PayPal is an extremely popular form of digital payment, widely accepted by many websites and apps. In fact, over 254 million people use PayPal!
If someone takes control of your PayPal account, they not only gain control of money in your PayPal account (your PayPal balance), they can also transfer money from accounts you have linked to your PayPal account. They can also learn a lot about you by seeing your transaction history.
For these reasons, it’s critical that you set the security settings in your PayPal account. Let’s walk through them.
This guide shows the full, desktop version of the PayPal website. The steps will be similar for the mobile website and PayPal apps. The links throughout the guide will take you directly to the pages referenced. This guide is based on a personal PayPal account; other account types (such as business) will have other options.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
Note: This page contains affiliate links. As an Amazon Associate I earn from qualifying purchases. Please see Affiliate Disclosure.
Click the gear in the top right of the site to open Settings.
Below the main navigation menu you’ll see the Settings menu. Click Account.
You may see old addresses, email addresses, and phone numbers. Remove those that are no longer unnecessary.
In the Settings menu, click Security.
Click Password. Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.
Click Security questions. Select from the available questions. For the answers, the best choice is to generate a random string of characters, like you’d use for a password. A password manager such as LastPass can do this. The next best choice would be to use a nonsense word; something that has nothing to do with the question you selected. Learn more about creating security answers.
Click 2-step verification. If 2-step verification isn’t already on, Turn On. Click Add a device. I recommend choosing Use an authenticator app because authentication apps are more secure than receiving a code by SMS/text message. I like Authy as an authentication app, but you can also use Google Authenticator. Learn more in How & Why to Use Two-Factor Authentication.
Click Permissions you’ve given. Review the websites and apps connected to your PayPal account. If there are any that don’t truly need access, click Remove.
Under Your preferred way to pay you can set your preferred payment methods for online and in-store purchases. It’s better to choose one of your credit cards rather than one of your debit cards or bank accounts, because credit cards generally have strong fraud protection and remediation.
In the Settings menu, click Notifications.
Near the top of the page, click Email to review and edit the email address(es) where you receive notifications.
Payments: Click the icons for phone or SMS/text to enable the notifications you want to receive.
Marketing preferences: Click choose what you’d like to view Marketing preferences. At the bottom of the page you can also choose to opt-out of interest-based advertising with the Digital Advertising Alliance. Doing so won’t prevent you from seeing ads; it just means they won’t be tailored to you. I recommend opting out of targeted advertising whenever possible, to limit the data companies collect, store, and share about you.
Using PayPal Safely
If you have the PayPal app on a mobile device, make sure that device has a strong passcode or PIN.
Even though using PayPal is generally safer than using your credit card (because the merchant doesn’t get your credit card details or some other personal details), you still need to be careful about who you buy from. Use the same precautions you would when doing any online shopping.
Don’t click links in emails that claim to be from PayPal. Because PayPal is so popular, many phishing emails claim to be from PayPal. It’s safer to log into your PayPal account and look for the item mentioned in the email, or contact PayPal directly. Learn more about fraudulent emails.
If you use someone else’s device (computer, phone, tablet, etc.) to log into your PayPal account, be sure to log out when you’re finished! Otherwise, the other person can use your PayPal account after you leave. Because PayPal is a financial account, I recommend logging out even when you’re using your own device. Fortunately, PayPal automatically logs you out after 10-15 minutes, but why leave that window of time open?
Don’t buy over public Wi-Fi. If you’re buying online, don’t do it over public Wi-Fi (the Wi-Fi offered at many coffee shops, restaurants, public libraries, etc.). Someone else on that network could see what you’re doing, and possibly capture financial data. It’s much safer to use your device’s mobile/cellular data connection. If you must use public Wi-Fi, use a VPN (Virtual Private Network) to protect your traffic as it travels over the public Wi-Fi network. I like ProtonVPN.
Keep the amount of money you store in PayPal (your PayPal balance) to a minimum. Unlike traditional bank accounts, PayPal accounts aren’t FDIC-insured.
As with any financial account, it’s a good idea to regularly review your transactions, watching for anything suspicious. If you notice anything questionable, contact PayPal.