50 {{ upvoteCount | shortNum }}
50 {{ upvoteCount | shortNum }}

Paypal---watch out!

by tboneman
43 replies
Please excuse if this has already been discussed. Today, I went to Paypal to change banks. The usual procedure is, they will make tiny deposits into the new checking account (or savings), like .02 or .12 cents. Then you report back the amounts of their deposits. This confirms the new bank account is real and working. Yeah, well, this time they've added a new option, and it really, really sucks.

Now you have two choices to verify your new bank account:: the one where they make the small deposits, and, NOW, to do it quickly, they want to know your bank login name and password. WHAT? ARE YOU CRAZY?

Don't do it. Ever! What is Paypal thinking? There is no f--ling way they need my bank login name and password. Oh, we don't really need it, it will be encrypted, yada, yada, yada! That's not comforting, to say the most.

Pay close attention, folks. The game has changed. There is NO WAY Paypal or any other online middleman or so called financial institution should even ask for your bank login name and password. Encrypted? That's BS with a capital BS.

Use the usual small deposit method. It took one day.

Be careful out there. Read carefully.

tbone
#paypalwatch
  • Profile picture of the author Sebastian Alexander
    Yes, I recently saw that option as well. Many people also entrust their bank information to financial programs like Quicken and Microsoft Money. I was never comfortable with giving that info to any one. Still, I don't think PayPal is going to start wiping out anyone's account. I'd be more worried the data was vulnerable while being transmitted to their site.
    {{ DiscussionBoard.errors[6985885].message }}
  • Profile picture of the author WeavingThoughts
    Was it a replica redirect or real PayPal?
    Signature
    {{ DiscussionBoard.errors[6985896].message }}
    • Profile picture of the author Sebastian Alexander
      Originally Posted by WeavingThoughts View Post

      Was it a replica redirect or real PayPal?
      Real PayPal. It's an option they offer if you don't want to wait.
      {{ DiscussionBoard.errors[6985930].message }}
      • Profile picture of the author RPaige
        Absolutely not. I would never advise giving out your bank Username and Password for any reason. There are so many opportunities for that information to get out. I would just use the traditional method, myself.
        {{ DiscussionBoard.errors[6987661].message }}
    • Profile picture of the author nksurf
      Originally Posted by WeavingThoughts View Post

      Was it a replica redirect or real PayPal?
      that was my thinking...
      Signature

      Thank you

      {{ DiscussionBoard.errors[6985964].message }}
  • Profile picture of the author nouvellevie
    It would not be a smart move to give that kind of information away. Keep your privacy
    What is it going to be next?
    Signature

    Quality funnels & solo traffic
    http://gordsolo.com

    {{ DiscussionBoard.errors[6985900].message }}
  • Profile picture of the author sbucciarel
    Banned
    I saw that option quite awhile ago. Of course, I didn't give that to them. If you have a statement that you can view online, you will see those deposits show up very quickly. I couple of times, I was verified within a couple of hours but it never took longer than a day. It would be crazy to give out your banking login to ANYONE.
    {{ DiscussionBoard.errors[6985911].message }}
  • Profile picture of the author CashReview
    That's crazy - I would've thought it was a fake PayPal/redirect site if it weren't for others saying they've seen that option as well. Although I've always had good luck with PayPal, I've heard some horror stories about funds getting locked up for truly harmless/unintentional things. Now this? PayPal's losing their mind...
    Signature

    Watch my latest affiliate marketing review video OMG Machines review on YouTube...

    {{ DiscussionBoard.errors[6985937].message }}
    • Profile picture of the author Sebastian Alexander
      Originally Posted by CashReview View Post

      I've heard some horror stories about funds getting locked up for truly harmless/unintentional things. Now this? PayPal's losing their mind...
      In fairness, it is only an option.
      {{ DiscussionBoard.errors[6985959].message }}
  • Profile picture of the author Armand2REP
    Paypal takes forever to process transactions. People think they are getting faster access by doing this setup but it is bad mojo.
    {{ DiscussionBoard.errors[6985945].message }}
  • Profile picture of the author misterkailo
    doesn't seem like a real PayPal link to me LOL
    Signature
    Limited Spots Left... How to Generate 150+ Leads Daily And Earn $3000-6000 Per Sale Without Talking To Anyone
    {{ DiscussionBoard.errors[6986035].message }}
  • Profile picture of the author Dan Grossman
    There's nothing risky about this, and it's not a "game changer" since it's completely optional. More than 10 million people use Quicken and Mint's bank account aggregation sites every day, where you have to provide your bank logins. Neither has ever lead to any kind of identity theft or other security issue. PayPal is orders of magnitude bigger than those services with over a quarter billion active accounts, and has years on them in terms of security. Hell, PayPal has a better track record than most banks do in securing their websites.

