsolicited emails or texts asking for personal information or directing you to suspicious links.
• Enable 2FA: Add an extra layer of security by requiring both your password and a code sent to your phone to log in.
• Set up account activity notifications: Get instant alerts for any unusual transactions or account changes.
• Beware of Friends and Family payments: Only use this payment option with trusted individuals that you know personally, since it doesn’t offer buyer protection.
• Ignore unknown payment requests: Verify the sender before making payments to avoid scammers.
• Report suspicious activity to PayPal: Alert PayPal about anything unusual so they can investigate.
• Opt out of data sharing: Limit the personal information PayPal shares with third parties to reduce exposure to data breach risks.

Protect yourself from PayPal risks

PayPal is a secure payment platform that offers strong buyer protection, but it can’t always save you from scams.

Norton 360 Deluxe helps keep your entire digital life more secure, bundling malware protection with a powerful VPN and AI-powered scam detection technology capable of spotting sophisticated phishing attacks. Plus, its Privacy Monitoring feature will help you remove your personal information from the web, making you less likely to be targeted by scammers in the first place.

FAQs

Is PayPal safe to use with strangers?

PayPal can be safe to use with strangers if you mark payments as Goods and Services, which offers buyer protection. Avoid sending Friends and Family payments to people you don’t know personally.

Is it safe to link my bank account to PayPal?

Linking your bank account to PayPal is generally safe, as PayPal employs encryption and robust security measures to safeguard your information. However, it's important to regularly monitor your account for any suspicious activity, such as unauthorized transactions or unfamiliar logins. If you spot any discrepancies, report them to PayPal immediately.

Is there a downside to using PayPal?

The downsides to using PayPal include expanding your digital footprint and exposure to data breaches, potential fees for certain transactions, and the risk of falling for scams — if a fraudster convinces you to send them money and mark the transaction Friends and Family, you’re unlikely to ever get it back.

Is PayPal safer than a credit card?

Both PayPal and credit cards offer strong security, but credit cards generally provide better fraud protection and chargeback options. On the other hand, when you use PayPal, don’t share your credit card details directly with merchants, which helps to shield your sensitive financial data.