Go Back  Bike Forums > The Lounge > Foo
Reload this Page >

PayPal now requiring sending full bank account login credentials to a 3rd party

Notices
Foo Off-Topic chit chat with no general subject.

PayPal now requiring sending full bank account login credentials to a 3rd party

Old 09-25-20, 09:16 PM
  #1  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
PayPal now requiring sending full bank account login credentials to a 3rd party

I was using PayPal today, and got hit by an "Account Verification Demand". They demanded that I send my full bank account login credentials to a company that I had never heard of called Yodlee.
.
Bank name (they had that registered for the account for at least a decade).
Bank username associated with my registered account.
Bank password associated with my registered account.
.
Research indicates that Yodlee is a was bought out by a company called Envestnet, and together they are "data aggregators" that buy and sell personal data, without any real restrictions on how they use one's personal data, or how they access it.

There have been enough major data breaches and misuse of personal information that they don't get my info. And, I'm now looking for alternative ways to complete my transaction.

There is a ton of information that could be gained from my login credentials. My bank balance, deposits, withdrawals, where I shop, debit info, credit card info, mortgage info, payment histories, etc. Even information about vendors I work with, and perhaps even the ability to estimate my monthly utility usage.
CliffordK is offline  
Old 09-25-20, 09:40 PM
  #2  
prairiepedaler
Senior Member
 
Join Date: Aug 2016
Location: Jolly 'ol Winnipeg
Posts: 924

Bikes: Raleigh Elkhorn, Cannondale SM600, Maruishi MT18 Frame, Sekine Toledo Frame

Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
Liked 80 Times in 52 Posts
I'm waiting for other platform options to kick in, hopefully to slowly atrophy away Paypals' existence. I'd drop Paypal instantly and never return given other practical options.
prairiepedaler is offline  
Old 09-25-20, 10:55 PM
  #3  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
There is an element of a monopoly so that E-Bay, PayPal, Visa, and other companies can do, or charge pretty much whatever they wish. And it is all about growth and profit.

E-Bay is working with other payment options, and perhaps some of those will take hold.
CliffordK is offline  
Old 09-25-20, 11:05 PM
  #4  
genec
genec
 
genec's Avatar
 
Join Date: Sep 2004
Location: West Coast
Posts: 26,676

Bikes: custom built, sannino, beachbike, giant trance x2

Mentioned: 47 Post(s)
Tagged: 0 Thread(s)
Quoted: 9673 Post(s)
Liked 1,946 Times in 1,328 Posts
I think if I were using paypal and ebay quite a bit, I would consider a new bank account, for just these things... with limited funds.
genec is online now  
Likes For genec:
Old 09-25-20, 11:25 PM
  #5  
Trevtassie
Senior Member
 
Join Date: Jun 2015
Location: Down Under
Posts: 1,852

Bikes: A steel framed 26" off road tourer from a manufacturer who thinks they are cool. Giant Anthem. Trek 720 Multiroad pub bike. 10 kids bikes all under 20". Assorted waifs and unfinished projects.

Mentioned: 9 Post(s)
Tagged: 0 Thread(s)
Quoted: 693 Post(s)
Liked 563 Times in 296 Posts
Doesn't happen in Australia, must be allowed under US law. Here they do two small deposits and you tell them the amounts to verify the account. I think that may be an option in the US, but they don't really highlight that, you need to search for it when you log in. I'm pretty sure though the T&C of your bank account would say you waiver your rights if you hand the password over to anybody else. I'd ditch paypal in a second if they tried that on me.

Last edited by Trevtassie; 09-25-20 at 11:37 PM.
Trevtassie is offline  
Likes For Trevtassie:
Old 09-25-20, 11:46 PM
  #6  
Seattle Forrest
Senior Member
 
Seattle Forrest's Avatar
 
Join Date: Mar 2010
Location: Seattle, WA
Posts: 21,540
Mentioned: 71 Post(s)
Tagged: 0 Thread(s)
Quoted: 13397 Post(s)
Liked 4,683 Times in 2,629 Posts
I wouldn't do it.
Seattle Forrest is offline  
Likes For Seattle Forrest:
Old 09-25-20, 11:53 PM
  #7  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
Originally Posted by Trevtassie View Post
Doesn't happen in Australia, must be allowed under US law. Here they do two small deposits and you tell them the amounts to verify the account. I think that may be an option in the US, but they don't really highlight that, you need to search for it when you log in. I'm pretty sure though the T&C of your bank account would say you waiver your rights if you hand the password over to anybody else. I'd ditch paypal in a second if they tried that on me.
We did the two small deposit thing at least a decade ago. Everything had been approved at that time, and I've regularly done E-Bay purchases, and occasional PayPal only transactions.