    Treating security seriously is one thing. Complete and utter paranoia, and calling encryption BS, is another...
    Signature
    Improvely: Built to track, test and optimize your marketing.

    {{ DiscussionBoard.errors[6986175].message }}
    • Profile picture of the author Armand2REP
      Originally Posted by Dan Grossman View Post

      There's nothing risky about this, and it's not a "game changer" since it's completely optional. Buncha FUD...

      Treating security seriously is one thing. Complete and utter paranoia is another thing... a symptom of mental illness.
      Is it paranoid to want to protect my account details? It gives them FULL access. Every other vendor I have ever dealt with has been able to transact with my account without access.
      {{ DiscussionBoard.errors[6986187].message }}
      • Profile picture of the author Daniel Evans
        They wouldn't be able to get access to a lot of bank accounts anyways with only a username and password.

        The most recent online banking systems in the UK involve use of an external card reader to produce a dynamic code which is inputted together with the username and password.
        {{ DiscussionBoard.errors[6986198].message }}
        • Profile picture of the author Armand2REP
          Originally Posted by Daniel Evans View Post

          They wouldn't be able to get access to a lot of bank accounts anyways with only a username and password.

          The most recent online banking systems in the UK involve use of an external card reader to produce a dynamic code which is inputted together with the username and password.
          I think a routing and account number is more than sufficient to process payments.
          {{ DiscussionBoard.errors[6986351].message }}
          • Profile picture of the author Daniel Evans
            Originally Posted by Armand2REP View Post

            I think a routing and account number is more than sufficient to process payments.
            Indeed, which begs the question why PayPal request a login password.

            It would be interesting to hear how banks might react to people handing out their login credentials to a third party given that most press the fact that the information should be kept private and safely guarded to minimise security risk not only in individual accounts, but their business as a whole.
            {{ DiscussionBoard.errors[6986400].message }}
            • Profile picture of the author Dan Grossman
              Originally Posted by Daniel Evans View Post

              Indeed, which begs the question why PayPal request a login password.
              To retrieve your recent transactions so they can check for their deposits to verify ownership of the bank. Like they said. This is for verifying a new bank account, not taking money from it.

              Originally Posted by Daniel Evans View Post

              It would be interesting to hear how banks might react to people handing out their login credentials to a third party
              Over 150 financial institutions are already integrated with Yodlee, which PayPal is probably using, for aggregating customers' online banking info using their usernames and passwords. Quicken's connected to every major bank since at least 2007. There's not a major bank in the world that doesn't already know its customers are giving out their usernames and passwords to other financial software.
              Signature
              Improvely: Built to track, test and optimize your marketing.

              {{ DiscussionBoard.errors[6986412].message }}
              • Profile picture of the author Daniel Evans
                Originally Posted by Dan Grossman View Post

                To retrieve your recent transactions so they can check for their deposits to verify ownership of the bank. Like they said. This is for verifying a new bank account, not taking money from it.

                Over 150 financial institutions are already integrated with Yodlee, which PayPal is probably using, for aggregating customers' online banking info using their usernames and passwords. Quicken's connected to every major bank since at least 2007. There's not a major bank in the world that doesn't already know its customers are giving out their usernames and passwords to other financial software.
                As mentioned there is a complex login system employed using a handheld device for my own bank (and many others) so I'm not entirely sure how they would approve of handing out credentials, or indeed how they would even work without the dynamic code.

                The whole system was implemented to prevent a third party login and it does exactly that.
                {{ DiscussionBoard.errors[6986445].message }}
          • Profile picture of the author Lloyd Buchinski
            Originally Posted by Armand2REP View Post

            I think a routing and account number is more than sufficient to process payments.
            That could be a major headache for PP. When (not if, it will happen sooner or later) someone gets one of the numbers wrong, the money gets put in the wrong account. The person complains that he didn't get paid. PP might be on the hook to pay again, face legal action, etc.
            Signature

            Do something spectacular; be fulfilled. Then you can be your own hero. Prem Rawat

            The KimW WSO

            {{ DiscussionBoard.errors[6986535].message }}
            • Profile picture of the author Dan Grossman
              Originally Posted by Lloyd Buchinski View Post

              That could be a major headache for PP. When (not if, it will happen sooner or later) someone gets one of the numbers wrong, the money gets put in the wrong account. The person complains that he didn't get paid. PP might be on the hook to pay again, face legal action, etc.
              That's the point of verifying bank accounts before letting you withdraw funds. If you put in the wrong numbers, PayPal has deposited something like 20 cents to the wrong person's account. Big deal, they will happily do it again when you give them the correct numbers.
              Signature
              Improvely: Built to track, test and optimize your marketing.

