PayPal is an extremely popular form of digital payment, widely accepted by many websites and apps. In fact, over 254 million people use PayPal!
If someone takes control of your PayPal account, they not only gain control of money in your PayPal account (your PayPal balance), they can also transfer money from accounts you have linked to your PayPal account. They can also learn a lot about you by seeing your transaction history.
For these reasons, you must set the security settings in your PayPal account. Let’s walk through them.
This guide shows the full, desktop version of the PayPal website. The steps provided can also be used on Paypal’s mobile website and PayPal apps. The links throughout the guide will take you directly to the pages referenced. This guide is based on a personal PayPal account; other account types (such as business) will have other options.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
Improve Paypal Security Using PayPal Settings
Click the gear in the top right of the site to open Settings.
Account
Below the main navigation menu, you’ll see the Settings menu. Click Account.
You may see old addresses, email addresses, and phone numbers. Remove those that are no longer unnecessary.
Security
In the Settings menu, click Security.
Click Password. Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
Click Security questions. Select from the available questions. For the answers, the best choice is to generate a random string of characters, like you’d use for a password. A password manager such as LastPass can do this. The next best choice would be to use a nonsense word; something that has nothing to do with the question you selected. Learn more about creating security answers.
Click 2-step verification. If 2-step verification isn’t already on, Turn On. Click Add a device. I recommend choosing to Use an authenticator app because authentication apps are more secure than receiving a code by SMS/text message. I like Authy as an authentication app, but you can also use Google Authenticator. Learn more in How & Why to Use Two-Factor Authentication.
Click the Permissions you’ve given. Review the websites and apps connected to your PayPal account. If there are any that don’t truly need access, click Remove.
Payments
Under Your preferred way to pay you can set your preferred payment methods for online and in-store purchases. It’s better to choose one of your credit cards rather than one of your debit cards or bank accounts, because credit cards generally have strong fraud protection and remediation.
Notifications
In the Settings menu, click Notifications.
Near the top of the page, click Email to review and edit the email address(es) where you receive notifications.
Payments: Click the icons for phone or SMS/text to enable the notifications you want to receive.
Marketing preferences: Click choose what you’d like to view Marketing preferences. At the bottom of the page, you can also choose to opt-out of interest-based advertising with the Digital Advertising Alliance. Doing so won’t prevent you from seeing ads; it just means they won’t be tailored to you. I recommend opting out of targeted advertising whenever possible, to limit the data companies collect, store, and share about you.
Paypal Security: Using PayPal Safely
If you have the PayPal app on a mobile device, make sure that the device has a strong passcode or PIN.
Even though using PayPal is generally safer than using your credit card (because the merchant doesn’t get your credit card details or some other personal details), you still need to be careful about who you buy from. Use the same precautions you would when doing any online shopping.
Don’t click links in emails that claim to be from PayPal. Because PayPal is so popular, many phishing emails claim to be from PayPal. It’s safer to log into your PayPal account and look for the item mentioned in the email or contact PayPal directly. Learn more about fraudulent emails.
If you use someone else’s device (computer, phone, tablet, etc.) to log into your PayPal account, be sure to log out when you’re finished! Otherwise, the other person can use your PayPal account after you leave. Because PayPal is a financial account, I recommend logging out even when you’re using your device. Fortunately, PayPal automatically logs you out after 10-15 minutes, but why leave that window of time open?
Don’t buy over public Wi-Fi. If you’re buying online, don’t do it over public Wi-Fi (the Wi-Fi offered at many coffee shops, restaurants, public libraries, etc.). Someone else on that network could see what you’re doing, and possibly capture financial data. It’s much safer to use your device’s mobile/cellular data connection. If you must use public Wi-Fi, use a VPN (Virtual Private Network) to protect your traffic as it travels over the public Wi-Fi network. I like ProtonVPN.
ProtonVPN offers secure VPN through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even when you are using public or untrusted Internet connections.
Keep the amount of money you store in PayPal (your PayPal balance) to a minimum. Unlike traditional bank accounts, PayPal accounts aren’t FDIC-insured.
As with any financial account, it’s a good idea to regularly review your transactions, watching for anything suspicious. If you notice anything questionable, contact PayPal.
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
Keeper is a top-rated password manager for protecting you, your family, and your business from password-related data breaches and cybersecurity threats.
1Password remembers all your passwords, so you can easily log in to sites with a single click.
Dashlane fills all your passwords, payments, and personal details wherever you need them, across the web, on any device.
