Is It Safe to Use PayPal?

PayPal Security Features

In general, PayPal is considered a safe way to send money and shop online. No platform is foolproof, but an assessment by cybersecurity risk management company UpGuard gave PayPal an "A" rating for its security practices. Here are the security features in place for customers:

• PayPal security key: In addition to a traditional password, customers can set up an optional security key, which is a type of two-factor authentication. That means that every time you log in, you'll receive a text message to your cell phone with a randomly generated one-time PIN. You'll only be able to log in if you have both your PayPal password and the one-time PIN. If a fraudster somehow gains access to your password, they'll still be unable to log in without access to your cellphone.
• Email confirmation: Every time you make a purchase or sale, you'll receive an email from PayPal confirming it. That can help determine if someone has used your account fraudulently. But use caution: Email confirmation is also the basis for a well-documented PayPal phishing scam, in which users receive a fake confirmation email from a PayPal imposter trying to gain access to their account. (More on that in the next section.)
• Data encryption: PayPal uses end-to-end encryption to secure your transactions using only secure connections to its internet servers.
• Fraud monitoring: PayPal keeps an eye on transactions 24/7 and will alert you if it notices a suspicious login or purchase from your account.
• Purchase protection: If you bought an item using PayPal and didn't receive what you expected—say the item was damaged or used instead of new—you may be able to get a refund from PayPal, including shipping costs. You'll have to submit the dispute within 180 days of payment to qualify.

What Are the Risks of Using PayPal?

No online platform is risk-free to use. Since payment apps including PayPal use your financial data and personally identifiable information, they're a common target for hackers and fraudsters who want to commit identity theft or fraud.

For example, scammers may try to get access to your login information and use your PayPal account to make fraudulent transactions, known as account takeover fraud. Or a hacker may try to make purchases on shopping websites you've previously visited using your saved PayPal login information.

A particularly common security issue is a phishing scam in which scammers posing as PayPal contact customers to say a purchase has been made using their account. If the customer contacts the scammer to rectify the issue, the scammer may encourage the customer to download software—which could then be used to steal data from their computer—or to share personal information.

To avoid phishing scams, pay close attention to the email address of the sender. Note if the company name is misspelled or if it's clearly from an email domain other than Paypal.com. (You'll never get a legitimate email from PayPal from a Gmail address, for instance.) Another red flag is if the salutation in the email doesn't include your name, and instead uses a general greeting like "Dear customer." In both cases, that's a sign it's not legitimate; don't respond and delete the email. Or you can forward the suspicious email to PayPal at spoof@paypal.com so their security experts can look into it.

Is It Better to Link a Credit Card or a Bank Account to PayPal?

Whenever you're buying goods online, using a credit card instead of a bank account allows you to take advantage of the additional consumer protections that credit cards offer. If an unauthorized transaction is made from a PayPal account linked to your credit card, the card's fraud protection policies come into play. Since many cards offer $0 liability protection—and federal law caps your liability at $50—that means you're responsible for little to none of the unauthorized charges.

Linking a bank account or debit card could put you at more risk of losing cash if a scammer gets access to your credentials and empties your account. What's more, getting an unauthorized transaction refunded depends on when you report the issue to PayPal. You have 180 days to report a fraudulent transaction to PayPal and get refunded, if the transaction is eligible.

There are other benefits of linking a credit card to PayPal instead of a bank account. For instance, if you have a rewards credit card, PayPal purchases can help you earn rewards like travel points or cash back.

Does PayPal Refund Money if You Get Scammed?

If you made a purchase that doesn't meet your expectations—because it arrived damaged or in a smaller quantity than you ordered, for instance—you may be entitled to a refund if the item is covered by PayPal's purchase protection program. You can also get refunded for unauthorized transactions made using your PayPal account as long as you report it within 180 days of the payment date.

But if you sent money to a fraudster as part of a phishing scam or via PayPal's peer-to-peer payments system—you're likely out of luck.

PayPal's system sends money instantly to the recipient and in most cases, that can't be refunded, even if you never received the item promised. Make sure you only send money to people you know and can trust. PayPal offers a "Friends and Family" transfer option, but you should only use it to send to actual friends and family—not merchants. When buying something from a seller, use the option to transfer money for "Goods or Services" so you're covered by PayPal's purchase protection policy.

The Bottom Line

PayPal is generally a secure way to transfer money or make payments online. But it's still important to take steps to keep your data and linked financial accounts safe.

Just like you would with any other online account, when using PayPal set a secure password, adopt two-factor authentication using your mobile phone or an authenticator app and avoid accessing the site on public Wi-Fi networks. That can help protect you from identity theft, whether you're using a computer or your cell phone.