FYI Anyone can use your Pay Pal account

As of November 2011, (possibly sooner and definitely today) did you know anyone can access your PayPal account via PayPal’s other online payment option called “Bill Me Later”?

Yes… it is indeed a fact…. One I verified with an agent in the Security department of Pay PaL myself.

All they have to do is to have a valid email account (Hot Mail, etc., not your own or even the one you registered with PayPal), your name and your physical (billing/shipping) address?

This according to my own experience and the Pay Pal security/Fraud department agent I spoke with at length on the phone with yesterday afternoon. From that conversation I found out PayPal would rather deal with any possible fallout/fraud to their customers after the fact than before it, Merely for the sake of online shopping convenience..

Such was er, is my case currently.

Two purchases were made on different days for different items late last year and I received a late notice from Bill Me Later just recently indicating I owed them well over $100.

I must have tossed the first one figuring it was just more spam mail knowing full well I’ve not had dealings with “Bill Me Later”..

Why more measures aren’t instituted by PayPal up front like requiring at least your registered PP email account and registered PP password as a prerequisite for any Bill Me Later purchase is flat out ludicrous.

This is merely a heads up folks! Sort of thing and one I don’t believe many if anyone actually knows about… so I felt to pass along my experience and the how and why of it all for all those who use PayPal.

What you do with your own Pay Pal account is your business of course and I’m not advocating by this post people rush out and delete their accounts… it’s simply a note on how easy it is to become a victim if you have a PP acct in good standing..

My acct with Pay pal spanned almost seven years with perhaps only a bump or two in the road to date. I must say too, Bill Me Later and it’s parent company Pay Pal have been very good so far in assisting me with over coming this episode, though it is yet to be concluded. I even took PPs advice on initiating a Fraud Alert at Equifax online, and following up with my local police department and am awaiting the affidavits I need to supply Trans Union, Equifax and Experion so the 90 day Fraud alert will turn into a 7 Year alert to any creditor if someone (or myself) attempts to change, or open an account in my name

What a hassle!.

I closed my PayPal account this morning as the result of my own circumstances with this most recent personal ‘encounter of the worst kind with I. D. theft. . I don’t wish to be put in harm’s way so easily, nor do I wish to endure the subsequent fallout from so easy a path to financial catasthrophy,or jepordize my credit rating. Not to mention all the log in, password, phone number changing, at all of my critical online financial spots, and just plain worry that accompanies I. D. theft. All of which I’ve now been forced to do.

I’d at least want them to work for it, not to get in by simply knowing my name and address, have a Hot mail or Yahoo acct. and take a shot in the dark if I have a Pay Pal acct in good standing! Which is more or less, exactly what happened.

For the pessimiss, or those still in doubt, you can call PP and ask for yourself what is required to get an approval for a Bill Me Later transaction by calling 1 866 972 9725 and speaking with Pay Pal directly.

Thanks for your time.
Good info Jim. I had no idea, and I've been using it forever. Paypal is super convenient, and I like to use it. It's something to think about. Thanks.

That is a real shame. Thanks for the heads up.

** I only keep $10.00 in the account to keep it open. I only fund my account when I am going to make a purchase. I also have it tied to moderate credit line card so that it can be funded immediately when needed but hardly ever happens in my case. The card is set up to notify me whenever a charge is initiated. Pretty foolproof. I seem to research things to death anyway and I am not seduced to make spontaneous purchases. Works for me. Eight years no problems.
You are welcome folks.

Perhaps some more clarification is in order.

As I previously stated, my acct with PP went on for 7 years. More or less no real big problems, though they did use a different accct to draw funds from once and it was not set as my primary, though they feel differrently and charged me a fee for not having enough funds in a non primary acct…. shhheeessshh. I gave up arguing with them over it.

This notice isn’t actually about PayPal. It’s about BILL ME LATER.

Bill me later is owned by PP now. PP is promoting it intensely and it is when BILL ME LATER is selected as a payment option that things can go south quickly if a crook figures it all out.


It only matters that you have one and it is/has been kept in good standing!!

PP is making the decision on whether or not to ALLOW a billing for payment action to be invoked. It’s really just based on your history with PP only.

PP looks no farther to make a decision on granting you this pay later option AND all that is needed then to verify things is for the criminal to have your name and address (likely your billing address).

A crook can go online.. find what she/he wants, see the BILL ME LATER logo, pick it for the payment choice and enter your name and address…. The crook may not even know at the time that you have a PP acct in good standing…. They might just be taking a shot in the dark there!


It don’t matter what your credit rating is… or how much you have of credit line with what ever supplies your PP acct. or if you even have it funded by your bank & verified!

PP is merely giving your some grace because you’ve been a good customer IN THE PAST.

I suspect the thieves in my case are either teen agers that pass by walking to and from the bus stop for school, or some nare do well’s up to no good routinely that live nearby and have access physically to my trash and mail box.

Of course in this instance, only looking in the phone book for my listed number and address would be enough… some Googling for the zip, and some clicking about online!

That’s why I found this so alarming!

I had $0.00 in my acct and a limited card funding the acct !

Take care and mention this to others… maybe…. Maybe if enough people call and complain about the ease with which someone can put you in harms way with the current verification policy BILL ME LATER & Paypal have in place, they might start requiring a tad more info… like your PP email or answering one of your secret questions, at least!

