Contacts
1207 Delaware Avenue, Suite 1228 Wilmington, DE 19806
Let's discuss your project
Close
Business Address:

1207 Delaware Avenue, Suite 1228 Wilmington, DE 19806 United States

4048 Rue Jean-Talon O, Montréal, QC H4P 1V5, Canada

622 Atlantic Avenue, Geneva, Switzerland

456 Avenue, Boulevard de l’unité, Douala, Cameroon

contact@axis-intelligence.com

Business Address: 1207 Delaware Avenue, Suite 1228 Wilmington, DE 19806
Let's discuss your project
Let's discuss your project

Is PayPal Safe in 2026? An Honest Security & Privacy Assessment

Is PayPal Safe in 2026? Security, Privacy & Scam Risk Review
March 9, 2026
Cybersecurity

Is PayPal Safe 2026?

Quick Verdict: PayPal is generally safe for everyday payments and online shopping, backed by end-to-end encryption, robust buyer protection, and 256-bit SSL security across every transaction. That said, the platform has a documented history of security incidents — most notably a 2022 credential stuffing breach affecting 35,000 accounts that resulted in a $2 million regulatory fine in 2025 — and remains one of the most impersonated brands by phishing scammers. For routine purchases and peer-to-peer transfers made with caution, PayPal is a trustworthy choice. Users who reuse passwords, ignore two-factor authentication, or routinely use the Friends & Family payment option for commercial purchases face meaningfully elevated risk.

Safety Rating: 7.5/10 Main Risk: Phishing attacks and credential-based account takeovers — PayPal was the third-most impersonated brand by scammers according to the 2024 FTC Data Spotlight on payment app fraud Our Advice: Enable two-factor authentication immediately, use a unique password, and only send payments via “Goods & Services” when buying from strangers

Last verified: March 2026

PayPal Safety Scorecard

CategoryRatingDetails
Data Privacy⚠️ ModerateCollects extensive behavioral and financial data; shares with advertising partners and third-party service providers
Payment Security✅ Strong256-bit SSL encryption, tokenization, and Purchase Protection on eligible transactions
Scam Risk⚠️ ElevatedThird-most impersonated brand in 2024 (FTC); phishing, invoice scams, and overpayment fraud are widespread
Account Security✅ Good2FA available (SMS and authenticator app); real-time fraud monitoring; one-time security keys
Customer Support⚠️ MixedMultiple contact channels available but account freeze complaints are persistent on Reddit and Trustpilot
Legal & Regulatory⚠️ CautionPaid a $2M fine to New York DFS in January 2025; faces ongoing class-action lawsuits stemming from the 2022 breach
Overall7.5/10Solid technical security with real-world scam exposure that demands user vigilance

What Is PayPal?

PayPal is a US-based digital payments platform that allows individuals and businesses to send money, make purchases, and receive payments online without exposing their bank account or card details directly to merchants. Founded in 1998 and headquartered in San Jose, California, it is today the world’s dominant online payment processor.

As of Q4 2025, PayPal operates approximately 431 million active accounts across more than 200 countries and processes over 100+ currencies. The platform generated $30.4 billion in net revenue in 2025 and processed $1.53 trillion in total payment volume. It holds roughly a 45% share of the global online payment processing market — more than Stripe (17%) and Shopify Pay combined. PayPal also owns Venmo, Braintree, Xoom, and Honey.

For consumers, PayPal works as a digital wallet linked to a bank account, debit card, or credit card. For merchants, it functions as both a checkout tool and a payment processor, used by approximately 78% of the top 1,500 online retailers in the US.

Is PayPal Safe? The Full Analysis

Data Privacy: What PayPal Collects — and What It Does With It

PayPal’s data collection practices are extensive — and largely standard for a fintech company of its scale, though they merit careful reading.

When you create an account, PayPal collects your name, address, date of birth, Social Security number (if you exceed certain transaction thresholds), tax identification information, and linked financial account details. During transactions, PayPal logs device identifiers, IP addresses, browser type, geographic location, and behavioral patterns, including how you navigate the platform and what you purchase.

