Sheer volume and loss-leader marketing (they make enough out of your transactions anyway ). PayPal is world-wide after all. They'd have a machine for seed-tagging and processing, so labour costs would be microscopic as well.

Also: banks and other financial institutions which use these token generators are ripping you off (most generators cost about 60 cents to make).

It's a service hosted by Verisign. They give you a token (a bit like a flattened football) with a LCD dispaly, they know the ID of the token, and when you get it they ask you to verify by entering in two numbers, a minute apart.

It's sort of a one-way calculation. Verisign can tell that a code that you entered must have come from your token based on the ID that they hold and the time of day. It is perhaps the safest way of ensuring that only you can use your account

My advise though, if you do use it, is to make sure that Paypal asks for the code every time. Paypal has a way that you can attach your code to your login as a bit of a shortcut, but it weakens the system, it makes you vulnerable to what is called a "man in the middle" attack. It is possible for a spoof site to intercept your verification code and then use the number immediately (the number is only good for 30 seconds).

Re using a Mac vs a PC, your Paypal information is stored by Paypal and eBay. This is not a Mac vs PC issue. Trojans will not install on your Mac unless you authorise them. The only ones I have ever heard about are on porn sites that want to install their own media player which has an embedded trojan. If you have not been naughty you will be OK. Also never say "yes" to installing something that you are not sure about.

I could get more technical here but peoples eyes would start glazing over. Decryption perhaps you can provide a more user friendly explanation

For security to two suggestions of a Verisign token and a seperate bank account rather than a credit card are ideal.

Consider the reduced cost of absorbing fraudulent transactions and there'd be a net gain.

i had fraud on my paypal account once and the banks couldn't do anything u have to go through paypal

According to someone at Whirlpool this was an error by PayPal and not a phishing scam. I got the email and checked all the links and addresses in it and they all seemed legit. I'm not saying that there aren't fake emails, but that this, most likely, wasn't one of them.

Hmmm I received an email about an expired credit card.

I was a bit worried as I have not had a registered credit card on my PayPal account for some years now!

After hearing so many horror stories about PayPal I decided to take away all of my linked accounts.

BTW Since no one answered this for you.

NO!

It won't help.

All the other answers here are of more help.

The point is, even if you do get a legit email from PayPal, don't click on any links in it, use your account as normal to fix the problem they ask you to fix.

BTW You should also read this...

http://www.internetnews.com/infra/ar...e+DNS+Flaw.htm

http://news.theage.com.au/world/hack...0725-3kpu.html

My brother, as I said, had money taken from his bank account (St. George Bank) through his PayPal account. The bank and PayPal worked in conjunction with the FBI to trace down the culprit. The Bank refunded the money.

Your complaints must first go through PayPal, but you must contact the bank and coax the whole thing along.

I've ordered one of the security keys. Like SMS security for my online banking (which is the only real extra security option) it adds an extra layer of difficulty to stealing my identity or financial details. It's gonna happen one day, it's just a question of how bad.

Am rethinking having my credit card connected directly, though.

I have a visa debit card that I use which I link to my paypal account. I only have $100 or so in it at each time so you can also limit your exposure this way as well.

Good also for buying online. At least you get the protection of Visa and your are not opening yourself up to credit card fraud. They can only take what is in the account (no credit limits)

This was all done last night , bank first to cancel the card and put a claim in and then Paypal . Actually Paypal sent me an email while i was on the phone to the Westpac fruad department that they suspected a third party had accessed my account , so they picked it up before i did .
I think what also helped with Westpac was that while i was on the phone to them and the card had been cancelled they picked up that illegal transactions were being attempted as we spoke .

Thanks everyone for the tips , security key has been ordered for my Paypal account , funds limited and all passwords on my computer have been changed .

Sorry, in the end do we know exactly how they got into your account? Or will it remain a guessing game?

Great news , only two days and Paypal has already refunded me the money

Seems my wife clicked on a link in a fake email about the card expiring and when she put our Paypal password in they got it .She didn't tell me because of how pissed off i was .They didn't get any card details ( even though it's been cancelled) or banking info , but i have changed all of it anyway along with passwords.


The security key is on the way too

Unbelievable that there are still so many naiive people when it comes to internet security. I was justreading at how Australians have been scammed by $36 million (THIRTY SIXMILLION!) through "Nigerian" scammers.

My Nigerian work colleague reveled in that knowledge.