Financial technology and credit offer a multitude of options for making payments through encrypted transactions. As technologies advance, so to do the offerings available to constituents which has allowed both PayPal and credit card companies to bring more for their customers.
PayPal, credit cards, digital wallets, cryptocurrencies, and other advancements offer innovation as well as risks of security. When it comes to security there are a variety of ways information can be ripped off. Some of these ways include identity theft, html interception, server breaching, and point of sale attacks.
Oftentimes, payment information theft is a result of loose customer practices rather than advanced hacking methods. Any payment card can be compromised if it is stolen or willingly given to a fraudster through a scam. In some more sophisticated ways, payment information can be skimmed by thieves who setup technology at a point of sale like a gas station or ATM. All of these risks occur with any type of payment.
PayPal and credit card companies have been around for a long time. While they seek to mitigate some of the above risks, they can’t necessarily always be responsible for these types of lifts. Where higher standards come in is in the areas of encrypted technology systems. PayPal is one of the most advanced payment processors in terms of encrypted security but each credit card company you work with may have different standards.
First and foremost, regardless of the payment processor you are using, it is important to be cautious and careful with your own information. So beyond that, how safe are PayPal and credit cards—and what do you need to know?
KEY TAKEAWAYS
PayPal and credit cards are popular payment processing options for different reasons.
PayPal is associated and integrated more heavily with online transactions, online risks, and online vulnerabilities.
Credit cards usually come in a physical form for use at point of sale transmitters or manual online transactions which leads to some different types of vulnerabilities.
PayPal
PayPal is an industry leading payment processor with many standard credit and debit card options that match the offerings of rival competitors. Moreover, its services go beyond to offer very easy online payment processing.
Many people are aware of the risks for standard credit and debit cards in the physical form but online payment processing presents more advanced risks. Generally, online complexities can be twofold, on the side of the sender and on the side of the receiver/merchant.
PayPal’s platform seeks to mitigate risks by incorporating a secure gateway. In many cases the secure gateway can help to alleviate the risk of compromised information from both the sender and receiver. Regardless, for all customers, using only safe, locked websites can be an important precaution that helps avoid compromised information being taken from technical inadequacies.
Some insights into PayPal’s security testaments include the following:
Encrypted information with the highest level of commercially available technology
Data stored on servers that aren’t directly connected to the internet
Gateway that can allow for payments through the PayPal system using email/password without full transmission of payment information to the merchant
Slava Gomzin, author of "Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions," supports their contention. “If you have a choice on the web, always select PayPal,” Gomzin says.
PayPal even pays hackers if they find vulnerabilities in its systems. According to Dean Turner, director of security intelligence at PayPal, "If you care about the product [and] you care about your customers, you care about your customers' security—this is what you have to do."
The PayPal brand can also be associated with several other names under the company’s umbrella. PayPal has bought Braintree, Venmo, Paydiant, Xoom, Modest, Tio, iZettle, Hyperwallet, and Honey. These companies don’t necessarily offer the same testaments though they leverage some of the same development channels. Thus, keep in mind that using any of PayPal’s brands does not necessarily offer the same promises, so it can be important to do your research on each to see how the security works.
What about Credit Cards?
Credit cards themselves can be a class of their own. Credit cards will usually have a physical form. This means a user has possession of a card that includes card numbers and authorization data. This differs from the PayPal Credit offering for example which is completely online based.
As discussed, physical form credit cards are more susceptible to the risks of physical theft, scamming, and skimming. This can present more vulnerabilities at both brick and mortar merchants as well as online.
Most credit card companies have heavily invested in leading security technology that matches that of PayPal and other industry leaders. Not every credit card company is the same though, some like Chase, American Express, and Bank of America are more advanced than others. This leaves some responsibility with the user to understand security precautions.
When compared to PayPal, credit card security risks can be somewhat more heavily owned by the user themself. When using a credit card for an online payment, most companies don’t offer a gateway to shield account information at all. This means there is a higher need to ensure that an online payment is made through a secure site (these will usually include https and have a lock symbol). Without any shielding of financial account information, credit card numbers run a higher risk than PayPal payments of being intercepted when transmitted through the website’s development code.
Credit card companies have also been known to be somewhat less guarded and resistant to some of the cybersecurity practices that PayPal employs. According to the Financial Services Roundtable, the banking industry does not pay hackers to alert them to security flaws, for example. PayPal, however, is the Holy Grail for hackers. Just because the company hasn’t been hacked doesn’t mean that it won’t be. Hackers are constantly trying to break into PayPal’s servers. And while PayPal operates through a gateway using email/password authentication rather than standard transmissions, the theft of a user’s email/password could compromise their entire wallet rather than just a single card—though credit card companies may be required to take some responsibilities if fraudulent transactions occur.