What happens to that data matters more than what’s collected. PayPal’s privacy policy (verified March 2026) explicitly states that it shares user data with:

  • Affiliated companies (Venmo, Braintree, Xoom, Honey)
  • Service providers processing payments, fraud detection, customer support, and marketing
  • Financial institutions for transaction completion
  • Advertising partners for targeted ad delivery

Unlike some competitors, PayPal does not sell personal data outright, but it does license behavioral and transaction data for targeted advertising — a distinction that matters legally but may feel academic to privacy-conscious users. Under CCPA (California) and GDPR (EU), users have rights to request data access, deletion, and opt-out of certain sharing. PayPal provides a data privacy dashboard for this purpose via its official Privacy Policy and data rights portal.

Comparison note: Unlike Apple Pay — which processes transactions with minimal data retention and does not use purchase data for advertising — PayPal monetizes behavioral insights as part of its business model. Zelle, operated through banks, is subject to tighter banking privacy regulations but offers no Purchase Protection in exchange.

Privacy verdict: ⚠️ Moderate. PayPal’s data practices are transparent and legal, but they go well beyond what’s strictly necessary to process a payment. Users who prioritize data minimization should consider this carefully.

Payment Security: Is Your Money Safe on PayPal?

This is where PayPal earns its strongest marks. The platform employs several layers of technical security that make financial fraud during a properly executed transaction genuinely difficult.

Encryption and infrastructure: Every PayPal transaction is protected by 256-bit SSL/TLS encryption. Payment details are stored in a tokenized format, meaning that merchants and third parties never receive your actual card or bank account numbers — only a substitute token. PayPal also maintains a dedicated security operations center with real-time fraud monitoring.

Purchase Protection: PayPal’s buyer protection program covers eligible purchases if an item doesn’t arrive or is significantly different from described. Buyers must file a dispute within 180 days of the transaction. This protection applies to payments made as “Goods & Services” only — not to Friends & Family transfers, which are explicitly excluded. This distinction is critical and frequently exploited by scammers who ask buyers to use Friends & Family to “avoid fees.”

Compared to alternatives:

  • Zelle: Transactions are near-instant and largely irreversible. Zelle offers no purchase protection, making it significantly riskier for online shopping. A 2023 FTC report found Zelle mentioned in 20% of payment-app fraud reports vs. PayPal’s 28% — but PayPal’s larger user base accounts for much of that gap.
  • Credit cards: Generally offer superior fraud protection and more flexible chargebacks under the Fair Credit Billing Act (FCBA). Using PayPal funded by a credit card combines PayPal’s purchase protection with your card issuer’s chargeback rights, creating a double layer of protection.
  • Cash App: Offers no purchase protection on transactions. Higher risk for commercial transactions.

FDIC insurance note: PayPal balances held in your PayPal account are not directly FDIC-insured as of March 2026, though PayPal holds funds in FDIC-insured partner banks. This differs from holding money directly in a bank account. PayPal has been working toward potential bank charter status but has not obtained one.

Payment security verdict: ✅ Strong. For standard purchases using “Goods & Services,” PayPal’s technical protections are robust and its buyer protection policy is superior to most peer alternatives.

Is PayPal Safe? The Full Analysis

Scam Risk: The Biggest Threat to PayPal Users in 2026

PayPal’s payment infrastructure is secure. The humans using it are the vulnerability.

The 2024 FTC Data Spotlight identified PayPal as the third-most impersonated brand by scammers, cited in 28% of payment app fraud reports. Cybersecurity firm ESET reported detecting over 4,000 attempts to exploit PayPal in the first half of 2025 alone, per its mid-2025 threat telemetry analysis. These numbers don’t mean PayPal is broken — they mean PayPal’s scale and reputation make it an irresistible target. Here are the scams you are most likely to encounter:

1. Phishing emails impersonating PayPal Fraudsters send near-perfect replicas of official PayPal emails, typically warning of account suspension, unauthorized access, or a payment needing confirmation. The email contains a link to a spoofed paypal.com page that captures your credentials. Red flags: sender address is not from @paypal.com, urgent language, grammar errors, links that don’t resolve to paypal.com when you hover.

