Paypal question

[Osem]

What's the safest way to set up and run a Paypal account which will be used mainly for purchasing goods online but possibly for the occasional sale? I've read you can link Paypal to a credit or debit card or a regular bank account but which is the best and safest option and are there any methods to be avoided due to potential security issues or unforeseen costs?

Cheers as always.

[denphone]

Quote:

Originally Posted by Osem

What's the safest way to set up and run a Paypal account which will be used mainly for purchasing goods online but possibly for the occasional sale? I've read you can link Paypal to a credit or debit card or a regular bank account but which is the best and safest option and are there any methods to be avoided due to potential security issues or unforeseen costs?

Cheers as always.

l have Paypal and l tend to use it quite a bit to pay for items l have bought on Ebay and my Paypal account is linked to my debit card and l have never had any problems at all in the 10 years l have been using it and l have had no issue with security issues or add on costs but other people who use it might have a different story but all in all l think its is a excellent payment system.

[Damien]

I think it's cheaper to use a bank account if you ever need to transfer funds from your Paypal account. So if you sell anything it would be better to use a bank account.

However if the event of fraud it's better if it occurs on a credit card rather than a debit card. Credit Cards offer much better production, effectively the onus is on the credit card company to prove the transactions are fraudulent whereas on a debit card it's the other way around. Thus you get refunded almost instantly on a credit card.

Neither is safer on Paypal, if some hacks your account they will withdraw from your payment source regardless. I have both my bank account and my credit card as payment sources on it. Your biggest danger on paypal is someone gaining your password, if your concerned about this PayPal offers 2 step authentication. This will ask for your password and a one time code texted to your phone. Thus protecting you against keyloggers or pishing attempts.

[Kymmy]

If you want to withdraw funds at all out of the system then you will need a bank account.. Just be aware that if you do have both a bank account and debit card attached to your account then the bank account will be your primary source and you will have to select your debit card each time you wish to pay by those means.

Another thing to be aware is that paying by echeque (through your bank account on some accounts which I think it depends on your credit rating if it forces that route) then it may take 5-7 days for the payment to clear hence delaying the item.

So if just taking small payments and then using the balance to pay for other items then stick with a debit card... If though selling and you wish to withdraw the money then also add the bank details

[Osem]

Thanks guys. Yes I'd wondered if the credit card option might be safest due to the extra consumer protection they offer. The account will mainly be used for buying stuff so if we needed to sell something, could/would the funds received be paid onto the credit card? If so I guess we could either accept the charges involved or just attach a bank account at that point for the purpose (allowing time to get it all arranged of course).

As for the security side, I suppose the main risk is someone draining the card or bank accounts linked to the Paypal account. Presumably therefore, it'd be a good idea to have a dedicated credit card with a low credit limit just for Paypal use? If any purchases require additonal funds above the limit then that could be sorted by simply crediting the card account with sufficient extra funds to cover those transactions. Any fraud would then presumably be limited to the balance available on the card at the time?

Incidentally, if a paypal account was hacked or the password broken/discovered would that give those responsible full access to the attached card/bank accounts and if so what would the customer's liability be?

Also, I'm sure I've read somewhere that if a direct debit is set up on a credit card, it can only be stopped by the company/individual to whom those payments are made. If that's true, does anyone know if that could be an additional security issue to consider with respect to the Paypal process? I may be wrong but seem to recall some people being caught by this when they'd set up Direct Debits for dodgy websites and were unable to cancel them.

-------------------------
This post was written as Kymmy's was being posted.

[Kymmy]

Safest way is actually the bank account as you're then covered by the direct debit guarantee.. Debit cards are more of a pain to prove and claim back unauthorised payments

As for cancelling direct debits if you cancel them on your account then as long as a payment isn;t in progress the DD is cancelled and no other payments can be sought by anyone

[Mr Angry]

Quote:

Originally Posted by Osem

Thanks guys. Yes I'd wondered if the credit card option might be safest due to the extra consumer protection they offer. The account will mainly be used for buying stuff so if we needed to sell something, could/would the funds received be paid onto the credit card? If so I guess we could either accept the charges involved or just attach a bank account at that point for the purpose (allowing time to get it all arranged of course).

As for the security side, I suppose the main risk is someone draining the card or bank accounts linked to the Paypal account. Presumably therefore, it'd be a good idea to have a dedicated credit card with a low credit limit just for Paypal use? If any purchases require additonal funds above the limit then that could be sorted by simply crediting the card account with sufficient extra funds to cover those transactions. Any fraud would then presumably be limited to the balance available on the card at the time?

Incidentally, if a paypal account was hacked or the password broken/discovered would that give those responsible full access to the attached card/bank accounts and if so what would the customer's liability be?