              {{ DiscussionBoard.errors[6986545].message }}
      • Profile picture of the author Dan Grossman
        Originally Posted by Armand2REP View Post

        Is it paranoid to want to protect my account details? It gives them FULL access. Every other vendor I have ever dealt with has been able to transact with my account without access.
        Not at all! But it IS paranoid to libel PayPal with the implication that they are going to use those details for more than verifying the bank account ownership, like they said they will, if you CHOOSE to use that OPTIONAL process. It's not paranoid, but ignorant, to suggest that they won't encrypt those details too, especially when talking about a website you can't access without encryption, and them connecting to a bank website that isn't accessible without encryption. It's absurd.
        Signature
        Improvely: Built to track, test and optimize your marketing.

        {{ DiscussionBoard.errors[6986231].message }}
  • Profile picture of the author GarrieWilson
    There is NO WAY Paypal or any other online middleman or so called financial institution should even ask for your bank login name and password.
    A lot of places are moving to verify accounts like this. They, typically, don't store (keep) the login details. It's verified then dropped once completed while your browser is open. Just like online purchases verifying credit cards.

    You could always change the password when it's done...

    FYI: All someone needs is your routing and account numbers to screw your day up. Yet you happily entered them into PayPal.

    Encrypted? That's BS with a capital BS.
    Yes it is encrypted. You shouldn't make statements about things you have no idea about.



    Garrie
    Signature
    Screw You, NameCheap!
    $1 Off NameSilo Domain Coupons:
    SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
    {{ DiscussionBoard.errors[6986261].message }}
  • Profile picture of the author BlueOak
    It's encrypted during transmission. I hope it's 256-bit, if not it's 128-bit. A quantum computer (they don't exist yet) would take ages to crack 256-bit. It's basically impossible with modern technology, even that available to the FBI. 128-bit, not so much. If paypal stores it on their servers (the BIG question!!!) I'm sure it's safe from hackers and such as they do a good job keeping all the other info encrypted and locked up safely. The real threat is paypal employees. I'm 80% sure they don't let employees near that type of info, but it could happen.

    I will still choose the small transaction method, but it's really not a huge deal other than a mental feeling of over-invasion.
    {{ DiscussionBoard.errors[6986339].message }}
  • Profile picture of the author TGforever
    Even your bank doesn't ask for that stuff. When I was verifying my bank account the bank asked about my last deposit, how much it was and what day it was on. No personal information about the bank account was ever asked. To me paypal is getting to personal.
    {{ DiscussionBoard.errors[6986439].message }}
  • Profile picture of the author Dan Grossman
    All my banks offer two-factor authentication like you're describing, but it's optional, so if you want other tools to be able to download your transactions, and can keep your own info secure, you just turn it off.

    A lot of banks set up special channels for Yodlee/Intuit/etc to access with only a username and password so you can use both... because they're not technologically backwards, and know that millions of people want to use bank aggregating tools to help them save money, track spending and watch for unusual transactions.
    Signature
    Improvely: Built to track, test and optimize your marketing.

    {{ DiscussionBoard.errors[6986465].message }}
    • Profile picture of the author Daniel Evans
      Here the handheld device and dynamic code is a mandatory requirement.
      {{ DiscussionBoard.errors[6986489].message }}
  • Profile picture of the author Money Never Sleep
    Hello,

    Yes this option is around on PAYPAL for quite sometimes now. But I mean never give your info, even if you are in rush just wait few days and confirm your account. I know it's just silly.
    {{ DiscussionBoard.errors[6986502].message }}
  • Profile picture of the author TheSalesBooster
    It's not such a big deal. Give it to them. Get authorized instantly. Change your password.
    {{ DiscussionBoard.errors[6986541].message }}
  • Profile picture of the author Zend
    That is the most stupid thing a money institution can do to its new customer, I mean, people are generally don't want a hassle by waiting, and they just submit their private data. I wonder what PayPal do with their vulnerable account? the IT member of PayPal may be a bit mischievous and emptying your account on accident. WTF!
    {{ DiscussionBoard.errors[6986808].message }}
  • Profile picture of the author gearmonkey
    I really really really hate paypal, but it's the most popular way of getting paid. So it is crucial for us who get paid online.
    Signature

    My Guitar Website | My SEO Blog - Advertising spots available.