This demanding that I provide my bank's login credentials to a 3rd party with whom I have no user agreement (either way) is something entirely new, and not based on any changes to my account that I am aware of.
CliffordK is offline  
Old 09-25-20, 11:56 PM
  #8  
AnthonyG
Senior Member
 
AnthonyG's Avatar
 
Join Date: May 2005
Location: Queanbeyan, Australia.
Posts: 4,048
Mentioned: 70 Post(s)
Tagged: 0 Thread(s)
Quoted: 2818 Post(s)
Liked 320 Times in 210 Posts
Originally Posted by CliffordK View Post
I was using PayPal today, and got hit by an "Account Verification Demand". They demanded that I send my full bank account login credentials to a company that I had never heard of called Yodlee.
.
Bank name (they had that registered for the account for at least a decade).
Bank username associated with my registered account.
Bank password associated with my registered account.
.
Asking for your password has to be a scam. Has to be. I give my bank account number and name to various people such as employers so that they can directly pay me but no one EVER asks for, or needs my account password.

Never.
AnthonyG is online now  
Old 09-26-20, 12:06 AM
  #9  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
I guess the other thing that happens is that there are a number of "Credit Agencies" that have been collecting information on Americans for decades.

They have social security numbers, birthdays, addresses, and a pile of financial information. All without ever getting permission from the actual people they're tracking.

I stopped interacting when them on any level at least a decade and a half ago when I called to get a "free report", and it seemed as if they had outsourced my account information to India.

About 3 years ago, Equifax was hacked, and data for up to 150 million accounts was stolen. Nothing seems to indicate my info was part of that.

A couple of years ago I tried to reroute a Fedex shipment, and they pulled a bunch of questions from some undisclosed source, but had the answers so jumbled that there was no way to complete the account.
CliffordK is offline  
Old 09-26-20, 12:10 AM
  #10  
Trevtassie
Senior Member
 
Join Date: Jun 2015
Location: Down Under
Posts: 1,852

Bikes: A steel framed 26" off road tourer from a manufacturer who thinks they are cool. Giant Anthem. Trek 720 Multiroad pub bike. 10 kids bikes all under 20". Assorted waifs and unfinished projects.

Mentioned: 9 Post(s)
Tagged: 0 Thread(s)
Quoted: 693 Post(s)
Liked 563 Times in 296 Posts
Apparently it is a thing, but there is nothing to stop you immediately changing your password so they can only log in once. Seems sketchy as, however, some kind of data mining BS.
Trevtassie is offline  
Old 09-26-20, 01:04 AM
  #11  
Seattle Forrest
Senior Member
 
Seattle Forrest's Avatar
 
Join Date: Mar 2010
Location: Seattle, WA
Posts: 21,540
Mentioned: 71 Post(s)
Tagged: 0 Thread(s)
Quoted: 13397 Post(s)
Liked 4,683 Times in 2,629 Posts
If I have your bank login info, I can transfer money out.
Seattle Forrest is offline  
Likes For Seattle Forrest:
Old 09-26-20, 01:05 AM
  #12  
Seattle Forrest
Senior Member
 
Seattle Forrest's Avatar
 
Join Date: Mar 2010
Location: Seattle, WA
Posts: 21,540
Mentioned: 71 Post(s)
Tagged: 0 Thread(s)
Quoted: 13397 Post(s)
Liked 4,683 Times in 2,629 Posts
Originally Posted by Trevtassie View Post
Apparently it is a thing, but there is nothing to stop you immediately changing your password so they can only log in once. Seems sketchy as, however, some kind of data mining BS.
Maybe give the wrong password altogether and if it comes up, "my bank must have flagged your IP address as suspicious."
Seattle Forrest is offline  
Likes For Seattle Forrest:
Old 09-26-20, 01:35 AM
  #13  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
Originally Posted by AnthonyG View Post
Asking for your password has to be a scam. Has to be. I give my bank account number and name to various people such as employers so that they can directly pay me but no one EVER asks for, or needs my account password.

