PayPal Community

This is a little unclear.    Were these transactions initiated through Venmo or through PayPal? Were your Venmo and PayPal accounts linked?  How is it these charges were taken from your account in the first place, Did you have 2FA enabled?  If not, Why not?  They are free forms of security and an added layer of insurance against these charges.  PayPal also sends out an email for every charge they process, how is it these were missed as well?  There seems to be a lot of missing information here.

3+ years is a long time to leave your finances unchecked.  I don't see anywhere where you contacted PayPal support or initiated a disputed payment with PayPal.  PayPal states that there is a 180 day window in which disputes can be initiated on a fraudulent transaction.  That is about half a year.  So based on those stats, only charges in the last 6 months are able to be disputed. 

It isn't the fault of PayPal or Venmo that your finances went unchecked for over 3 years.  Based on what you have posted, I would be contacting a Lawyer, revamping your personal security, changing passwords, enabling 2FA.  From everything you posted above, this seems more a Venmo thing than a PayPal thing.  Is there a way to link your Venmo account with PayPal? 

**(Do not put the 2FA apps [email, Authenticator and SMS on the same device as that just defeats the purpose])**

Never share your PayPal/Venmo password with anyone.  This includes besties, wives, husbands, girl/boyfriends, or your cousins twice removed.  Relationships change and someone who is a bestie today can be your nemesis tomorrow.

Here are some of my personal security guidelines:

Get a burner email account that you use to register for garbage sites that you don't care about.  They can then spam the heck out of that account and you wont care because other than the original registration email, it never gets checked.

Only use your main mail account for websites you KNOW to be secure. (social media sites are NOT in this category).  If you insist on a social media site, get another email address for that.

Never save your email login password on your phone.  Never put your main email address on your phone in ANY form.  You can still use it, but never save the settings or login information.

Never put banking/financial information on your phone, and if you do NEVER EVER EVER save your password to those apps/sites.  My banking apps are only on my home desktop.  I still use the website on the phone if I have to, but the password/login information is never saved. 

Never use banking apps/websites on a public WiFi.  I can not begin to tell you how dangerous this is to your financial security. If you must, then USE a VPN at least.  If you don't it's akin to playing Russian roulette with all chambers loaded.

When authenticating for banks/financial apps/websites, keep all forms of authenticators on separate devices.  By this I mean All mobile devices (Laptops, Ipads, smart phones etc)  Any devices that can leave your house.  Personally, I keep them one per device.  Sms goes to main phone, authenticator is on an old phone and email is on my desktop.  That way anyone who wants to hack/steal my information MUST have access to all three devices.

When registering for ANY non essential site ( forums, social Media sites, etc) use an email that contains NO personal information.  Do not put any part of your name anywhere in your email address.  This way when someone tries to spoof an email, they cannot address you by name. When PayPal contacts me, they use my name, When someone tries to spoof an email from PayPal, I get called something different.  A red flag like that = insta spam.  For instance, make a junk email hotmail or google mail.  Use this email as the afore mentioned burner account.  If you receive an email that addresses you as "Dear Bogus4526" that is 100% a scam/phishing email.