My local lodge of the Fraternal Order of Police is considering using PayPal for
chapter dues payment. However, one of the members fears that PayPal is not
secure. He tells us that PayPal user information has been hacked. He is afraid
that could happen again, putting members at risk. What is your view?
I
think that PayPal is as safe as other financial services on the Internet. In
fact, it has fared better than average. Big names including Bank of America,
Ernst & Young, Wells Fargo and Wachovia have lost customer data. The breaches
are usually due to accidents or inside jobs, not hacking.
Financial services typically use encryption as part of their security. In my
opinion, it's the most important part. Well-encrypted data is useless even if it
is intercepted. That's why, for example, it's so important on
wireless home networks.
According to PayPal's
privacy policy, "Your credit card and bank account information are stored
only in encrypted form on computers that are not connected to the Internet."
So why might someone be leery of the service? PayPal's reputation is probably
hurt most by spam and phishing schemes.
PayPal customers have long been a favorite target of phishing schemes. The
phony e-mail messages are made to look like notices from PayPal. They typically
instruct victims to update their account information.
The phishing message then links to a Web page designed to steal any account
information entered into it. And of course, the page is spoofed to look like the
real PayPal site.
These phishing messages are sent blindly to millions of people. Recipients
without PayPal accounts probably dismiss the messages as spam. PayPal users,
however, may be suckered.
Recently, a corrupted page was discovered on the real PayPal site. The page
linked to an outside phishing site asking for account information. The problem
was quickly fixed.
You can get tips for
avoiding
phishing schemes on my Web site.
Phishing schemes depend upon victims handing over their information. Your
average police officer probably isn’t that gullible.
It sounds like your member might be concerned with Internet security in
general. PayPal, like other sites, uses SSL (Secure Socket Layer). SSL uses
unbreakable 128-bit encryption, at least.
I have no qualms about using the Internet for confidential matters. It’s true
that hackings have occurred on Internet sites. I’m not aware of a major one on
PayPal, although I could be wrong. I have never had a problem there. As far as I
know, PayPal’s security is adequate.
An inside job is much more likely. Or an employee could lose a laptop loaded
with information. Either could happen to any business. In fact, something seems
to occur everyday!
Have more questions? Check out my
Message Board!
Kim :)