    {{ DiscussionBoard.errors[6986966].message }}
  • Profile picture of the author TerranceCharles
    That's crazy, I don't know why any merchant service would need your bank password, that's personal. They already get your credit card # and CSV number on the back, that's kind of fishy to me, soon you'll be missing funds or they shut your bank account down.
    Signature
    {{ DiscussionBoard.errors[6986967].message }}
    • Profile picture of the author Dan Grossman
      Originally Posted by TerranceCharles View Post

      That's crazy, I don't know why any merchant service would need your bank password, that's personal. They already get your credit card # and CSV number on the back, that's kind of fishy to me, soon you'll be missing funds or they shut your bank account down.
      Well, Terrance, let me dispel you of your confusion.

      PayPal, as a merchant services company, needs the ability to pay money into your bank account and, if you want to spend more than you have, take money out of it.

      As the barriers to creating a PayPal account are so low; you are essentially anonymous; they need to establish that you own the bank account you want to use for these purposes before actually moving money to or from that account.

      Otherwise, you could copy the routing and account number off any check anyone in the world writes you, and steal money from them with PayPal -- just claim it's your account and make a withdrawal! Yes, the necessary information to move money to and from a bank account is written right on every check you write, and nobody is crying doom over this.

      So how can PayPal verify this is your account? Knowing your credit card or "CSV number" (sic.) surely doesn't help verify access to a bank account. A credit card need not even be linked to one. This point you brought up is unrelated to the task.

      What would work is transferring some secret amount of money to that account, then verifying the person using the PayPal website has access to the account the money ended up at.

      So, they give you two options:

      1) Provide your online banking login. By doing so, you establish that you own that account, and by retrieving the recent transactions, PayPal can verify that same account is the one they made the secret deposits to.

      2) Read your bank statement yourself and type in the amounts of the secret deposits.

      Now, PayPal is a big company. Publicly traded. $12 billion a year in revenue. A quarter billion active users. All of which have *already* given PayPal access to their money -- with either a linked bank account or credit card.

      And their core service is security and identity. Not payments. What made PayPal successful where their competitors in the dot-com era went out of business was defeating fraud where the others didn't. PayPal knows how to do security.

      So the implication that some IT worker at PayPal can steal your bank account surreptitiously is ridiculous. PayPal knows security, internal and external. The connection between you and PayPal is secure. The connection between PayPal and the bank is secure. And random IT workers don't have access to your credentials -- nobody does -- they're never stored or shown anywhere in plain-text. They don't even leave the computers they're temporarily stored on until your account is verified in plain-text at any point -- they make dedicated hardware for this type of application where even the hardware owner never has access to the decryption keys. They can't half-ass this kind of thing either -- the PCIDSS mandates that a company like PayPal have on-site audits on a regular basis by outside companies that ensure they are handling the data securely.

      Recurly, one of PayPal's competitors, learned that recently when their hardware encryption system failed and they accidentally let the failure replicate to the backup system. They no longer had a way to decrypt their own stored payment data to process payments for their users.
      Signature
      Improvely: Built to track, test and optimize your marketing.

      {{ DiscussionBoard.errors[6987023].message }}
  • Profile picture of the author Mike Hill
    Well I don't know about you but to get into my bank account online you need my Debit Card number along with the username and password. Also, if it's from a different IP address they always ask you a secure question so having just the username and password is 100% useless.
    {{ DiscussionBoard.errors[6987333].message }}
  • Profile picture of the author dadhere
    what ever happened to their saying, "We will never ask for your passwords or sensitive information"

    ....right
    Signature



    {{ DiscussionBoard.errors[6987360].message }}
    • Profile picture of the author Dan Grossman
      Originally Posted by dadhere View Post

      what ever happened to their saying, "We will never ask for your passwords or sensitive information"

      ....right
      You forgot the rest of the quote.

