I recently attended a conference and trade show, and made a purchase. The
vendor takes Paypal, so to make my payment she turned her laptop to me, and
suggested I login to my Paypal account and make the payment right then and
there. I did so, and it was very convenient.` Later, I told my spouse and was
told that itâs some kind of incredibly dangerous thing to do. Is it really that
bad? If so, why? And what should I have done instead?
Yes, it really is that bad.
Why? Pretty simple really: you may have just given that vendor total access
to your Paypal account.
Become a Patron of Ask Leo! and go ad-free!
I want to be really, really clear about two issues:
-
Iâm a huge fan of Paypal, and I use it a lot. But caution is
required. -
Iâm not accusing any vendor of anything. The vast majority
are honest people of integrity.
All of this actually applies to any banking or even any other type of
private account that you access using a web browser. And remember that Paypal
is, basically, a banking account.
There are three basic ways that logging into a personal banking account on
anyone elseâs computer can turn into a total disaster.
Spyware â since itâs a computer you donât control, you have
no idea whether or not there is spyware on that machine recording
every keystroke entered and sending it to hacker overseas. You would be
amazed at how many people donât run anti-spyware software at all. I
know Iâm continually amazed based simply on the problem reports I get here at
Ask Leo! And spyware doesnât have to be obvious â in fact, the most dangerous
type tries to hide as best it can. The result is that the owner of the
computer, your quite honest vendor, may have no idea that their computer is
infected.
anti-spyware software at all.â
Unintentionally remembered information â one of the most
common questions I get relates to how much information the browser remembers
for you which it then offers back up to you as you type something in later.
Form fields in particular â the very fields you enter your banking account ID
and passwords into â are frequently remembered automatically â often
including the password. That means someone could possibly walk back up to
that computer, start typing and see your user name, select it, and be
able to login to your account with your password.
Malice â itâs quite possible, even fairly easy, to
purposely install software or set up browser features to record your user name
and password automatically. Like I said, I donât mean to impugn you or your
vendor, and Iâm certainly not accusing anyone of anything, but unless you trust
them absolutely, this should always be in the back of your mind. Particularly
at trade shows where people often travel in from far distances, never to be
seen again after the show.
Things get worse if youâre the vendor. Even if youâre the model of integrity
and perfection â by allowing people to log in to their accounts on your machine
youâre almost asking for trouble.
What kind of trouble? Temporary account suspension, and even false
accusations.
Paypalâs fraud detection looks for a large number of account logins from the
same computer. Thatâs often a sign of fraud â hackers whoâve stolen a number of
Paypal account IDs will often then use their a single computer to then transfer
funds to their own account from each stolen account. When Paypal sees a large
number of transactions from different accounts on the same computer it sends up
all sorts of red flags, and they temporarily suspend the receiving account
while the situation is investigated. This is a good thing. Itâs an
important way for Paypal to prevent or reduce fraud. But if that happens to
you, you can be blocked from receiving more payments, as well a withdrawing any
of your money, until the investigation completes.
Even worse, someone could, after using your computer to access their account
accuse you of stealing their account information. And youâd be hard pressed to
prove them wrong. Yes, with the appropriate help from the service such as
Paypal you should be able to do so, but the time and effort to do so, plus the
likelihood of your own account being suspended during the investigation, make
even being right a potentially long and painful process.
So, vendor or customer, what do you do instead?
Well, clearly, donât login to Paypal, or whatever else, on someone
elseâs computer, or let others login to yours, unless youâre positive
you understand all the issues involved and have that all important level of
trust.
If appropriate, Paypal, in particular, has a service that will allow you to
make payments by mobile phone.
Otherwise, if as a customer youâre not carrying your own computer that you
do trust, I can only recommend falling back on traditional payment
methods: cash, credit cards and written checks.
Another issue is about risk: with regular merchant accounts, your transaction fee percentage is based on whether you process âphysical transactionsâ (e.g., card in hand) or just over the Internet. Since Paypal is designed just for the latter case, it might well violate the agreement with the credit card merchants [Visa, MasterCard, Discover, AmEx] to have it as a cheap Point of Sale device too.
If you get a âbadâ product, you canât get your money back. You just a credit on Paypal.
This issue is really, really, REALLY, Â really simple, folks, and itâs just four words (already used) long:
                                                âOn Someone Elseâs Computerâ
Thatâs it, Jack. The issue isnât about PayPal at all! Itâs about using it on âSomeone Elseâs Computerâ!
Like⊠âDuh!â !?!!?!?!!!?!                (Sheesh!)
In Other Words, folks, using PayPal at a conference or open market is just fine â just make sure to use your OWN Â computer when you do!
Once again: Like⊠âDuh!â
it would have been better if that vendor used a credit card processing system that interfaced with their paypal account such as usbswiper.com that way they could have processed credit card transactions easily and protected your privacy while still using their paypal account.