Also, I'm sure I've read somewhere that if a direct debit is set up on a credit card, it can only be stopped by the company/individual to whom those payments are made. If that's true, does anyone know if that could be an additional security issue to consider with respect to the Paypal process? I may be wrong but seem to recall some people being caught by this when they'd set up Direct Debits for dodgy websites and were unable to cancel them.

-------------------------
This post was written as Kymmy's was being posted.

No, unfortunately not.

[Kymmy]

From Wikipedia

Quote:

Banks operate a direct debit guarantee. In this, if a customer disputes an amount that has gone out of their account by direct debit, they can contact their bank and ask for an immediate refund. It is then the Service User's responsibility to ask the customer for the money. However, the Service User is not automatically liable under the guarantee for any bank charges caused by the Service User's error, for example if an incorrect direct debit transaction causes the customer to go overdrawn. However, there are conditions where claims for consequential loss are considered under the direct debit guarantee.

[Osem]

re the direct debit issue - Just to clarify, I can't think we'd ever need to set one up on the Paypal or linked accounts (which would be used just for Paypal) but was just wondering what our liability would be if the Paypal account was hacked and a DD was set up as part of a fraud say. Hence my question about whether hacking into a Paypal account gives the hacker open access to the attached card/bank accounts or just the Paypal account itself. Sorry if that all sounds paranoid or if I've missed something.

Update:

http://www.telegraph.co.uk/finance/p...nnot-stop.html

This is what I was referring to - not strictly a direct debit but what's known as a 'recurring payment'. The same question applies however, would getting access to a Paypal account allow something like this to be set up?

[Kymmy]

If anyone hacks your paypal then they have access to transfer money from any funding sources attached to it whether it be your debit/credit cards or bank account. At least with the DD guarantee you can instantly get back the money then argue it out with paypal..

[Mr Angry]

Quote:

Originally Posted by Osem

re the direct debit issue - Just to clarify, I can't think we'd ever need to set one up on the Paypal or linked accounts (which would be used just for Paypal) but was just wondering what our liability would be if the Paypal account was hacked and a DD was set up as part of a fraud say. Hence my question about whether hacking into a Paypal account gives the hacker open access to the attached card/bank accounts or just the Paypal account itself. Sorry if that all sounds paranoid or if I've missed something.

Update:

http://www.telegraph.co.uk/finance/p...nnot-stop.html

This is what I was referring to - not strictly a direct debit but what's known as a 'recurring payment'. The same question applies however, would getting access to a Paypal account allow something like this to be set up?

Osem, for your own peace of mind I'd suggest you contact Paypal directly with this particular query. Whatever their response at least you will have something in writing to go back to them with in the event that anything does unfortunately go wrong.

There are elements of the DD Guarantee scheme which - because of the nature of the consumers relationship with Paypal beyond conventional subscription payments - mean that the protections afforded are not always "uniform".

Additionally there are implications for the protections normally afforded to you under section 75 of the CCA.

[Osem]

Quote:

Originally Posted by Kymmy

If anyone hacks your paypal then they have access to transfer money from any funding sources attached to it whether it be your debit/credit cards or bank account. At least with the DD guarantee you can instantly get back the money then argue it out with paypal..

Thanks for clarifying that. That'd presumably be a very good reason for ensuring the attached credit card has a low credit limit and any bank account a small balance available at any given time. Either or both can be topped up as required for purchases that exceed the funds currently available.

[Kymmy]

You could probably attach it to a pre-payed debit card and top up the card directly from your account whenever you wish to make a purchase..

Your situation though is complicated as you need a bank account for withdrawing money.. Not sure a small balance is a protection against attempted DD's and the associated costs involved when they're bounced back as unpaid..

In the end it's more a case of you being secure with your system, if you have a decent level of malware protection and decent passwords then you should have no issue with your paypal account being hacked. I'm a great believer in pro-actively stopping attacks from the very first point of contact than restricting yourself just in case someone hacks your account..

[Osem]

Thanks for the useful feedback everyone.

As regards the low credit limit/balance, the idea there would be to reduce the amount at risk at any one time. As you say, it would offer little additional advantage with regard to unauthorised DDs or regular payments.

Totally agree about the security aspect and really like the idea of the 2 step authentication which seems like a no-brainer if I understand it correctly. Does anyone know if the texted security code would be required only for authorising purchases or would it be required for any usage of the Paypal account (e.g. transfers of received funds to another account or changes to the Paypal account's details)?

Finally, would there be any value in creating a dedicated e.mail account to associate solely with the Paypal account? I'm just thinking that doing so might reduce the possibility of scam e.mails being an issue.

[Tim Deegan]

As other people have said, link it to your bank account.

However don't leave money in your Paypal account, as their security isn't as good as they like to make us think.