I have been a user of Paypal ever since, well, forever, but certainly for at least 25 years by my guess. Today I closed my account, thanks to having gotten several invoices from fraudsters. Today I got an invoice that I couldn’t delete. {“An error has occurred” … no kidding. I felt a great disturbance in the force.) Brian Krebs wrote about this trend last year.
This isn’t the first time I have written about Paypal security and scams. Check out here for 2010, here for 2007, and here for 2006.
Last year, after getting another fake invoice, I took precautions by eliminating my checking account as a payment method, and left my account using a credit card as the sole source of funds. This comes after not having had any actual funds in my PP account for years, just using it as a transfer mechanism from some vendors that still paid me that way. Money would come in, and it would go out quickly.
It made me sad to close my PP account — the process which is very easy and just took seconds online, so thanks Paypal for making that simple. And I realize, as one of my friends remarked, that I am not really addressing the problem — any online payment vendor could become the next darling of the fraudsters and give me grief down the road. But I guess I feel that enough is enough. I already use Venmo (which is owned by PayPal), Apple Pay and Google Pay. Do I really need anything else? My son-in-law will start working at Melio, which looks interesting, but I really don’t need another service for my back office accounting.
A few months ago I wrote this piece for CNN’s Underscored about using mobile payment apps. I rated Apple Pay the best of the bunch — if you have an iPhone. But what about web-based apps? There is Google Pay, of course.
I would recommend reading my CNN piece for the caveats about how to stay safe using online payment products. But there is one thing that I didn’t mention — this concept of how to firewall your banking infrastructure. The bank account that was formerly connected to my now-gone Paypal account was my main corporate checking account. That wasn’t a good idea: some hacker could have gained access to those funds. Given the current state of fraudulent invoices, you should have a separate bank account that is just used as a repository for your online transactions. Ideally, it should be at a different bank than your “real” accounts. Just keep a small balance there when you need it. Or use credit cards (and accept the 3% processing fees are the cost of using them.
I just feel like the bad guys have won, and I hate that. I guess it could have been worse: I could have inadvertently paid that fake invoice. Keep sharp out there. Now if I could just stop those nearly daily phone calls from scammers trying to get me to sign up for various Covid cash schemes.
I use PayPal a lot – and am not going to stop now. But I did, thanks to your article, remove my checking account info. Thanks!
I too have received several fraudulent Pay Pal and Venmo invoices. Today, for the first time, I received a fake Stripe request. Because i never suspected stripe I did click on the link (shame on me!).
Cheers!