How to Make Your Account More Secure
The Covid pandemic has accelerated the transformation of many people’s shopping behaviors, with one of the biggest transformations being the rapid shift to shopping online. E-commerce has become the new norm of consumption for many during the COVID lockdowns. As a result — unfortunately, in the age of e-commerce — cybercrime has emerged and is responsible for increased losses across the economy.
Account takeover is one of the most common types of e-commerce fraud, and it can cause serious financial and reputational ramifications. PayPal — as a pioneer in the digital payment industry — always takes account security seriously and invests heavily in fighting cyber criminals, with account takeover being one of the most prominent areas of attention. Below are some of the ways PayPal combats account takeover fraud, and best practices in account security that you can follow to reduce the risk of ATO and improve the security of your account.
What is account takeover?
Account takeover (also known as account theft) is an attack vector that presents challenges to digital payment. This happens when a malicious third-party gains access to someone’s account and steals their money or information. Users of all types can be targeted regardless of how long ago they registered, how frequently they use their account, where they are, or what they are purchasing.
How does it happen?
Account takeover is usually achieved by phishing and scamming where fake alerts are sent to users, tricking them to sharing their log-in credentials. Cybercriminals leverage other techniques as well, including social engineering, credential stuffing, and dictionary hacking.
Once hackers gain access to an account, they can do many things to cause trouble, such as:
- Place fraudulent orders
- Transfer or withdraw funds
- Change account information, including phone number, address, email, and password
- Sell account information on the dark web
In many cases, the damage of account takeover can be extensive. If you suspect someone has stolen your account, you must act as quickly as possible to minimize the serious financial consequences. You can learn how to report account takeover, at our Security Center.
How to protect your account?
Strengthen your password — Create a strong and unique password for all your online accounts. A common mistake is repeatedly using the same password for all your online accounts. Also refrain from using common passwords or sequential numbers or letters, as these will be easily solved in several guess attempts. To learn more about strengthening your passwords, see our Tips for creating a password.
Update your apps — Make sure you are using the latest versions of the apps on your devices, as well as the latest operating systems. Out-of-date apps and operating system give hackers opportunities to explore vulnerabilities.
Avoid suspicious content — Phishing attacks happen when a malicious source asks for your private information by pretending to be a legitimate institute, friend, coworker, family, or someone else you trust. Never give out your financial information or personal credentials to such requests. To learn more about how to recognize fraudulent contents, visit How to identify fake messages.
Review your activity — Nobody knows your accounts as well as you do. It is fundamental to keep close tabs on the activity in your accounts. Make notice of any abnormalities, such as:
- Unrecognized payments
- Strange access from other devices
- Profile changes not from you
- Suspicious bank accounts or cards added
Beware of notifications — PayPal sends alerts to account holders if something unusual occurs. For example, if your account is logged into from a foreign country, you will receive an immediate SMS or an alert in the mobile app that informs you about the unusual activity and asks you to confirm whether it was you accessing the account. By simply paying attention to the push notifications for your accounts, you can help stop fraud.
What does PayPal do to prevent account takeover?
At PayPal, we take account security seriously, and we are making every effort to defend you against would-be fraudsters and cybercriminals. We’ve been doing this for more than two decades, and we have gained world class experience and expertise. We have unique insights into fraud detection, enabling us to create protection that covers you no matter where you are in the globe.
Our account taking over (ATO) module helps us detect fraudster attacks that would otherwise be unidentified by traditional risk-management techniques. Our system is powered by machine learning algorithms that take in hundreds of pieces of information and analyzes them using an artificial intelligence model that looks for any clues that may signal risk. PayPal pioneered developing cutting-edge models and solutions for risk management that leverage large volumes of data and artificial intelligence techniques (such as neural network and gradient boosting).
Cybercriminals are becoming smarter to though, and we continually upgrade our tactics to combat the ever-changing challenges. Our module consumes additional datasets and variable elements every year, allowing us to learn from the cybercriminal’s actions as well as react rapidly to the recent fraud trends. We also embrace a host of new features that can improve our model’s predictive capability, which can help us to distinguish between good and bad transactions with greater precision, thus good transactions flow more seamlessly, while only bad transactions are stopped.
With our cutting-edge techniques, your PayPal account is secured with all-round protection while you are shopping online. We will continue to make significant investment to innovate and optimize our techniques, strengthen our platform, and enhance our commerce enablement. We will always step up to serve our customers with better, safer, and smoother shopping experience.