2. Fake invoice scams Scammers use PayPal’s own invoicing system to send real PayPal invoices for items you never ordered — then include a phone number to “dispute” the charge. Calling the number connects you to fraudsters who extract your card details or trick you into transferring funds. These bypass spam filters because the email comes from a legitimate PayPal server.

3. Friends & Family abuse A seller on Facebook Marketplace, Craigslist, or eBay asks you to pay via “Friends & Family” to avoid fees. If the transaction goes wrong, you have zero purchase protection and no recourse through PayPal’s dispute system.

4. Overpayment scams targeting sellers A buyer “accidentally” sends you more than the agreed price and asks you to refund the difference by wire or gift card. The original payment is later reversed (often funded with a stolen account), leaving you out both the item and the “refund.”

5. Callback phishing / vishing You receive an email or text claiming suspicious activity on your account, with a phone number to call. The “PayPal representative” uses social engineering to get you to share your one-time verification code, then uses it to access your account in real time.

6. Smishing (SMS phishing) Text messages appearing to come from PayPal’s legitimate number warn of fraudulent activity. The embedded link goes to a fake login page. PayPal’s own documentation notes that it does send texts for 2FA — so unsolicited security alerts via text are a specific red flag.

Scam risk verdict: ⚠️ Elevated. PayPal’s systems are not the problem — but the volume of impersonation attacks is high enough that every PayPal user should treat unsolicited emails, texts, and calls claiming to be PayPal as suspect by default.

Account Security: How Well Does PayPal Protect Your Account?

PayPal offers meaningful account-level protections, though its 2022 security incident revealed a gap between technical controls and implementation.

Two-factor authentication (2FA): PayPal supports 2FA via SMS and authenticator apps (such as Google Authenticator or Authy). To enable it: log in → Settings → Security → Two-Step Verification → Set Up. Using an authenticator app is strongly preferable to SMS, since SIM-swapping attacks can compromise SMS-based 2FA.

Security keys: PayPal supports hardware security keys for an additional authentication layer — one of the more enterprise-grade options available to consumers.

Fraud monitoring: PayPal uses machine learning to flag unusual transaction patterns in real time and may temporarily hold or review suspicious activity.

The 2022 credential stuffing breach: In December 2022, attackers used credential stuffing — automatically testing email/password combinations stolen from other sites — to access approximately 34,942 PayPal accounts over a 48-hour period. Exposed data included full names, dates of birth, postal addresses, Social Security numbers, and individual tax identification numbers. PayPal did not detect the attack immediately and did not notify affected users until January 2023 — a six-week delay. A contributing factor was a botched system change: teams implementing updates to IRS Form 1099-K distribution had not been properly trained on PayPal’s development procedures, inadvertently creating exploitable gaps.

Regulatory consequence: In January 2025, the New York State Department of Financial Services (NYDFS) ordered PayPal to pay a $2 million civil penalty for cybersecurity regulation violations tied to this incident. The fine, detailed in the official NYDFS consent order, specifically cited failures to employ qualified cybersecurity personnel and to adequately train staff.

August 2025 dark web incident: A threat actor posted what was described as “Global PayPal Credential Dump 2025” — approximately 15.8 million email/password combinations — on a dark web forum. PayPal disputed that this represented a new breach, stating the data appeared to stem from the 2022 incident or infostealer malware that harvested credentials from users’ own devices, not from PayPal’s systems. Security researchers largely supported PayPal’s characterization, noting the data structure was consistent with infostealer logs. Regardless of origin, the incident underscores that PayPal credentials are actively circulating on criminal marketplaces.

Account recovery: PayPal offers standard account recovery via linked email, phone verification, and identity confirmation. Recovery can be slow if your linked email or phone is also compromised — making it critical to secure those independently.

