Which? reveals how PayPal is failing fraud victims

Which? is calling for PayPal customers to be covered by the same consumer protections as other forms of payment, after highlighting how the payment platform is failing scam victims.

While PayPal holds a banking licence and is signed up to the Financial Ombudsman Service, users do not have the same protections offered by other financial products.

It does offer its own Buyer Protection policy, that promises to safeguard users against breaches of contract, including missing deliveries, or when items turn out to be fake, faulty or not what the customer was expecting.

However, it is not part of the voluntary code for authorised push payments, which commits banks to reimbursing customers who have been tricked into parting with their money.

Some PayPal users told Which? how a lack of comprehensive protections means they have struggled to get their money back when they have been conned into sending money to fraudsters or targeted by hackers who have taken control of their account.

Joe Howard had his PayPal account taken over by scammers who embarked on an eBay spending spree. They sent £1,619 of used smartphones to an address in Washington DC before Joe was able to get his bank to block his accounts. The hackers had changed the email address associated with Joe’s PayPal account.

This meant he was locked out and could not use the security measures designed to recover access. PayPal said at first that it could not investigate because Joe’s email address did not match the email on his account – which was only true because it had been changed by the hackers.

Even after months of back and forth with customer services, PayPal agreed to refund just £800. It told Joe it didn’t believe the remaining payments were fraudulent, but didn’t explain why it reached this conclusion.

PayPal says it has now refunded Joe £1,574.50 and he has been able to access his account again.

Another PayPal customer told Which? he found it difficult to get reimbursed when making an authorised payment that turned out to be fraudulent.

Charlie Cross was booking an Italian holiday home to celebrate his wedding anniversary after spotting an advert online. He paid £800 through PayPal, trusting that he was protected if something went wrong.

But after sending the money, the hosts disappeared and Charlie realised he had been scammed. Charlie said: “PayPal told me that it only covers unauthorised transactions. I tried to make a claim with my bank, but they said that because I authorised the payment using PayPal, that they couldn’t help.”

Most high street banks have now signed up to the voluntary code for authorised push payments, which commits them to reimbursing customers who have been tricked into parting with their money in this way. If Charlie had paid directly from his bank account, he would have benefited from this protection.

PayPal claims to monitor every transaction for fraud, but its policy on how it handles reimbursement claims when someone has been tricked into authorising a transaction is unclear. It could also sign up for the scheme and protect people like Charlie, but it did not provide a comment to Which? when asked if it would consider joining.

Which? believes that strong protections should be in place regardless of payment method and that consumer rights should not be dependent on whether you used a credit card, bank transfer or payment platform.

In its response to a recent review of payment systems, Which? called for the government to use the end of the Brexit transition period as an opportunity to tighten protections for online payments and the victims of fraud – something the regulator claims is currently blocked by an EU directive.

The consumer champion also believes the bank transfer scams code should be made mandatory for all banking institutions – including payment platforms such as PayPal – to ensure that they are fully committed to reimbursing innocent victims.

Harry Rose, Editor of Which? Magazine, said:

“Consumers should feel confident that their money is protected however they choose to make a payment, but our Paypal investigation shows there is currently an uneven playing field that leaves scam victims exposed to losing large sums of money.

“The government’s payments review must result in fairer treatment for consumers. This includes toughening up the scams code, where the rules should be changed so that all banking institutions are required to refund money lost by innocent victims of fraud.”


  • Which? is the UK’s consumer champion, here to make life simpler, fairer and safer for everyone. Our research gets to the heart of consumer issues, our advice is impartial, and our rigorous product tests lead to expert recommendations. We’re the independent consumer voice that influences politicians and lawmakers, investigates, holds businesses to account and makes change happen. As an organisation we’re not for profit and all for making consumers more powerful.

  • In response to Joe Howard’s case PayPal said:

“In April, Mr Howard reported two unauthorised PayPal purchases. The seller refunded Mr Howard for the first payment and PayPal refunded the second payment.

“In May, Mr Howard reported a further unauthorised payment of £45.00. Our fraud specialists investigated the report immediately but were unable to find any evidence of unauthorised access to the customer’s PayPal account. For this reason we were unable to accept Mr Howard’s claim.

“In July, Mr Howard filed another case of an unauthorised payment, which we refunded. We placed restrictions on Mr Howard’s account in May as a precaution because of the suspected unauthorised account access.”

In relation to Charlie Cross’ case, PayPal will not refund him under it’s Buyer Protection as he authorised payment using the ‘friend or family member’ option.

Press Release