In the credit card world, another area for added security to be on the lookout for is the chip. Already used in most European countries and many others, these cards offer an added layer of security. The chip more protectively stores information better than a magnetic strip. Most card companies also require added interface verifications on the processing end which makes the information more difficult to steal from a chip card reader. (For more, read What You Need to Know about EMV Credit Cards.)
Data Breaches
Beyond a customers’ actions, both PayPal and credit card companies can be at risk of a breach. Breaches require their own unique schemes. A fraudster seeking to perform a data breach, takes more direct actions to hack its way through firewalls and security preventions. The goal is to penetrate a database in order to steal multiple accounts rather than just one. Thus, cybersecurity efforts for protecting databases at both PayPal and credit card companies are equally important.
Protect Yourself
The best technologies and brightest teams of cybersecurity experts can only do so much. Oftentimes, a majority of the risk of using both PayPal and credit cards are in the hands of the user. Studies have found that only a fractional percentage of users change their passwords regularly. Many users are also loose with their information or lazy when it comes to creating unique usernames and passwords. Things like “password” and “123456” are easy targets. Also, if your password is easy to remember, it is also probably easy to hack so it is time to change it.
Top additional precautions can also include checking your bank and credit card statements regularly, setting up monitoring service, not using the same passwords for everything, and always being skeptical about any inquiry in an email or request for information. Take the extra time to take extra precautions, including researching websites, calling companies and merchants to verify important details.
The Bottom Line
PayPal and individual credit card companies offer unique services and products. Choosing which to use may be a matter of the services you need, the functionalities available, the offers presented, and the rates charged. When using either it is important to know what the security measures are and where the highest risks lie. With both PayPal and credit cards, a high amount of risk falls on the actions of the user.
PayPal seeks to help keep information safe by using an email/password as a throughway. This makes the theft of that identifier more important to understand. Credit cards on the other hand have a higher risk of physical theft vulnerability. Thus, safety in using both can be more heavily placed on the awareness of the users choosing to use them.
When it comes to data breaches, PayPal and credit card companies operate slightly differently. PayPal offloads a great deal of information away from the internet and onto its own storage which can be harder to hit directly. Credit card companies often rely on more institutionalized means like corporate server firewalls. For the user, companies are required to take more responsibility for a data breach over a bad transaction so being a cautious customer can help prevent a great deal of the detrimental risks of loss.
PayPal, credit cards, digital wallets, cryptocurrencies, and other advancements offer innovation as well as risks of security. When it comes to security there are a variety of ways information can be ripped off. Some of these ways include identity theft, html interception, server breaching, and point of sale attacks.
Oftentimes, payment information theft is a result of loose customer practices rather than advanced hacking methods. Any payment card can be compromised if it is stolen or willingly given to a fraudster through a scam. In some more sophisticated ways, payment information can be skimmed by thieves who setup technology at a point of sale like a gas station or ATM. All of these risks occur with any type of payment.
PayPal and credit card companies have been around for a long time. While they seek to mitigate some of the above risks, they can’t necessarily always be responsible for these types of lifts. Where higher standards come in is in the areas of encrypted technology systems. PayPal is one of the most advanced payment processors in terms of encrypted security but each credit card company you work with may have different standards.
First and foremost, regardless of the payment processor you are using, it is important to be cautious and careful with your own information. So beyond that, how safe are PayPal and credit cards—and what do you need to know?
KEY TAKEAWAYS
PayPal and credit cards are popular payment processing options for different reasons.
PayPal is associated and integrated more heavily with online transactions, online risks, and online vulnerabilities.
Credit cards usually come in a physical form for use at point of sale transmitters or manual online transactions which leads to some different types of vulnerabilities.
PayPal
PayPal is an industry leading payment processor with many standard credit and debit card options that match the offerings of rival competitors. Moreover, its services go beyond to offer very easy online payment processing.
Many people are aware of the risks for standard credit and debit cards in the physical form but online payment processing presents more advanced risks. Generally, online complexities can be twofold, on the side of the sender and on the side of the receiver/merchant.
PayPal’s platform seeks to mitigate risks by incorporating a secure gateway. In many cases the secure gateway can help to alleviate the risk of compromised information from both the sender and receiver. Regardless, for all customers, using only safe, locked websites can be an important precaution that helps avoid compromised information being taken from technical inadequacies.
Some insights into PayPal’s security testaments include the following:
Encrypted information with the highest level of commercially available technology
Data stored on servers that aren’t directly connected to the internet
Gateway that can allow for payments through the PayPal system using email/password without full transmission of payment information to the merchant
Slava Gomzin, author of "Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions," supports their contention. “If you have a choice on the web, always select PayPal,” Gomzin says.
