I've never been the victim of an online security breach. I've never had my identity stolen. That's partly because I'm lucky, and partly because I'm conscientious. Every year, I get a free copy of my credit report and scan it for errors (last year, there were eight or nine mistakes, and I managed to fix all but one before giving up).
In the last week, however, I have become a victim--not of an online security breach, but of a company's overheated reaction to what may or may not have been an online security breach. The company is PayPal, and this is probably the last time I will ever use it as a place to park my cash.
A week ago, I got an email from PayPal saying that access to my account had been limited, because an "issue" that had been discovered during a routine screening. To lift this restriction, I had to log on, change my password and security questions--oh, and enter in my credit card information. Quick question for the brilliant bigwigs at PayPal: why on earth would I give my credit card information to a company that has just told me that there has been some sort of security breach?
First, I thought it was one of those fake emails that isn't really from PayPal. Unfortunately, I was wrong. I called PayPal, and complained about the request for credit card information. Thankfully, they lifted the restrictions without requiring me to hand over any credit card information (I had to change my password and security questions). I then decided to withdraw the $189 in the account since, well, I could use a new pair of shoes. This was a Monday, and PayPal said the transfer would take three or four days. On Saturday, I logged into PayPal again ... and found that my access had been limited. Again. And without notifying me, PayPal had canceled the transfer.
So I changed my password and security questions again. (There are only four security questions, so I changed the questions back to what they were a week ago.) Then, over the phone, another call center representative lifted the restriction. (He also, inexplicably, denied that PayPal ever emailed me to notify me of the account restrictions. Don't you love it when customer service reps basically tell you that you're lying?)
I have since tried, once again, to transfer the money to my regular bank account. We'll see if it works. But the whole experience raised a number of questions. No bank has ever restricted access to one of my accounts due to an "issue" before. Does this mean that PayPal has more "issues"? Or does this mean that PayPal is simply more cautious? In other words, should I feel more or less secure in my PayPal account?
Also, it's clear to me that companies have to walk a fine line: they must protect customers' security and without annoying them so much they walk out the door. How many more times will I have to call PayPal before I can access my $189.02? And why, after all this, would I ever use PayPal again?