My PayPal Security Token arrived a couple of days ago.
I’ve come to use PayPal far more often than I’d ever expected. I’m not big on credit, until recently I never had enough to cover anything more costly than a fine dinner for four, and I’ve become loathe to entrust my debit card details to online merchants, so PayPal’s near-ubiquity (even Dell takes PayPal) has made it my payment method of choice.
The only thing that I haven’t liked about PayPal is that they have too many of my financial details, having my PayPal account compromised would be much worse than someone getting hold of my debit card information. As soon as PayPal announced the security tokens I was eager to get one in order to better protect my account.
Unfortunately, they’ve limited the security benefit for the sake of customer convenience. You can still log in to a token-enable account without the token by answering an additional security question. For my account I could provide some details from my PayPal debit card, one of my linked credit cards, my linked checking account, or by providing my mother’s maiden name and the last four digits of my SSN.
I’m no security guru, I’m not sure what would be the right thing to do when a customer doesn’t have their token, but I am pretty sure that asking one of those questions ain’t it.
