If you are anything like me, you will always have been a little concerned by the fact that it only takes one password to access your PayPal account, unlike a bank. I have several bank accounts with online access and all of them need at least 3 different combinations of passwords and security questions to log in. But PayPal? All it takes is for someone to have your PayPal email address and hack one password. They don’t even need to know your name.
It used to be that the only people who would have your PayPal email address would be people you had bought from or sold to (assuming you don’t advertise it). But just recently there have been collections of many thousands of internet marketers’ PayPal emails advertised on the internet as co-registration leads. So it’s very easy now for thieves as well as spammers to access lists of PayPal emails. If you have noticed more ‘spam’ to your PayPal email in the last couple of months, you are probably on one of those lists.
You may think this doesn’t matter because you don’t keep much money in your PayPal account. It’s not like a bank, right?
Wrong. Even if you have a zero PayPal balance, you probably have your account linked to a bank account so that you can withdraw. But money can move both ways — so anyone who accesses your PayPal account can transfer all they can get from your bank into your PayPal and then out into whatever other PayPal account they choose.
I have heard of people having thousands stolen from their banks in this way, while they felt safe because they only had a tiny PayPal balance.
The good news is that the PayPal Security Key now introduces a new level of security … but it is optional and they seem to be keeping very quiet about it.
This is how it works: for a small fee ($5 / £3) they will send you a Security Key, a token that gives a new random code each time you switch it on, and you have to enter the code along with your password before you can access your account. The code changes every few seconds so there is no way a bot could hack it.
Or if you access PayPal from a lot of different places and don’t want to carry the token around with you everywhere, you can have a code sent to your phone each time you want to log in.
And if you lose your token or don’t receive the SMS message, you can still log in but you have to have your password and answer security questions about your account. So nobody can get in with the password alone.
To get a token or register your phone: log into PayPal, click on Profile and choose Security Key.
Filed under: Internet Marketing Business