Compared to alternatives:

  • Venmo (PayPal subsidiary): Offers 2FA but has historically had weaker default privacy settings for transaction feeds.
  • Apple Pay: Relies on device biometrics and Apple ID security; no equivalent large-scale credential breach in its history.
  • Cash App: 2FA available but has faced higher rates of user-reported account takeovers.

Account security verdict: ✅ Good — with an important caveat. PayPal’s technical controls are solid, but the 2022 breach demonstrated that operational security failures can undermine them. Users who enable 2FA and use unique passwords face substantially lower risk.

Customer Support: Can You Actually Get Help When Something Goes Wrong?

PayPal offers support through multiple channels: phone (1-888-221-1161), live chat, email, and a community help forum. The Resolution Center within your account is the primary tool for disputing transactions.

In practice, user experiences vary significantly. Positive reviews on Trustpilot tend to focus on routine purchases resolved through the dispute center without needing direct contact. Critical reviews — which are disproportionately represented on Reddit, the BBB, and Trustpilot — frequently cite:

  • Unexplained account limitations and freezes, sometimes lasting weeks, with funds held while “under review.” PayPal’s User Agreement (Section 10) grants it the right to hold funds for up to 180 days in certain circumstances — a provision that surprises many users when it applies to them.
  • Automated responses that do not meaningfully address specific situations.
  • Difficulty reaching human agents for complex disputes.

PayPal’s Better Business Bureau profile (verified March 2026) shows a pattern of complaints centered on account access issues and transaction disputes, though PayPal does engage with and resolve many posted complaints.

For transactions going smoothly: The dispute resolution system is effective. PayPal’s Purchase Protection claim process is clear, and eligible claims are generally resolved within 10–30 days.

For account restrictions: This is where PayPal’s support experience is weakest, and where user frustration is most acute. Unlike a traditional bank with regulatory obligation timelines, PayPal has broader discretion over account limitations.

Customer support verdict: ⚠️ Mixed. Excellent for standard purchase disputes; frustrating for account restriction issues. Know this before you rely on PayPal as a primary business payment method.

Legal & Regulatory: Where Does PayPal Stand?

PayPal is incorporated in Delaware and headquartered in San Jose, California. It is regulated as a money services business (MSB) by FinCEN and holds money transmitter licenses in all required US states. Internationally, it operates under European Central Bank oversight in Luxembourg as its EU banking entity and complies with GDPR for European users and CCPA for California residents.

Key regulatory incidents:

  • January 2025 — $2 million NYDFS penalty: New York’s Department of Financial Services fined PayPal for cybersecurity failures enabling the December 2022 credential stuffing breach. The DFS cited specific failures: inadequate training for teams implementing system changes, and failure to follow proper procedures before those changes went live.
  • March 2023 — Class action lawsuit: Two California customers filed suit in the Northern District of California, alleging PayPal’s data security practices were “inadequate” and violated multiple state consumer protection laws and NIST Cybersecurity Framework standards. The litigation remains ongoing as of this writing.
  • 2022–2023 breach notifications: PayPal notified approximately 35,000 affected users in January 2023 and provided two years of free Equifax credit monitoring services to those impacted.

GDPR and CCPA compliance: PayPal maintains a dedicated privacy portal for data subject requests. European and California users can request data access, deletion, and opt-out of certain data sharing through the Privacy Settings section of their accounts.

Legal & Regulatory verdict: ⚠️ Caution. PayPal is operating legally and has addressed known regulatory gaps. However, the 2025 fine and ongoing litigation mean its compliance track record carries a yellow flag — particularly for business users in New York or EU markets who face tighter oversight expectations.

Red Flags When Using PayPal

Is PayPal Legit in 2026? Scam Risk Review
Is PayPal Safe in 2026? An Honest Security & Privacy Assessment 2

The following warning signs should prompt you to stop, verify independently, and avoid acting on urgency:

1. Any email or text claiming your account is suspended, limited, or at risk — with a link to “fix” it PayPal will never ask you to provide your password, full card number, or Social Security number via email. If you see an urgent security message, close the email and log in directly at paypal.com (type it manually). Do not click any links. PayPal’s own documentation states that any legitimate action needed on your account will be visible in your Resolution Center after logging in.

