Consumer advice center warns of current Paypal scam

The North Rhine-Westphalia consumer advice center warns of a current scam in which criminals go on a shopping spree using other people's account details. Protection against this is hardly possible. However, those affected can defend themselves.

At the center of the criticism is a PayPal payment option called "Pay without a PayPal account", also known as a "guest account" or "guest payment". This allows buyers to pay via direct debit without having to create a PayPal account. An IBAN must be entered for this. When asked whether a check is carried out to determine whether the IBAN actually belongs to the person placing the order, PayPal gave a rather evasive answer to the consumer advice center: "PayPal carries out security checks when processing payments as part of its risk management and fraud prevention measures."

Fraud with guest payments apparently a bigger problem

There are discussions in the PayPal community about the misuse of this payment option. The NRW consumer advice center has asked PayPal why the company has not implemented any potential protective measures. For example, consumers could have their IBAN blocked for guest payments or Paypal could transfer a cent amount with a code in the purpose of use to the IBAN specified for guest payments, which buyers must enter for verification. However, there was no answer.

Not only Paypal is affected by this scam. In 2021, a discounter app also enabled payment by entering any IBAN, and some transport associations are currently also apparently allowing subscriptions to the Deutschlandticket using any IBAN. It is not possible to determine the origin of the IBANs, but it is likely that they originate from previous data leaks at companies, intrusions into company IT, data collections on the darknet or the collection of data through dubious competitions.

However, those affected can defend themselves against the unauthorized payments. First of all, they must object to the company's claim, as the debit was unauthorized, explains the NRW consumer advice center. Then they must have the amount reversed by the bank, for which they normally have eight weeks from the date of the booking – but even 13 months in the case of unauthorized bookings. It is important to file a complaint with the police, as data has been misused. Debt collection claims can be disputed by submitting the complaint, explains the consumer advice center. In the case of disputed claims, no entry may be made with credit agencies such as Schufa, which is why it is better to act than to sit out claims.

Another tip from the consumer protection agency is to enter the IBAN as rarely as possible. In addition, you should never leave it anywhere where it can be read publicly. It is also advisable to regularly check account transactions for irregularities.

(dmk)