Never.
It is absolutely REAL.

Search for:
Yodlee
PayPal Yodlee
Yodlee Lawsuit
Yodlee FTC
.
First PayPal screen (personal info removed).




Second PayPal screen (personal info removed).



(sorry, I don't have a third screen to show you. )

As I mentioned, this is an account that I've used for years. I've never had PayPal try to access my bank directly like this.

Oh, and what a mess of garbage offsite scripts for completing a financial transaction!!!
CliffordK is offline  
Old 09-26-20, 01:46 AM
  #14  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
Originally Posted by Trevtassie View Post
Apparently it is a thing, but there is nothing to stop you immediately changing your password so they can only log in once. Seems sketchy as, however, some kind of data mining BS.
If they can log in, how long does it take the company to do a data dump of my checking balance, my credit card balance and limits, my home mortgage balance, home mortgage payments, the last 10 years of every transaction that I've made with a check, visa, debit card, bank machine, deposits, transfers, etc. Potentially estimate my annual income and income sources.

And, potentially even update security that I have in my bank account.

All they need to know is if I can cover the PayPal transaction, and they can figure that out by submitting the request to the bank. Banks can confirm or deny a transaction almost instantly.
CliffordK is offline  
Old 09-26-20, 02:06 AM
  #15  
AnthonyG
Senior Member
 
AnthonyG's Avatar
 
Join Date: May 2005
Location: Queanbeyan, Australia.
Posts: 4,048
Mentioned: 70 Post(s)
Tagged: 0 Thread(s)
Quoted: 2818 Post(s)
Liked 320 Times in 210 Posts
Originally Posted by CliffordK View Post
It is absolutely REAL.

Search for:
Yodlee
PayPal Yodlee
Yodlee Lawsuit
Yodlee FTC
.
First PayPal screen (personal info removed).




Second PayPal screen (personal info removed).



(sorry, I don't have a third screen to show you. )

As I mentioned, this is an account that I've used for years. I've never had PayPal try to access my bank directly like this.

Oh, and what a mess of garbage offsite scripts for completing a financial transaction!!!

I've never seen this is Australia however after a quick read PayPal is saying that its an option. You can refuse this option, although sometimes they may decline the payments.
That's what they are claiming anyway and I'm not expert on it.
Just refuse it and change your settings in PayPal.

EDIT: Also talk to your bank about it. As far as Banks are concerned you NEVER give out your password so get your bank to take on PayPal over the matter. They are in a better position to pay the lawyers.
AnthonyG is online now  
Old 09-26-20, 03:05 AM
  #16  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
Originally Posted by AnthonyG View Post
I've never seen this is Australia however after a quick read PayPal is saying that its an option. You can refuse this option, although sometimes they may decline the payments.
That's what they are claiming anyway and I'm not expert on it.
Just refuse it and change your settings in PayPal.

EDIT: Also talk to your bank about it. As far as Banks are concerned you NEVER give out your password so get your bank to take on PayPal over the matter. They are in a better position to pay the lawyers.
I went through all the PayPal settings, and there wasn't any obvious way to opt out of using Yodlee for verification.

On the screen above, there is an option "Pay another way"... which simply takes one back to one's bank account. Then back to Yodlee... love those circles.

Lots of notes that Yodlee buys/sells/trades lots of personal data... do they have to get mine?

So, I'm now trying to get a snail-mail option for payment (another way).

There are a few notes on the web about my State Senator, Ron Wyden pushing for a FTC investigation of Yodlee back in January, but I'm not seeing notes of followup. Plus, that is a slightly different issue than comes up with PayPal. I'll try to follow up with him.

I'll also contact the bank. There are notes that some banks are actively contracting with Yodlee. I have to wonder how they're interacting with the bank.

