PayPal Community

Only1KW · ‎Nov-01-2021

Recently when logging in, Paypal has started offering me the option of logging in with a one-time SMS code to my phone rather than a password. This seems incredibly insecure to me and I'd prefer not to have it on my account. I cannot find any way to disable this when I check my account settings. I've spoken with half a dozen agents at this point about this, and half have told me it can't be disabled and half told me they'd send me instructions on how to disabled it, but either the instructions never arrived or were not relevant. How do I go about disabling this feature on my account?

WuJJ · ‎Nov-25-2021

Yes, suddenly downgrading the security of login while saying it's for "protection of customer" is ridiculous. Honestly the fact this even managed to get released at first place is a lot to worry about what's going on inside Paypal and its product priorities. It used to be a great payment service so I can hide my credit card numbers. Now it's a service if my phone number is lost or hijacked, we are handing all cards to some random guy. Phone number is also very ugly to deal with for people like me that routinely travel across borders. I guess I will try to switch away as much as I could.

rosenkoetter · ‎Dec-13-2021

I agree: providing direct login access strictly through a phone number (which have repeatedly been ported to a new, different account by social engineering) tied to a SIM card (which are easily spoofed and stolen) is a really bad security choice. Same goes for using them as part of two-factor authentication.

@Only1KW: one option to reduce the risk surface here is to only tell Paypal about a phone number associated with a VoIP account (many people use Google Voice for this, others are available). That doesn't rule out the "pretend to be you, port your number to a new service" attack, but it does avoid the SIM spoofing attack.

rosenkoetter · ‎Dec-13-2021

Some context on port-out scams and how easy SIM cloning is:

https://www.fcc.gov/consumers/guides/cell-phone-fraud

https://drfone.wondershare.com/phone-clone/clone-sim-card.html

https://www.mobiledit.com/sim-cloning

andorxor · ‎Dec-19-2021

Is there any comment from Paypal on this?

This is a ridiculous feature to have permanently enabled for everyone. Most people (myself included) display SMS snippets with their phones locked.

If someone stole my phone they could easily read the code from the notifications.

Is Paypal going to hold me liable for fraudulent transactions because of this, because of a feature I don't want and can't disable?

Ianrm57 · ‎Feb-22-2022

I spent time with PayPal with chat and they also eventually called me. She told me that that option doesn’t come from PayPal and that eBay adds it sometimes. Think she was **bleep** me, asked her why PayPal would let eBay do something that bypassed PayPal’s security, she stuck to her story.

Ianrm57 · ‎Jul-11-2022

I got the same line of **bleep** a while back, after calling them

Ianrm57 · ‎Jul-11-2022

I rang PayPal about this and the person claimed it was eBay that was doing this and not PayPal, which is **bleep**, eBay denied it of cause. Funny that I’m not offered one time passcode to log in here.

Only1KW · ‎Jul-11-2022

@Ianrm57 wrote:
I rang PayPal about this and the person claimed it was eBay that was doing this and not PayPal, which is **bleep**, eBay denied it of cause. Funny that I’m not offered one time passcode to log in here.

Me: I'm concerned about Paypal's decision to not require a password anymore.

Paypal: It's actually not us doing that. See, we give control of how secure your Paypal account access is to the clients embedding our payment system into their websites.

Me: Oh that's much more comforting.

C3V · ‎Feb-21-2022

Been getting the same thing. Very much agree with all comments above! Seems too “easy”. There is literally more information required and better security to log into this “help forum“ than there is to access my account to spend money.

Ianrm57 · ‎Feb-22-2022

Has anyone got the same thing anywhere other than eBay?

PayPal Community

How do I disable one-time codes

Haven't Found your Answer?