2. A buyer or seller asking you to use “Friends & Family” for a commercial transaction This is the single most common method scammers use to neutralize PayPal’s buyer protection. The reason someone insists on Friends & Family for a purchase is almost always that they know the transaction would fail a legitimate dispute. If you’ve never met the person and you’re buying a product or service, use “Goods & Services” only — without exception.

3. An unexpected PayPal invoice from an unknown sender, especially with a phone number to call Scammers have learned to exploit PayPal’s own invoicing system. A PayPal invoice landing in your inbox is not proof that anything is legitimate. Check your account directly to verify whether any payment is actually pending. Never call phone numbers listed in unexpected invoices.

4. A buyer who “overpays” and asks you to refund the difference This overpayment script is a classic fraud technique. The original payment will eventually reverse (often because it was funded with a stolen account), but your refund will not. No legitimate buyer accidentally overpays and then immediately asks for a wire transfer or gift card in return.

5. Requests to send PayPal payments to a “PayPal representative” to verify or unlock your account PayPal will never ask you to send money to confirm your identity or resolve an account issue. This is exclusively a social engineering script used to steal funds.

How to Use PayPal Safely: 8 Actionable Tips

1. Enable two-factor authentication right now Go to Settings (gear icon) → Security → Two-Step Verification → Set Up. Choose an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator) rather than SMS. This single step makes a credential-based account takeover substantially harder because attackers need both your password and physical access to your device.

2. Use a unique, strong password — and a password manager The 2022 PayPal breach worked specifically because victims had reused passwords from other breached sites. A password unique to PayPal cannot be used against you even if another service you use is compromised. Use a password manager (Bitwarden, 1Password, or Dashlane) to generate and store a random 20+ character password you never need to type.

3. Always pay as “Goods & Services” for commercial transactions Navigate to Send & Request → Send Money, enter the recipient, and verify the “Goods & Services” tag is shown before confirming. This activates Purchase Protection and gives you a dispute path if the transaction goes wrong.

4. Verify PayPal emails by logging in directly, never by clicking When you receive any PayPal email — payment confirmation, security alert, or account update — open a browser tab, type paypal.com manually, and check your account. Every legitimate PayPal communication that requires action will be reflected in your Resolution Center or notifications panel within your account.

5. Monitor linked financial accounts regularly Set up transaction notifications on your linked bank or credit card so you’re alerted immediately to any PayPal-initiated charge. Catching unauthorized activity early is critical — PayPal’s dispute window is 180 days, but early reporting makes resolution faster and more likely to succeed.

6. Don’t keep large balances sitting in your PayPal wallet PayPal wallet balances are not directly FDIC-insured in the same way a bank account is. Funds held in PayPal are also vulnerable to account freezes, which can hold your money for up to 180 days under certain circumstances. Transfer received funds to your bank account promptly, especially if you’re using PayPal for business.

7. Use a credit card (not debit or bank transfer) as your PayPal funding source If a transaction goes wrong and PayPal’s Purchase Protection doesn’t cover your specific situation, a credit card gives you an independent chargeback path under the Fair Credit Billing Act. Debit card and bank transfer disputes are more limited and slower.

8. Report suspicious emails immediately to phishing@paypal.com Forward any suspicious PayPal email to phishing@paypal.com before deleting it — PayPal’s security team uses these reports to identify active campaigns. For financial fraud that has already occurred, also file a complaint with the FTC at reportfraud.ftc.gov. After forwarding the email to PayPal, delete it from your inbox to eliminate the risk of accidentally clicking it later.

