Helping people with computers... one answer at a time.

Paypal is a fast and convenient way to pay someone from your computer. Using Paypal elsewhere, on someone else's computer, can be very, very dangerous.

I recently attended a conference and trade show, and made a purchase. The vendor takes Paypal, so to make my payment she turned her laptop to me, and suggested I login to my Paypal account and make the payment right then and there. I did so, and it was very convenient.` Later, I told my spouse and was told that it's some kind of incredibly dangerous thing to do. Is it really that bad? If so, why? And what should I have done instead?

Yes, it really is that bad.

Why? Pretty simple really: you may have just given that vendor total access to your Paypal account.

I want to be really, really clear about two issues:

  • I'm a huge fan of Paypal, and I use it a lot. But caution is required.

  • I'm not accusing any vendor of anything. The vast majority are honest people of integrity.

All of this actually applies to any banking or even any other type of private account that you access using a web browser. And remember that Paypal is, basically, a banking account.

There are three basic ways that logging into a personal banking account on anyone else's computer can turn into a total disaster.

Spyware - since it's a computer you don't control, you have no idea whether or not there is spyware on that machine recording every keystroke entered and sending it to hacker overseas. You would be amazed at how many people don't run anti-spyware software at all. I know I'm continually amazed based simply on the problem reports I get here at Ask Leo! And spyware doesn't have to be obvious - in fact, the most dangerous type tries to hide as best it can. The result is that the owner of the computer, your quite honest vendor, may have no idea that their computer is infected.

"You would be amazed at how many people don't run anti-spyware software at all."

Unintentionally remembered information - one of the most common questions I get relates to how much information the browser remembers for you which it then offers back up to you as you type something in later. Form fields in particular - the very fields you enter your banking account ID and passwords into - are frequently remembered automatically - often including the password. That means someone could possibly walk back up to that computer, start typing and see your user name, select it, and be able to login to your account with your password.

Malice - it's quite possible, even fairly easy, to purposely install software or set up browser features to record your user name and password automatically. Like I said, I don't mean to impugn you or your vendor, and I'm certainly not accusing anyone of anything, but unless you trust them absolutely, this should always be in the back of your mind. Particularly at trade shows where people often travel in from far distances, never to be seen again after the show.

Things get worse if you're the vendor. Even if you're the model of integrity and perfection - by allowing people to log in to their accounts on your machine you're almost asking for trouble.

What kind of trouble? Temporary account suspension, and even false accusations.

Paypal's fraud detection looks for a large number of account logins from the same computer. That's often a sign of fraud - hackers who've stolen a number of Paypal account IDs will often then use their a single computer to then transfer funds to their own account from each stolen account. When Paypal sees a large number of transactions from different accounts on the same computer it sends up all sorts of red flags, and they temporarily suspend the receiving account while the situation is investigated. This is a good thing. It's an important way for Paypal to prevent or reduce fraud. But if that happens to you, you can be blocked from receiving more payments, as well a withdrawing any of your money, until the investigation completes.

Even worse, someone could, after using your computer to access their account accuse you of stealing their account information. And you'd be hard pressed to prove them wrong. Yes, with the appropriate help from the service such as Paypal you should be able to do so, but the time and effort to do so, plus the likelihood of your own account being suspended during the investigation, make even being right a potentially long and painful process.

So, vendor or customer, what do you do instead?

Well, clearly, don't login to Paypal, or whatever else, on someone else's computer, or let others login to yours, unless you're positive you understand all the issues involved and have that all important level of trust.

If appropriate, Paypal, in particular, has a service that will allow you to make payments by mobile phone.

Otherwise, if as a customer you're not carrying your own computer that you do trust, I can only recommend falling back on traditional payment methods: cash, credit cards and written checks.

Article C2789 - September 18, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Dave Taylor
September 18, 2006 10:18 PM

Another issue is about risk: with regular merchant accounts, your transaction fee percentage is based on whether you process "physical transactions' (e.g., card in hand) or just over the Internet. Since Paypal is designed just for the latter case, it might well violate the agreement with the credit card merchants [Visa, MasterCard, Discover, AmEx] to have it as a cheap Point of Sale device too.

sirpaul1
September 22, 2009 9:27 AM

If you get a 'bad' product, you can't get your money back. You just a credit on Paypal.

Glenn P.
September 22, 2009 2:06 PM

This issue is really, really, REALLY,  really simple, folks, and it's just four words (already used) long:

                                                "On Someone Else's Computer"

That's it, Jack. The issue isn't about PayPal at all! It's about using it on "Someone Else's Computer"!

Like... "Duh!" !?!!?!?!!!?!                (Sheesh!)

In Other Words, folks, using PayPal at a conference or open market is just fine -- just make sure to use your OWN  computer when you do!

Once again: Like... "Duh!"

Richard
May 9, 2010 12:43 PM

it would have been better if that vendor used a credit card processing system that interfaced with their paypal account such as usbswiper.com that way they could have processed credit card transactions easily and protected your privacy while still using their paypal account.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.