It astonishes me altogether why so little is required for a BML purchase option to be approved!!
Now that you have so fully outlined how one can perpetrate this crime; I hope no one that I have purchased from(via Paypal), on this site, is a crook.
Thanks for the heads up. You should also periodically check your delivery address on your paypal account. Their system has been breached more than once and all a crook has to do is to edit your account and put in a couple of phoney addresses next to yours, buy something, then go pick it up at the nearest post office that it goes back to when the mail person can't find the (fake address). I had to get my bank to retrieve close to 1700.00 back for me. Paypal swears they will go after the person, but... will not help you track the person down...due to privacy?! I think I'll open and close my account before and after sales and purchases from now on. Imagine that...a crook has the right to privacy. That's like telling someone with aids to be careful next time. Good luck to all.
Both PP,feebay, and another site we all now have gone down the tubes. Go back to receiving payment via Postal MO only. Anything worth selling or buying is worth waiting for. Cut out the middle man and be done with PP.
As a public service to us all I think everyone who has used Paypal on this site should contact Paypal like Bjim suggested and let them know this cavalier attiutde and ass-backwards system (BML) needs tighter controls. Remember the "sqeaky wheel gets the oil".

Lets try to give them some "Pushback" on this issue before someone else gets stung. I am sending mine today! Who is with me?

Hi! Rodman9999

If knowledge can create problems, it is not through ignorance that we can solve them. (Isaac Asimov)

Please, don’t kill the messenger

…..and thanks for finishing my illustration entirely with your comments. I had thought to leave that part out figuring it was easy enough to see… but that was indeed the impetus for this thread…

Public service… awareness.

ANYONE …. Past transaction partner … member of the family (either side) … someone dropping in on a poorly secured Wy Fy network … criminal… juvenile delinquent… thug with a little bro or sis that has immense PC abilities and is easily persuaded.. a neighbor… someone at your church… dumpster divers.

Online or off! Warm up dem ‘shredders’ folks! Use 15 character passwords or greater!

Sticking your head in the sand only makes your ass a better target.

This deplorable issue stems from avarice alone. Paypal’s decided choice for convenience over that of safety for their client base.

Exactly what is PayPal’s risk here? Maybe… just maybe a smudge on their reputations visibility, and it will all be forgotten in time.

Unless a change for the better security of their subscribers is implemented.

For PayPal, it’s a mere matter of numbers. For us it’s not JUST the money but the fall out thereafter once your I D has been compromised. Trust me it will definitely suck if you have to go change everything that you have logged online, & off, so you have less chance of becoming a victim.

“Paypal wants to make it easy to buy online” said the Paypal security agent, “filling in forms and so forth inhibits and sometimes intimidates some people from shopping”.

Looks like PayPal has succeeded in making online shopping very easy to me… whether it’s your own account or not.

As it is current Paypal policy enables BOTH client and criminal to conduct transactions with a pitiful lack of scrutiny, thereby, placing all of their members at risk…. Though only PayPal’s reputation is or could be possibly on the line…. Depending on how visible this current loophole in security is made known to the public.

RE: Opening and closing one’s Paypal account during and following a transaction seems like about the only way to lessen a chance for injury… if you enjoy taking somewhat briefer risks.

It makes me think of the Deer Hunter…. That’s like having only one bullet in a revolver and playing Russian roulette, right? That’s the game where the loser really loses.

It only takes one bullet… one time.

Here’s another approach I think is safer and better…. Inundate PayPal with phone calls and emails reproaching their current procedures for Bill Me Later’s usage and/or attachment to one's PP acct.... Unsubscribe. Be a squeaky wheel. In fact I’m unsure if anything will make PayPal alter it’s course, but who knows, maybe the right person will answer the phone or read the email….. Eventually.

Or call a radio station... newspaper... magazine... Someone say Magazine? Online Magazine? Blogs & forums on other web sites?

Any responsible readers with a dash of public service and integrity ought to: do.

1. Investigate this concern for themselves PP Ph # - 1866 972 9725 or email them.

2. Take quick, noteable, obvious steps to safeguard themselves by what ever means or choices.


"All that is necessary for the triumph of evil is that good men do nothing." (Edmund Burke)
I've called a friend already and I'm calling Bill Me Later and paypal and ebay to cancell my account. Maybe people that know each other should use the ripoff trick (then of cource refund the friends money) to let paypal know we don't need to be billed later. I pay NOW or I don't buy. Thanks again for the heads up.
What happens if you do not sign up for bill me later and do not take that $10 they give you for signing up.
It's up to you to get your money back for fraud after the fact. Paypal gets theirs first. Check out Why should we be at risk when they should have insurance to cover their losses? Who regulates them? NOBODY.

PayPal has been quite helpful… to some extent so has BML, though the latter entity shows scant little concern on the customer service level. Their security people merely take notes and bounce you on over to PP. Paypal has the final word.

I don’t even think I’ve been billed – debited by Paypal via my primary account I had listed there prior to folding up my tent with them and moving on.

PP did send along a thinly veiled regret email full of patting themselves on the back for their security measures and safeguards for their customers worldwide… but scant little was said to me directly about their regret this incident of fraud has caused me Nationwide and on the web.

Doubtless too, with as big an enterprise as is Paypal, there’ll be a good many people with poor experiences attached to PP.

However, this particular note is about a loophole one can drive an aircraft carrier through. One that should be amended and as such, if steps are taken to eliminate the ease with which one can pierce another’s account, it would be a win win for all.

Paypal could pat themselves on the back for making changes to close said porthole.

Regretfully, I feel it quite doubtful they will however. It puts one into a corner of course, prompting the necessity for sound judgement and closing one’s Paypal account if they feel any worry for themselves at all…. And they should after reading this and calling Paypal or doing as was said above…. Try to Hack yourself or have a friend” hack you thru the Paypal payment option called ‘Bill Me Later’!

Then I guess just keep posting online where ever till something gets done about this ridiculous condition.

Bill U Later sports fans…
If you think about it, you could easily scam PayPal by using a secondary ID and having them send you funds from your depleted primary account. Then, just close the primary account and cash the check that PP sent you.

It would serve them right if someone took them for some BIG bucks...