Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

j_a_s
Contributor
Contributor
Posted on
‎Aug-26-2020 01:36 PM

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks. 

Login to Me Too
Login to Reply or Kudo
132 REPLIES 132

Marty_
New Community Member
‎Jun-07-2024 09:16 PM

I find it hard to believe this is STILL an issue... I have to login back in every time I purchase something to turn off auto-login, without EVER being given the option of whether I want it turned on in the first place (which I DON'T!) 
Seriously PayPal, get your **bleeping** together.

Login to Me Too
Login to Reply or Kudo

akeys214
Member
Member
‎Jul-07-2024 07:37 PM
I just recently experienced fraudulent use of my PP and this flaw is what enabled me to catch the fraud event very quickly. I woke up to the "we recognize your device" email only I wasn't the one who triggered it. I also got the merchant's order confirmation of the purchase that was made using my PP. After panicking, making lots of calls, removing logged in devices and changing settings I realized this whole auto login deal wasn't working correctly. It keeps adding my current device back to the list. I really do hope this issue gets resolved because it does put everyone at risk. The fact that this random person was able to access my account from their device and was immediately allowed to bypass login when purchasing through a merchant that I'd never had an account with.... It's anxiety inducing.
Login to Me Too
Login to Reply or Kudo

Vicki4711
Contributor
Contributor
‎Aug-28-2024 04:29 PM

Same problem, only a bit weirder, i suddenly got a flow of emails re being auto logged in with Chrome Tablet. Logged into my paypal account and there was dozens of auto login showing for 'Chrome Tablet'. I removed them, turned them off. But on logging out of paypal, got email again, had to log back in and turn it off again. This was yesterday, it is still recurring today. This is definately a technical issue, but there is nowhere to report it. And i don't have time to spend hours on the phone. Which, from other comments here on the forum re this issue, would probably be a waste of time.

Anyone have any ideas on joint action or a solution?

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.