Safer Alternatives to PayPal

If PayPal’s privacy data-sharing practices, history of account freezes, or scam exposure are deal-breakers for your specific use case, consider these alternatives:

  • Apple Pay / Google Pay — for contactless and in-app payments: Both are significantly more privacy-respecting than PayPal — Apple Pay in particular processes transactions with minimal data retention and does not use purchase behavior for advertising. Neither offers PayPal-equivalent Purchase Protection for online marketplace transactions, but both are harder to phish since they rely on device biometrics rather than email/password credentials.
  • Venmo — for peer-to-peer transfers with people you know: Venmo (owned by PayPal) is better suited for splitting restaurant tabs and sharing rent with roommates. It is not appropriate for buying from strangers; it offers no purchase protection on standard transfers. If you’re already in the PayPal ecosystem, Venmo can replace the Friends & Family function for trusted contacts.
  • Stripe or Square — for small business payment processing: If you’re a seller frustrated with PayPal’s account freeze policies or fee structure, Stripe and Square both offer more predictable merchant terms and fewer reports of unexplained holds. Neither includes a consumer wallet equivalent to PayPal’s buyer protection, but merchant-facing controls are stronger.
  • Your credit card directly — for online purchases: For shopping with established retailers, bypassing third-party wallets entirely and using a credit card offers excellent fraud protection through your card issuer’s chargeback rights under FCBA. The tradeoff is that you share card details with more merchants.

For a full comparison of digital payment security across platforms, see our [Best Digital Payment Apps 2026] guide.

Frequently Asked Questions: Is PayPal Safe?

Is PayPal safe to use in 2026?

Yes, with caveats. PayPal is a technically secure platform that uses 256-bit SSL encryption, tokenization, and real-time fraud monitoring to protect financial transactions. For the vast majority of users who enable two-factor authentication, use unique passwords, and stick to “Goods & Services” payments for commercial transactions, PayPal is a reliable and safe payment method. The platform’s biggest safety risks come not from its infrastructure but from the high volume of phishing attacks, fake invoices, and social engineering scams that exploit its brand recognition — risks that require user awareness rather than technical defenses alone.

Is PayPal legit or a scam?

PayPal itself is a fully legitimate company, publicly traded (NASDAQ: PYPL), regulated as a money services business by FinCEN, and the world’s largest online payment processor with approximately 431 million active accounts as of Q4 2025. The confusion arises because scammers heavily impersonate PayPal — the 2024 FTC Data Spotlight ranked PayPal the third-most impersonated brand in payment app fraud. The company is real; the emails or calls “from PayPal” you didn’t initiate very likely are not.

Does PayPal sell your data?

No, PayPal does not sell personal data in the traditional sense. However, its privacy policy (verified March 2026) does permit sharing behavioral and transaction data with advertising partners for targeted advertising purposes, as well as with a broad range of affiliated companies and service providers. Under CCPA, California residents can opt out of this sharing via PayPal’s Privacy Settings. EU users have equivalent rights under GDPR. PayPal is meaningfully less privacy-respecting than Apple Pay, which retains minimal purchase data, but it is broadly comparable to other large fintech platforms like Google Pay.

Has PayPal ever been hacked?

PayPal has experienced security incidents, though its core systems have not been directly breached. Most notably, in December 2022, attackers used a credential stuffing technique to access approximately 34,942 user accounts, exposing names, addresses, Social Security numbers, dates of birth, and tax identification numbers. PayPal was fined $2 million by the New York Department of Financial Services in January 2025 for cybersecurity failures that contributed to the incident. In August 2025, a threat actor claimed to be selling 15.8 million PayPal credentials on a dark web forum; PayPal denied this constituted a new breach, and security researchers largely attributed the data to infostealer malware operating on users’ own devices rather than a PayPal system compromise.

Can you get scammed on PayPal?

Yes — and it happens frequently. ESET reported over 4,000 attempted attacks targeting PayPal users in just the first half of 2025. The most common scams include phishing emails impersonating PayPal, fake invoice attacks using PayPal’s own invoicing system, overpayment fraud targeting sellers, and “Friends & Family” abuse that strips buyers of purchase protection. The fundamental issue is that PayPal’s scam problem is largely an ecosystem problem, not a technical one — criminals exploit the platform’s reputation and user trust, not its encryption. Following the safety tips in this guide — particularly enabling 2FA and never paying as Friends & Family for commercial purchases — significantly reduces your exposure.

Is PayPal safe for kids and teens?

