Stolen account data
Consumer advocates warn of Paypal scams
12/17/2024 – 1:07 p.mReading time: 2 min.
Criminals exploit a Paypal function to shop using third-party bank details. Those affected should react quickly.
Fraudsters use a PayPal function to make purchases using someone else’s account details. Because the payment service provider has hardly put any protective measures in place, those affected have to take action themselves, warns the North Rhine-Westphalia consumer advice center.
Specifically, it is about the “Pay without a Paypal account” function that the service offers. The platform allows you to pay by direct debit from online retailers without having to create a Paypal account.
The buyer only needs to provide the IBAN when purchasing. Paypal probably doesn’t check whether this belongs to the person placing the order.
“Paypal carries out security checks when processing payments as part of its risk management and fraud prevention measures,” a spokeswoman for the payment service is quoted as saying. Consumer advocates criticize Paypal for not providing any further details.
On the contrary: “The regulations for payments without a Paypal account make no statement at all about whether and how specified IBANs or identities are checked.” The company only checks the identity of the respective user when opening a PayPal account.
In a specific case, Paypal wanted 56.75 euros from a user – for a purchase that he knew nothing about, it is said. PayPal had previously tried to debit the money from the person concerned’s account, which no longer existed since 2018. It is unclear where the criminals got the account details from.
“The affected account numbers can be obtained by criminals from a variety of sources,” said consumer advocates. These included data leaks from companies, as loot in hacking attacks, from databases on the dark web or through data collection using dubious competitions.
If consumers notice that unauthorized money has been withdrawn from their account, they should:
In principle, consumers should rarely provide sensitive data such as account details and certainly not leave them in a publicly readable manner, consumer advocates advise.