It's been a while since you posted your issue/question and I hope you were able to resolve it. It would be helpful to others with similar problems if you post another reply with an update, especially if you successfully resolved this. I agree with @nevadasmith. In order to link your bank account to a PayPal account, you (or the "hacker") first have to enter the bank account details. Then, within a few days, PayPal will post a couple of small deposits, and an equal amount as a withdrawal(s), to the bank account. Once these transactions post to your account, you (or again, the hacker) has to log in to the PayPal account and verify (validate) ownership of the bank account by entering the amounts of these 2 small deposits. If a hacker opened a new PayPal account, and added your bank account to their PayPal account, they would have to have access to your bank account to discover the correct amount of these 2 small deposits. If they were able to do this then they already have all they need to empty your account without involving PayPal. Here is a more likely scenario: This other person (I'll call them "Hacker"), opened a bank account at a bank, unrelated to PayPal, and unrelated to your bank account. For this bank account, they included "PayPal" in the account owner information. For example, if they named their company "PayPal Money Services", or anything similar. They would have somehow had to get your bank account number, either by randomly choosing numbers until they found working numbers (hence the "testing" you saw), or by tricking you to give them your bank routing and account numbers (not your bank account login information), or by obtaining the information from a paper check that you sent to someone. Then they would do withdrawals (ACH) from your bank account, directly into their bank account. When you look at your bank account transactions (online), you would see some fragment of their company name (including "PayPal...") in the transaction details. But, PayPal was not involved in these transactions at all. The other issue, is that PayPal will not allow the same bank account (combination of bank routing and account numbers) to be used on 2 different PayPal accounts. So, if you already linked (and verified) your bank account with your PayPal account, the "Hacker's" attempt to link your bank account with THEIR PayPal account would have failed (PayPal would not have allowed the account to be linked). This issue should have been resolved by disputing the transactions with your bank, which might require filing a formal written dispute. If your bank refuses to reverse the transactions then perhaps you can appeal their decision, or file a small claims case, or perhaps you'd have to use arbitration. I'm not saying that PayPal is not capable of making mistakes, or that they are always able to recognize their mistakes, or that they always admit when they know they made a mistake, but in this case, given the information provided, it doesn't seem PayPal is at fault, or even really involved in the transactions at all.
... View more