PayPal’s minimum age requirement is 18 for a standard account (or 13+ for a monitored teen account under a parent’s Business account, depending on the product). For teens, PayPal offers a supervised experience with parental controls through certain account types. That said, PayPal’s exposure to phishing scams, social engineering, and online marketplace fraud makes it unsuitable for unsupervised use by minors who may not recognize red flags. If a teen needs to send money to friends, a bank-supervised option or a monitored peer-to-peer service is preferable. Children under the platform’s age minimums should not have accounts, and PayPal’s terms prohibit their use.

Should I give PayPal my credit card or bank account?

Linking a credit card is the safer option of the two. If your PayPal account is compromised or a fraudulent charge occurs, a credit card gives you an independent chargeback path under the Fair Credit Billing Act (FCBA), separate from PayPal’s own dispute process. Credit cards also carry stronger zero-liability fraud protections than most debit cards or direct bank transfers. Linking a bank account creates direct ACH access to your funds — generally secure within PayPal’s system, but riskier if your account is compromised, since bank transfer disputes are slower and less guaranteed than credit card chargebacks.

Is PayPal safe to use with a VPN?

Generally yes, though with a practical consideration: PayPal’s fraud detection system monitors IP addresses and may flag logins from unfamiliar locations or IP ranges associated with VPN services, triggering temporary security holds or requiring additional identity verification. If you routinely use a VPN and encounter account verification prompts, this is likely the reason. Using a VPN does not violate PayPal’s terms of service, but logging in from the same geographic location you normally use (or whitelisting your VPN IP if your provider supports it) reduces friction. A VPN can add a layer of privacy on public Wi-Fi networks, where unencrypted traffic could otherwise be intercepted.

What happens if you get scammed on PayPal?

Your options depend on how you paid. If you paid using “Goods & Services,” file a dispute immediately through your PayPal account: go to Activity → select the transaction → click “Report a Problem” → follow the Resolution Center prompts. PayPal’s Purchase Protection covers eligible items that don’t arrive or are significantly not as described; claims must be filed within 180 days. If you paid using “Friends & Family,” PayPal’s Purchase Protection does not apply and your recovery options are very limited. In either case, also contact your linked bank or card issuer — if a credit card was used, initiate a chargeback request in parallel. For significant fraud, file a complaint with the FTC at reportfraud.ftc.gov and your state attorney general’s office.

Is PayPal legal in the United States?

Yes. PayPal Holdings, Inc. is a publicly traded US company (NASDAQ: PYPL), headquartered in San Jose, California. It is licensed as a money services business by the Financial Crimes Enforcement Network (FinCEN) and holds money transmitter licenses in all required US states. It is subject to federal oversight by FinCEN and, as demonstrated by the 2025 NYDFS fine, to state-level financial regulation. There are no restrictions on using PayPal in the United States for lawful transactions.

The Bottom Line: Is PayPal Safe?

PayPal is a safe and legitimate payment platform for everyday use — provided you take two minutes to set it up correctly and maintain basic scam awareness.

Its 256-bit encryption, tokenization, and Purchase Protection program give it a genuine edge over cash-equivalent alternatives like Zelle and Venmo for commercial transactions. The 2022 breach and the resulting 2025 regulatory fine are real marks against its record, as is its standing as one of the most impersonated brands in online fraud. But those facts reflect the realities of operating at 431 million users, not systemic dysfunction.

Use PayPal if: You’re shopping online at sites that don’t support major credit cards, sending money to people you know, or looking for stronger purchase protection than Venmo or Zelle offer.

Avoid PayPal if: You’re sending large amounts to someone you’ve never met (use escrow), you need maximum privacy and data minimization (use Apple Pay), or you’re building a primary business payment system and want more predictable account stability than PayPal’s merchant terms provide.

Protect yourself by:

  • Enabling two-factor authentication via an authenticator app (not SMS)
  • Using a unique password stored in a password manager
  • Always paying as “Goods & Services” — never Friends & Family — for commercial purchases

Our Safety Rating: 7.5/10