Is PayPal safe? What you should know about using PayPal for online purchases
By Jim Sloan
Late in 2010, a freelance software developer in Seattle released a free program that lets someone see what you are doing on your laptop or smart phone while on an unsecured WiFi network. The program then lets them log on as you on all the sites you just visited.
So even if the password you entered to get on Facebook, Twitter, Amazon or eBay is encrypted, this software (Firesheep) can snatch your cookie--that segment of code that contains your computer and site settings and other private information--and allow another user to become you. More than a million people downloaded the program in three months, the New York Times reported.
Sound scary? It is, but the developer released the program to point out the need for what computer engineers call "end-to-end encryption"--something that is used on PayPal and on bank websites to protect users' highly sensitive financial information.
Why PayPal is so safe
PayPal is safer than most sites because it automatically encrypts your confidential information using Secure Sockets Layer (SSL) protocol and heavily guarded servers. Firesheep can't get through those layers. You can tell if a website is secure if the Web address starts with "https" instead of "http," and if a little lock appears in the corner of your browser.
PayPal, which was acquired by eBay for $1.5 billion in 2002, uses fraud models and fraud engines to prevent fraudulent transactions. PayPal is constantly developing anti-fraud technologies as hackers continually tap at its outer shell looking for a soft spot. It bases a lot of its research on the experience it gains processing billions of payments every year.
Since PayPal only makes money when you use it to buy and sell things and transfer payments, it's no surprise that it puts a high priority on ensuring the safety of its system. PayPal makes it easy to sign up and start using the service, and many buyers and sellers prefer using it because they only have to submit sensitive information--such as bank account routing codes or credit card numbers--just once rather than for every purchase.
Sites slow to adopt security
Many websites may be slow to adopt SSL or the new Transport Layer Security because it slows down a site and costs more. But many are seeing the need; according to the Times, Google adopted end-to-end encryption in January 2010, and Facebook has started to allow users to choose the extra security.
While new hacking programs like Firesheep make WiFi hotspots a dangerous place to conduct sensitive business, like purchasing items online or checking your bank statements, your wireless network at home can be hacked with various "cracking programs" such as Gerix WiFi Cracker and Wifite. These programs don't require a sophisticated user in order to retrieve a wireless router's password. It takes just a few seconds, and using high-powered WiFi antennas, a hacker can get your security information from two or three miles away.
PayPal Phishing
Even with this extra security, there are still pitfalls to be aware of. Some PayPal customers will get e-mail claiming to be from PayPal. These are "phishing" e-mails that are trying to get to you give up some of your personal data like checking or savings account numbers by getting you to click through to a fake website or to call a customer service number with your financial information.
PayPal doesn't send those types of e-mail and you shouldn't respond to them yourself. But it does help if you forward suspicious e-mails to spoof@paypal.com or report the phony websites.
Jim Sloan is a freelance writer in Reno, Nev.