PayPal even pays hackers if they find vulnerabilities in its systems. According to Dean Turner, director of security intelligence at PayPal, "If you care about the product [and] you care about your customers, you care about your customers' security—this is what you have to do."
The PayPal brand can also be associated with several other names under the company’s umbrella. PayPal has bought Braintree, Venmo, Paydiant, Xoom, Modest, Tio, iZettle, Hyperwallet, and Honey. These companies don’t necessarily offer the same testaments though they leverage some of the same development channels. Thus, keep in mind that using any of PayPal’s brands does not necessarily offer the same promises, so it can be important to do your research on each to see how the security works.
What about Credit Cards?
Credit cards themselves can be a class of their own. Credit cards will usually have a physical form. This means a user has possession of a card that includes card numbers and authorization data. This differs from the PayPal Credit offering for example which is completely online based.
As discussed, physical form credit cards are more susceptible to the risks of physical theft, scamming, and skimming. This can present more vulnerabilities at both brick and mortar merchants as well as online.
Most credit card companies have heavily invested in leading security technology that matches that of PayPal and other industry leaders. Not every credit card company is the same though, some like Chase, American Express, and Bank of America are more advanced than others. This leaves some responsibility with the user to understand security precautions.
When compared to PayPal, credit card security risks can be somewhat more heavily owned by the user themself. When using a credit card for an online payment, most companies don’t offer a gateway to shield account information at all. This means there is a higher need to ensure that an online payment is made through a secure site (these will usually include https and have a lock symbol). Without any shielding of financial account information, credit card numbers run a higher risk than PayPal payments of being intercepted when transmitted through the website’s development code.
Credit card companies have also been known to be somewhat less guarded and resistant to some of the cybersecurity practices that PayPal employs. According to the Financial Services Roundtable, the banking industry does not pay hackers to alert them to security flaws, for example. PayPal, however, is the Holy Grail for hackers. Just because the company hasn’t been hacked doesn’t mean that it won’t be. Hackers are constantly trying to break into PayPal’s servers. And while PayPal operates through a gateway using email/password authentication rather than standard transmissions, the theft of a user’s email/password could compromise their entire wallet rather than just a single card—though credit card companies may be required to take some responsibilities if fraudulent transactions occur.
In the credit card world, another area for added security to be on the lookout for is the chip. Already used in most European countries and many others, these cards offer an added layer of security. The chip more protectively stores information better than a magnetic strip. Most card companies also require added interface verifications on the processing end which makes the information more difficult to steal from a chip card reader. (For more, read What You Need to Know about EMV Credit Cards.)
Data Breaches
Beyond a customers’ actions, both PayPal and credit card companies can be at risk of a breach. Breaches require their own unique schemes. A fraudster seeking to perform a data breach, takes more direct actions to hack its way through firewalls and security preventions. The goal is to penetrate a database in order to steal multiple accounts rather than just one. Thus, cybersecurity efforts for protecting databases at both PayPal and credit card companies are equally important.
Protect Yourself
The best technologies and brightest teams of cybersecurity experts can only do so much. Oftentimes, a majority of the risk of using both PayPal and credit cards are in the hands of the user. Studies have found that only a fractional percentage of users change their passwords regularly. Many users are also loose with their information or lazy when it comes to creating unique usernames and passwords. Things like “password” and “123456” are easy targets. Also, if your password is easy to remember, it is also probably easy to hack so it is time to change it.
Top additional precautions can also include checking your bank and credit card statements regularly, setting up monitoring service, not using the same passwords for everything, and always being skeptical about any inquiry in an email or request for information. Take the extra time to take extra precautions, including researching websites, calling companies and merchants to verify important details.
The Bottom Line
PayPal and individual credit card companies offer unique services and products. Choosing which to use may be a matter of the services you need, the functionalities available, the offers presented, and the rates charged. When using either it is important to know what the security measures are and where the highest risks lie. With both PayPal and credit cards, a high amount of risk falls on the actions of the user.
PayPal seeks to help keep information safe by using an email/password as a throughway. This makes the theft of that identifier more important to understand. Credit cards on the other hand have a higher risk of physical theft vulnerability. Thus, safety in using both can be more heavily placed on the awareness of the users choosing to use them.
When it comes to data breaches, PayPal and credit card companies operate slightly differently. PayPal offloads a great deal of information away from the internet and onto its own storage which can be harder to hit directly. Credit card companies often rely on more institutionalized means like corporate server firewalls. For the user, companies are required to take more responsibility for a data breach over a bad transaction so being a cautious customer can help prevent a great deal of the detrimental risks of loss.