Do they use the bank's web interface, or is the bank giving a special system access? Bank of America uses some convoluted logins, but my current bank doesn't seem to do that. Any company that does hundreds, or thousands of logins to different bank accounts using full credentials from a small set of access points should set off every security alarm that exists... unless they are expected to have back-door access to lots of accounts.
CliffordK is offline  
Old 09-26-20, 05:30 AM
  #17  
a_d_a_m
Senior Member
 
a_d_a_m's Avatar
 
Join Date: Jun 2020
Location: Ohio
Posts: 150

Bikes: Ragley parts-cycle

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 49 Post(s)
Liked 346 Times in 79 Posts
As a longtime PayPal customer, I will be keeping an eye on my account with extra scrutiny now. On a personal level, have to say that I would run like hell from anything associated with Yodlee. I searched for that company in news articles, all that comes up is stuff about privacy lawsuits. Additionally, when I went to PayPal.com's official 'help' section where you can search for terms and whatnot, Yodlee nets zero results. Seems like a phishing attempt to me.
a_d_a_m is offline  
Likes For a_d_a_m:
Old 09-26-20, 07:28 AM
  #18  
FBOATSB 
Senior Member
 
FBOATSB's Avatar
 
Join Date: Jul 2014
Location: Central Indiana
Posts: 1,806

Bikes: Old Stuff

Mentioned: 25 Post(s)
Tagged: 0 Thread(s)
Quoted: 682 Post(s)
Liked 129 Times in 101 Posts
Perhaps I need to be schooled more about paypal. Seems they have become an online banking juggernaut with their own branded credit cards, atm/debit cards, the ability to transfer money to and from any other bank. If that's what you want, of course you have to provide bank account and routing numbers. Passwords? No way.
I'm sure they also make tons of money selling your data as well.

I only use paypal to buy and sell stuff and just have one credit card that is not affiliated with my bank on file with them to do so. I try not to maintain much of a balance on their books.
FBOATSB is offline  
Old 09-26-20, 07:53 AM
  #19  
xroadcharlie
Senior Member
 
Join Date: Apr 2019
Location: Windsor Ontario, Canada
Posts: 338

Bikes: 2018 Giant Sedona

Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 106 Post(s)
Liked 53 Times in 49 Posts
I absolutely would not give PayPal my banking log in. I won't even subscribe to amazon prime because they require my credit card. I went to Netflix instead because I can subscribe with gift card.

I'm not entirely comfortable with auto payments for essential services like gas, hydro, property taxes ect, But keep an eye on upcoming debits that can be canceled if necessary. The convenience here is worth the risk though IMO. Have had no problems in many years.

Last edited by xroadcharlie; 09-26-20 at 08:00 AM.
xroadcharlie is offline  
Old 09-26-20, 08:20 AM
  #20  
skidder
Bipsycorider
 
Join Date: Sep 2012
Location: Orange County, California
Posts: 1,220

Bikes: Why yes, I do have a few! Thank you for asking!

Mentioned: 9 Post(s)
Tagged: 0 Thread(s)
Quoted: 550 Post(s)
Liked 261 Times in 194 Posts
That looks like a scam to me. I looked at PayPal many years ago and, frankly, I could not find a reason to use it. If I wanted to buy something on a retail site that required PayPal, I'd just find another site and use a credit card. Don't want too many layers that could be compromised when I'm buying stuff on the web.
skidder is offline  
Likes For skidder:
Old 09-26-20, 08:57 AM
  #21  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
Originally Posted by skidder View Post
That looks like a scam to me. I looked at PayPal many years ago and, frankly, I could not find a reason to use it. If I wanted to buy something on a retail site that required PayPal, I'd just find another site and use a credit card. Don't want too many layers that could be compromised when I'm buying stuff on the web.
20 years ago it was the best game in town to facilitate E-Bay payments. That may finally be loosening up some, but it still does the lions share of E-Bay payments.

It is rare, but occasionally I'll use PayPal to facilitate a private person-to-person transaction.

As far as online payments, in theory you give your PayPal credentials to a company, and you authorize a one-time payment, and that is the only payment they are authorized for. If they are using PayPal for checkout, you'll see the website jump from the vendor site to Paypal, then back to the vendor. And, I don't believe the original vendor ever sees your PayPal login info.

If you give the company your credit card number, you don't know for sure if they save the credit card number (plus your 3 digit access code, name, and expiration date), or if they use it then delete the info. For the most part I uncheck the box "save my credit card info", but that doesn't guarantee what info about you is saved (or shared with account processing companies). If your vendor does save your credit card information, even if they are reputable, they are still vulnerable to be hacked.

