As of September 19, 2016, I will no longer accept PayPal as a form of payment here on my website.
Why? I learned firsthand that the PayPal website is not secure. My assets are not safe.
The following story happened to me as a buyer, not as a seller.
I have been with PayPal for over 15 years. I joined PayPal long before it was purchased by eBay. It was attached to my eBay account, my Etsy account, and my website. I have grown with PayPal. I learned how to detect phishing emails, as those were invented by criminals. I monitor my financial accounts daily.
I have a PayPal debit card, which I have had since they first came out. I use it for gasoline purchases and small purchases, such as items at the grocery store. PayPal gives cash back if one uses the debit card as a credit card with no PIN used. I was also told by PayPal that using this card as a credit card is safer than using a PIN as a dept. This debit card is kept in an RFID wallet.
I do not use the PayPal app on my phone. I do not access PayPal from my phone. I do not store passwords on my phone. I do not use Apple Pay.
PayPal requires that I, as a seller, have my bank account attached to my PayPal account. Funds are moved from PayPal to my account at my discretion. I have never moved funds from my bank account to PayPal. I only use "instant cash" that comes from sales. A cash transfer from my bank account would be a red flag.
Sunday I attended an antique show and made a purchase from a man that I have not purchased from before. I usually buy only from people that I know and who also know me. They have all agreed to accept my old-fashioned paper checks. This man had some great things, but I did not have a wad of cash with me. He had an external plug-in card reader for his phone. I have never used one of those because even though they are supposed to be secure, I don't trust them. I decided to try it for the first time. I used my PayPal debit as a credit card with no PIN as instructed by PayPal for the utmost security.
That's all it took. Within a few hours my PayPal account had been hacked. The person had my password, went into my PayPal account, and changed the e-mail address to theirs so that I would not see them stealing my money. They changed my password.
They then proceeded to utilize a Walmart money processing center located 8 hours from where I live to make money transfer withdrawals. First they took my instant cash, which was only about $400.00. They proceeded to make 19 withdrawals from my bank through the debit card for a total of $10,409.00! PayPal never flagged it and never declined. PayPal handed them my money free and clear.
The odd thing is that about 3 weeks ago, I had extra instant cash in my PayPal account and decided to use $345.00 of it for a car repair with that debit card instead of moving it to my bank, and I was declined my own money! How embarrassing! There was no reason for that decline, as there were over $900.00 in the account.
I did not know that I was being robbed as I continued to shop, but had an uneasy feeling about that card reader device. Since I do not access my finances through my phone, I waited until I got home. I immediately tried to log onto my PayPal account when I got home, just to check it out, and guess what? My password did not work. I knew right then. Somehow, I was able to access my account with a third email that I have attached to it, and I changed the password again and got into my account. That's when I saw the damage. I had to change everything, remove their e-mail, and clean the entire account.
I then called PayPal to tell them that my account was compromised. We went through every transaction manually. I told them which ones were legitimately mine and which ones were fraud. They assured me that none of these would every hit my bank. They said that since it was Sunday, nothing was "moving" anyway, and that I had nothing to worry about. They would take care of it.
I did not believe them because that's how I roll. Due to 18 years of experience, I don't trust eBay companies, period. I have a small town bank, and I was there when they opened Monday morning with a hard copy of every transaction with PayPal. Guess what? Every single fraudulent transaction was sent through by PayPal, even after they told me that this would not happen. My bank enters such transactions by hand, so they were sitting there waiting to be entered manually. My awesome bank thankfully declined every single one and bounced it back to PayPal to deal with.
My account is now totally protected, and PayPal is cut off forever. I called them and asked why they let the transactions go through, knowing that this is a case of grand larceny against me. I was told that they can't stop transactions from going through, and they let them clear and then credit them back! I was also told that this is my fault; they claimed the criminals must have scanned my phone for my password and account information. I informed them that my information is not in my phone. They then went so far as to tell me that my home computer must have been scanned or infected with malware... the thing is that I don't use PC products. They tried to tell me that the card reader purchase and the hacking of my account was not related. Nice try.
PayPal failed in a big way. They have no concrete answer as to why or how this happened. They cannot tell me why they let $10,409.00 in withdrawals from my account slide right on through the system with no declines and no red flags. Even if the criminals accessed the account, the transactions should have signaled that there was a problem when 19 withdrawals came in only a few minutes apart from a town far away. This should have be caught as suspicious activity, don't you think?
I can never trust PayPal again.