      Originally Posted by https://www.paypal.com/c2/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/general/PreventIdTheft-outside


      We will never ask for your password or financial information in an email.
      PayPal asks for your password every time you log in to the site. Obviously they ask for passwords sometimes. Everyone does. That common saying is advice against giving your password over an insecure channel, like e-mail, where anyone between you and the recipient could read the message in transit.
      Signature
      Improvely: Built to track, test and optimize your marketing.

      {{ DiscussionBoard.errors[6987591].message }}
    • Profile picture of the author whland
      Originally Posted by dadhere View Post

      what ever happened to their saying, "We will never ask for your passwords or sensitive information"

      ....right
      Wow. Totally forgot about them mentioning that. They mention that they will not ever ask for passwords or sensitive info. But yet there going to now.

      Chad
      Signature
      WebMasterBabble.com Webmaster Forum
      {{ DiscussionBoard.errors[6987724].message }}
      • Profile picture of the author Dan Grossman
        Originally Posted by whland View Post

        Wow. Totally forgot about them mentioning that. They mention that they will not ever ask for passwords or sensitive info. But yet there going to now.

        Chad
        Chad,

        You do realize that by the time you can optionally give your password to verify your bank info, you've already given PayPal your credit card number, billing address, CVV2 code, bank account number, bank account routing number and signed an agreement allowing them to take money out of all these accounts?

        These aren't sensitive information to you? All of that is safe, but now after doing all that, you think if you give them one more piece of information, THAT's them "going to ask for sensitive information now"?

        I feel like I'm in an alternate universe where nobody makes sense.
        Signature
        Improvely: Built to track, test and optimize your marketing.

        {{ DiscussionBoard.errors[6987730].message }}
  • Profile picture of the author SteveSRS
    the real stupid thing here is using banks with only username + password protection!
    What era are those banks? the 90ties? Or what?

    I don't even have username + pw. I just need to fill out my bank account number and then with a small device I need to enter my bank card and my pin I then get some random number fill that out on the site to login. This random number is of course only valid for a couple minutes. Many other banks use sms verification for at least the payment verifications (however I don't like that too much either)
    Signature
    {{ DiscussionBoard.errors[6987472].message }}
    • Profile picture of the author Kay King
      "We will never ask for your passwords or sensitive information
      They aren't asking you for it - they are saying "if you are one of those customers who insist on instant verification - here's how you can do that".

      It's optional - not required. It's offered as service - not demanded.
      Signature
      Saving one dog will not change the world - but the world changes forever for that one dog
      ***
      Sometimes I just want someone to hug me and say...
      "It's going to be OK - here's a horse and two million dollars."
      {{ DiscussionBoard.errors[6987564].message }}
  • Profile picture of the author FIERCE IM
    hello,


    This option exist on Paypal site for quite sometimes now. But I have never choosen that, I rather wait for few days than give my private and confidential information.

    Yes I know this is pretty scary , How can they ask that it just insane.
    {{ DiscussionBoard.errors[6987581].message }}
  • Profile picture of the author whland
    Originally Posted by tboneman View Post

    NOW, to do it quickly, they want to know your bank login name and password. WHAT? ARE YOU CRAZY?

    Don't do it. Ever! What is Paypal thinking? There is no f--ling way they need my bank login name and password. Oh, we don't really need it, it will be encrypted, yada, yada, yada! That's not comforting, to say the most.
    Wow. Now that is just wrong. Like you. Paypal isn't getting that info from me. I'm not giving that info out to people I don't know. Sure paypal is a legit company. But do we know the people working there? NO. Well some might. But still that's a bad idea to implement.

    Chad
    Signature
    WebMasterBabble.com Webmaster Forum
    {{ DiscussionBoard.errors[6987713].message }}
  • Profile picture of the author OmarNegron
    Everyone had good points what I find funny is that paypal gives you the choice, if you choose to give them that information to simply make it quicker, than who's at fault? LOL I do agree Paypal is being sneaky and taking advantage of the fact that everyone would want the process faster than usual of course.

    I rather deal with them than any sort of other payment methods!

    - Will
    {{ DiscussionBoard.errors[6987755].message }}
  • Profile picture of the author Vishalicious
    Even if they have your username password no one can use that as now over here
    where i live bank sends a SMS to your cell phone with One Time Access Password.
    now there is no frick'in way they can get that!
    Signature
    Outsource Your Offline Business Projects. Just Send me a PM :)
    {{ DiscussionBoard.errors[6987799].message }}

Trending Topics