I learned my lesson a few years ago when somebody who had my credit card was hacked (never disclosed who), and I started getting mystery payments. I now have my credit card configured so that every payment sends me an immediate e-mail.
CliffordK is offline  
Likes For CliffordK:
Old 09-26-20, 08:57 AM
  #22  
Shimagnolo
Senior Member
 
Shimagnolo's Avatar
 
Join Date: May 2008
Location: Zang's Spur, CO
Posts: 8,922
Mentioned: 10 Post(s)
Tagged: 0 Thread(s)
Quoted: 2331 Post(s)
Liked 1,922 Times in 986 Posts
Anyone worried about giving credit card numbers online just needs to get a CC with a company that provides virtual temporary card numbers, such as Capital One, or Citi. You generate a CC number with a user-specified charge limit, and a user-specified expiration. Each virtual card has a unique number, and a unique security code. Once a vender submits a charge to it, that card is locked to that vendor. You can manually delete a virtual card at any time.

I don't worry if anyone gets a virtual CC number I used online, because there is nothing they could do with it. I haven't given out a real CC number online in many years.

Last edited by Shimagnolo; 09-26-20 at 09:40 AM.
Shimagnolo is offline  
Likes For Shimagnolo:
Old 09-26-20, 09:03 AM
  #23  
no motor?
Unlisted member
 
no motor?'s Avatar
 
Join Date: Dec 2005
Location: Chicagoland
Posts: 6,193

Bikes: Specialized Hardrock

Mentioned: 29 Post(s)
Tagged: 0 Thread(s)
Quoted: 1348 Post(s)
Liked 408 Times in 283 Posts
I tried PayPal after it came out and thought I'd closed the account then. Apparently I didn't, and somebody had sent me money that I didn't know about until I got a notice from the Illinois Comptroller letting me know about this. I was skeptical, but got a check for $100 from the state just like they said I would. If only @ahsposo would repay the money I loaned him to buy more free candy and get his van down by the river fixed...
no motor? is offline  
Old 09-26-20, 09:20 AM
  #24  
ahsposo 
Pounding Member
 
ahsposo's Avatar
 
Join Date: Jan 2010
Location: In the Bag
Posts: 7,134

Bikes: A Home Built All Rounder, Bianchi 928, Specialized Langster, Dahon Folder

Mentioned: 25 Post(s)
Tagged: 0 Thread(s)
Quoted: 5092 Post(s)
Liked 2,158 Times in 1,304 Posts
Ha! You know where I am! Come and get it if you think you're possum enough!
ahsposo is offline  
Old 09-26-20, 09:36 AM
  #25  
CliffordK
Senior Member
Thread Starter
 
CliffordK's Avatar
 
Join Date: Nov 2014
Location: Eugene, Oregon, USA
Posts: 24,968
Mentioned: 202 Post(s)
Tagged: 0 Thread(s)
Quoted: 13041 Post(s)
Liked 1,726 Times in 1,305 Posts
Originally Posted by Shimagnolo View Post
Anyone worried about giving credit card numbers online just needs to get a CC with a company that provides virtual temporary card numbers, such as Capital One, or Citi. You generate a CC number with a user-specified charge limit, and a user-specified expiration. Each virtual card has a unique number, and a unique security code. Once a vender submits a charge to it, that card is locked to that vendor. You can manually delete a virtual card at any time.

I don't worry if any gets a virtual CC number I used online, because there is nothing they could do with it. I haven't given out a real CC number online line in many years.
Thanks,

I may look into that. When my credit card was hacked a few years ago, I suggested to the bank randomizing the 3 digit security code for specific transactions, but my bank declined to do so. My interpretation was that the banks really don't care about security as long as they can pass the fraudulent charges onto someone else (often the vendor who made the sale gets stuck with a denied payment).

I had an interesting issue. I had authorized a payment to Yahoo years ago. A few years later it became a recurring payment. Then after the hack, I got a new credit card number issued... without authorization, my Yahoo payment jumped to the new credit card despite my never providing the company the new number, the new authorization code, or the new expiration date.
CliffordK is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.