Paypal Warning

Parent Cafe
21

<p>“It’s definitely smarter to connect you Paypal account to a credit card rather than to a bank account.” - I’ve wondered about that.</p>

<p>Years ago I accidentally took money out of somebody else’s acount at the credit union office at work. It was a teller error. The funny thing was that day I stopped by my friend’s office and she was scratching her head, calling her husband, checking her checkbook register… chasing $100 lost. I joked that I had withdrawn $100 earlier, and maybe it was. A few days later the credit union chased down their problem looking at signatures etc… and it turned out that it was my account that benefited (temporarily, until we got it fixed).</p>

22

<p>I use Google Checkout. It seems a lot easier.</p>

23

<p>Botw I get that and I also pay bills electronically but that generally requires you to authorize each payment or to authorize automatic monthly payments. Pay pal is a different horse…I did not buy or sell anything and yet pay pal removed money from my bank account. Not okay with me. EVER</p>

24

<p>I also got the $2000 limit warning so I opened up a separate account and put $200 in it and that is what is linked to Paypal. I figure the worst that can happen is that I lose $200.</p>

25

<p>you can avoid the issue by setting up an account at your bank just for e-transactions.
Never leave money in the account and only deposit money in the account right before you transfer it to the person intended to receive the funds.
If money is deposited into the account from outside sources, remove it immediately to your regular checking account.
Leave -0- in the account or the minimum if required</p>

26

<p>

</p>

<p>Any entity that has your bank account number can remove money from your account without your permission. It’s fraud and not allowed to happen, but it can. Just because they “require” you to authorize doesn’t mean they can’t remove money from your account without you authorization. The technical capability is there.</p>

<p>In this case, PayPal didn’t remove money. Somehow, someone used your account to remove money. It wasn’t the PayPal people who did it, it was a fraudster who found a way to mess with the system.</p>

<p>Not too different than the fraudster who stole a whole bunch of e-mail addresses lately.</p>

27

<p>

You might want to run a virus check on your home computer – sometimes a trojan “keylogger” program can be installed that essentially grabs your password as you type it. </p>

<p>I am NOT trying to put the blame on you in any way – I’m just looking at things from a security standpoint. For example, I bank online. If my paypal account was compromised, I’d worry about whether my bank accounts could also be compromised. So I’d want to get to the bottom of where the breach occurred.</p>

28

<p>calmom agreed and I have had it checked out. In the meantime I had paypal limit my account to avoid future issues and now just received an email that due to the limitation they can’t put the money back in my account. Grr…at least I finally have the email of a supervisor in the fraud department so have emailed him to get it handled.<br>
Lesson learned. No bank account connected to paypal ever again.</p>

29

<p>babyontheway actually your analysis is not correct probably due to my inefficient explanation of the situation but I am too tired to explain further. Suffice it to say if even one poster has removed their bank account from paypal I feel good.</p>

30

<p>I did, Ebeeeee. Thank you :)</p>

31

<p>I so rarely use paypal that I heeded our warning and just deleted my checking account link. Will worry about the verified/unverified thing and the limits if/when it is an issue. Thanks for the heads up.</p>

32

<p>Deleted my bank account, still have my credit/debit card on file. Only use it for my ebay purchases, but maybe I shouldn’t say only, because that means I do use it quite q bit, ha! Have a feeling that I will run into problems with the whole verified acct thing, but who knows? maybe I’ll save some moola and rethink my purchases.</p>

<p>Good luck and thanks for the heads up!</p>

33

<p>I stopped using paypal a couple of years ago and it was linked to a savings account. I really just used it to make ebay purchases. The last time I did try to use it, they gave me a hard time and also told me I was " unverified " and wouldn’t accept my payment. Then I was notified that according to pypal , my bank account had been frozen which wasn’t even close to being true. They wanted me to jump through all kinds of hoos for a relatively small purchase. I wasn’t willing to do any of it since there wasn’t any problem with my bank account. This hassle put a bad taste in my mouth for not only paypal , but ebay as well. The last few transactions were paid or via money order and once I was scammed by doing this …nothing I need enough to go thru all of this inconvenience and compromise my personal accounts</p>

34

<p>The following email arrived a few minutes ago. Most likely a phishing scam (“Just open the attachment and you’ll get a big surprise!”), but there’s some small chance it’s from PayPal. If so, it means PayPal is monitoring credit cards attached to their files, even if there are no PayPal charges pending. Still, I think the email’s a scam:</p>

<hr>

<p>Dear Valued Member of PayPal,</p>

<p>Our system detected unusual charges to a credit card linked to your PayPal
account. Reference Number: PP-152-173-994</p>

<p>Why is my account access limited?
Access to your account was limited for the following reasons:</p>

<pre><code> We have established that someone tried to access your PayPal
</code></pre>

<p>account without your permission. To ensure greater security, we have limited access to your account. We have sent you an attachment which contains all the necessary steps in order to restore your account access. Please download and open it in your browser.
(The locator for this reason is PP-152-173-994)</p>

<pre><code> We thank you for your prompt attention to this matter. Please
</code></pre>

<p>understand that thisis a security measure intended to protect you and your account. We apologise for any inconvenience.</p>

<p>Thank you,</p>

<h2>PayPal Account Review Department</h2>

35

<p>That’s a scam, very obviously. PayPal would never send an attachment. </p>

<p>You should never click a link inside an email in order to get to the site. Instead you would want to open your browser and navigate directly. </p>

