PayPal, Square, and the Law: Understanding Online Payment Services
More and more, people are using PayPal, Square, Apple Pay, Google Wallet, Venmo, and other online payment services to make purchases or to send money. Depending on the type of transaction, the service provider may charge a percentage fee, or there may be no charge.
Online payment services are convenient and fairly easy to use. However, as with any online purchase or money transfer, there are risks involved such as identity theft. Read below for information on some of the popular online payment service providers, how to use them, what protections they offer, and the risks.
PayPal is one of the most popular online payment service providers, with over 50 million user accounts. To use PayPal, a person must first sign up for an account by creating a username and password. PayPal will then send the person, by text message or email, a code for him or her to enter at PayPal's website to verify that the account is authentic. This process is known as two-factor authentication.
Signing up for PayPal requires a person to "link" his or her user account with a credit card or bank account. Payments and transfers to or from the user will be made into or from that credit card or bank account. Once this link is established, the user can send and receive money, and pay for purchases at many websites. PayPal offers both buyer and seller protections, including refunds for damaged items and for unauthorized purchases made from a user's account. Like other online payment service providers, PayPal keeps its users' payment information confidential. For example, a seller who receives money from a buyer will not see the buyer's credit card or bank account information.
PayPal encrypts data, meaning that a user's financial information is transformed into a code that can only be read using a special key. Despite this encryption and the use of two-factor authentication, PayPal suffered a recent security breach . Although the breach wasn't considered a major one, it's an example of the risks involved in using online payment services.
Square is another popular online payment service provider that allows users to transfer money to each other. Square also has point of sale and credit card reader devices, which allow users to accept credit cards for payment and to place customer orders from an Apple or Android smartphone or tablet computer. Square markets itself as a lower-cost alternative for small businesses that want customers to have the option of paying with a credit card.
Square encrypts data, and it uses a system known as "layered security " that analyzes each transaction as it occurs to prevent fraud. In 2015, Square began to issue card readers that accept credit cards with built-in microchips, instead of with magnetic strips. This was Square's response to a federal law, effective October 2015, that imposes liability in the event of fraudulent credit card transactions on merchants who continue to use magnetic strip card readers.
Marketed as a "free digital wallet," Google Wallet allows users to make purchases in stores and at websites that accept Mastercard, to send money, and to store gift and loyalty card balances in the user's account. Users must have a Google account to make purchases, and both the sender and recipient of money transfers must have Google accounts. Google Wallet is available to Apple and Android smartphone users.
Google Wallet protects users by encrypting data, by requiring a PIN for purchases, and by using a real-time "risk and fraud detection" system during transactions. The service also has fraud protection that refunds users in case of unauthorized transactions.
Apple Pay is available to those who use late-model Apple smartphones for online and retail purchases at certain websites and stores. A user must first register and then link a credit or debit card to his or her account.
Apple Pay's security protections include data encryption and a fingerprint-password option to protect users in case their phones are lost or stolen.
At this time, there are no federal laws or regulations that apply specifically to online payment services. If, however, security breaches occur that result in the disclosure of confidential financial information and identity theft, we can expect proposals such as this Missouri bill that would require businesses to verify a customer's identification before allowing electronic payment.
Although providers take steps to minimize user risk, it's important to take precautions if you use online payment services. For example, you should create unique usernames and passwords, lock your smartphone or tablet computer with a code, and check your transactions history and balance often.
If you have further questions about online payment services, you should contact a consumer protection attorney in your area.