PayPal won’t refund an unauthorized charge on John Boham-Cook’s account, even though it reversed two others by the same fraudster. How can he get the company to see things his way?
Question
I had three unauthorized transactions on my PayPal account recently. PayPal blocked one of them and issued a refund. A short while later, PayPal refunded the second fraudulent transaction. But the third transaction, for $2,600, is still in my account.
All of these transactions were made by the same fraudster at the same time from Dortmund, Germany. It looks like the scammer somehow got my password. But I have never published my credentials and they are not held on my computer — only on an encrypted USB stick accessed when I need the info. Also, I always use PayPal from the same IP address.
I have contacted PayPal by phone numerous times and appealed. PayPal has refused to acknowledge the fraudulent transaction.
In the meantime, I have changed my password and set up two-step verification. I blocked my bank from sending any money to PayPal, but I would like to settle this dispute and wondered if you could help. — John Boham-Cook, Augsburg, Germany
Answer
PayPal should have blocked all three transactions. But its fraud-detection systems aren’t perfect, so here’s what probably happened. One transaction went through without any red flags. PayPal flagged the second one from the same IP address and blocked the third one. In other words, its systems were reasonably confident that the third transaction was incorrect, so it stopped the transaction. PayPal reversed the second one eventually. But it wasn’t quite sure about the first one.
It appears its systems were not sophisticated enough to tie them all to the same fraudster. I don’t want to go any further because it would only give future fraudsters a roadmap to defraud PayPal users.
How to keep your PayPal account safe
I’ve seen countless cases of fraud and scams that have left PayPal users devastated. So let’s talk about how to keep your PayPal account from getting hacked. (Related: Help! The seals on my window blinds are melting.)
Never share your password
Just. Don’t. I’ve lost count of the number of cases that involved a shared password. If you need someone else to have access to PayPal, get them their own account. (Related: I didn’t make a PayPal donation. So where did my money go?)
Enable two-factor authentication
Two-factor authentication (2FA) adds another layer of security to your account by requiring a code in addition to your password to log in. It’s a simple step that can make a big difference in keeping your account safe. (To set up 2FA in PayPal, go to your control panel in PayPal, select your user icon in the top right corner, click on “my user” from the drop-down menu, scroll to the two-factor authentication section and click the “enable” button.
Set up a hardware security key
Register a WebAuthn U2F compatible security key with your account. That means only a person with the hardware key (or someone on PayPal’s side) can access your account. (To set up a hardware key, go to your control panel in PayPal. Select the gear icon in the top right corner, and click team from the drop-down menu. Then locate the user you would like to make changes to, scroll to the two-factor authentication section, and select the “add key” button.)
Keep your software up to date
Be sure you’re running the latest version of your operating system and web browser, as well as any security software you have installed. That helps prevent hackers from exploiting vulnerabilities in older software.
Don’t click on any suspicious links
PayPal scammers are smart. I almost fell for one. Scammers often send emails or messages that look like they’re from PayPal. But they’re designed to trick you into giving away your login credentials or other sensitive information. Always, always double-check the sender’s email address and be suspicious of any requests for personal information.
Monitor your account regularly
Check your PayPal account frequently to make sure there are no unauthorized transactions or other suspicious activity. If you notice something unusual, report it to PayPal right away. (Related: What is this unauthorized transaction on my PayPal account?)
By following these steps, you can help protect yourself from fraud and keep your PayPal account secure.
Your PayPal fraudulent charge problem didn’t make sense
Here’s what really concerns me. You said you were using a password USB key to access PayPal. That means the only person who can access your account is someone with the physical key.
How did a criminal manage to get into your account without the key? That is a serious problem, and unfortunately, there’s no evidence PayPal has done anything to address it.
You could have contacted one of the PayPal executives I publish on my consumer advocacy site, Elliott.org. A brief, polite email to one of them might have escalated your case. I also publish a free guide on how to reverse an unauthorized charge on PayPal. I’ll give you the Reader’s Digest version: Keep a meticulous paper trail and, when necessary, appeal to one of the PayPal executives.
You reached out to my advocacy team. I contacted PayPal on your behalf. You also reached out to one of the executives. And that worked.
“They have finally refunded the money,” you reported. “I will never understand how PayPal works, and I’m not sure I want to continue to use PayPal.”