<p>Do you know how to view the headers in an email? It’s very easy to tell when it’s a sham email if you look at the underlying code.</p>

36

<p>Had a similar experience as Ebeeeee a couple of years ago on my Paypal account. A relatively small amount ($50) was paid from my bank acccount via Paypal for a transaction I didn’t make. Actually, Paypal flagged the purchase and notified me, but not before they had paid the money from my account. Upon investigation, it turned out to be a charge for video gaming paid to a company in China. My money was returned, but not without a week’s worth of hassle. Like Ebeeeee, lesson learned and I immediately removed my checking account link. Trust me when I say that it is far better to have your credit cards compromised than your banking accounts because having to freeze your banking accounts is a nightmare. As to how hacker got password necessary to gain access to my Paypal account, I have no idea. I did immediately change passwords, of course.</p>

37

<p>Do people realize that anybody you write a check to has your checking account number and routing number? It’s right there on the check.</p>

<p>When you “link” your account to Paypal, all you are doing is providing PayPal with the same information you would have provided anyway had you mailed in a check to the person you are buying products from.</p>

38

<p>I’m one of the folks who deleted my bank account from my PayPal account based on ebeee’s experience.</p>

<p>But now I am wondering… I help a non-profit community theater, handling their website. One of the things I did per their request is set them up to accept payments via PayPal. They are set up as a non-profit with PayPal (allows them to accept donations, and makes for slightly cheaper transaction costs). Everyone is happy with it.</p>

<p>The theater doesn’t buy anything via PayPal, but obviously receives funds as people purchase theater tix online. The bank account is linked, so that I can transfer the funds over after each production.</p>

<p>Puts them at risk too, I suppose. This is a group of people who do NOT handle change easily, lol. Should I tell them they need a separate bank account to receive the PayPal funds to be safe? </p>

<p>Some other solution? Is there any reason they wouldn’t be at the same risk as anyone else? Was I overreacting to de-link my own account?</p>

39

<p>Anybody that has the non-profit community theater has paid already has their checking account number because it’s at the bottom of the checks. And everybody who has sent in a check to pay for tickets has given the non-profit their account number. By using Paypal, it shields the patrons account information from the non-profit which is safer for the patrons.</p>

<p>A separate checking account is only helpful if there is little money that can be withdrawn from the paypal account. If people buy tickets regularly, the balance in the checking account of a non-profit community theater will be certainly something.</p>

<p>If the theater opts not to use paypal, it will mean that people will write checks instead. Some of those checks don’t clear bounce, which results in additional bank fees.</p>

<p>I would advise no change. </p>

<p>And indeed, the experience of the OP is rare and not encountered by mostl.</p>

40

<p>jmmom – I work with a commercial organization that, at my suggestion, does all its merchant processing via PayPal – and there are thousands of dollars going through that account and being transferred regularly to their business checking account. I’m talking about probably $15-$20K monthly. I recommended PayPal to them because they aren’t tech savvy but had online sales going on, and they were actually having buyers send them credit card numbers and then doing offline merchant processing. I thought that was a disaster waiting to happen, but their sales volume wasn’t enough at the time I made the initial recommendation to justify the then-cost for most services – but PayPal does the merchant processing for a fee of about $30 month plus a competitive rate for a percentage of the credit card receipts. They’ve never had a problem.</p>

<p>In that case I’m looking at the balance of risks. Their old system put them at risk for tremendous liability – if they had customer names & credit card numbers in a database, and that gets hacked, then they (the company) become potentially liable to all of their customers and former customers for whatever happens after that. So my lawyer-brain said they are facing hundreds of thousands of dollars of risk for the potential consequences of the way they handle credit card numbers … or we can simply sign up with PayPal-- the company never sees a credit card number again – and if there is a hacker or fraud it becomes PayPal’s problem not theirs. </p>

<p>Of course their company bank account is at risk, but all that is at risk there is roughly one months’ worth of receipts, since they are routinely sweeping the money out of the business checking account to a different account. </p>

<p>So I do think that it’s a good idea to have the PayPal linked bank account be a different account than the “total reserves” account, assuming that the nonprofit actually has enough money to be worth the cost of maintaining 2 accounts – but I think that the risks are fairly minimal IF there are good security practices in place.</p>

<p>I am not de-linking my personal PayPal account as a result of the above - just mentally doing a double check of all of my security practices. I do online banking as it is – if someone can hack my paypal account, there is no reason why they can’t also gain access directly to my bank account – both are online accounts, vulnerable to keylogging software and other hacker tricks. (Note: my bank just had me download some extra software called Trusteer Rapport which is supposed to be added protection against that sort of thing – but I haven’t had that software installed long enough to make any sort of recommendation.)</p>

<p>Do keep in mind that for your nonprofit, there are other benefits in terms of having PayPal be the one to investigate and adjudicate payment disputes. </p>

<p>Also, we can’t know what happened in ebeeeee’s case, but when an account gets hacked, somewhere along the line there is either an insecure password OR malicious software involved. So it is a balancing of risks: my approach has been to make it easy for myself to do business, but tighten security as much as possible. I have been a victim of theft in other ways in my life – for example, more than 20 years ago I wrote a check to to someone who altered the check by adding a couple of extra 00’s – so $20 became $2000, or something along those lines – when we got the copy of the check from the bank it was pretty obvious that there was an erasure & alteration, but we still had to go through a lot of hassle & I had to send the bank a firmly worded letter under my law office letterhead citing the law chapter & verse to get them to restore the money to my account. So you can be a victim of theft in many ways.</p>