How to permanently lock your PayPal account
The next screen is "We've sent a code to your number, what's the code?" There is a small "Change" link next to the phone number, so I click that. Nothing.
I can't login because I can't confirm the bogus phone number.
I can change my password, but that still doesn't let me login.
I can call PayPal customer service, but they ask if you have an account (yes), they ask for the phone number. They won't accept "None" as an answer. I give them the bogus number and they say "We've sent a code to that number, what is it?"
So if you lose access to your phone, you lose access to your PayPal account. I called eBay, got a support rep, and he told me the same thing happened to him. He handled it by reporting a security violation - you can do that w/o a phone number or logging in. So I reported a hate crime, then described my actual problem. Sheesh!
There are posts on the PayPal community forum from people who have been trying to fix this for months.
10 comments
[ 2.9 ms ] story [ 37.3 ms ] thread(And keep in mind that Venmo is also owned by PayPal.)
Begun? Is the perception now any different than it was e.g. 10 years ago? I feel it's always been the same.
It might even be required by banks and credit card companies.
For what it is worth, your phone number is not a secret. Nobody needs to data dump PayPal to get it. Also eBay and PayPal split years ago.
If you're going to force MFA on users give them another option besides receiving a text message or phone call. I don't want to live with my phone attached to my body at all time, sometimes I just want to log in without having to go find where I left it. I have Yubikey, let me use that, or worst case, send a code to my email.
When buying on eBay, PayPal lets you login w/o confirming your phone number. When the PayPal screen pops up, I started clicking on other stuff and eventually escaped to the main PayPal site, logged in. Then I clicked on Resolution Center, told their automated bot I had a problem with my phone number, and it let me update my mobile phone number. It asked if I wanted to confirm it and I said no. In hindsight, I probably should have said yes here. I thought I was home free, and yet...
When I tried to login again, I expected it to try to confirm my number, which I could do now that the number was right. But instead, it circle-spun for a while, then displayed the login screen again. Fuck!
So I tried calling customer service, figuring that I could give them a code now. But there was another option to proceed without a code, so I did that and got an actual person on the line. He verified my email and last 4 of my bank account, then read back the phone number and, of all things, I had typed a 0 instead of 9 when talking to the bot!
The customer service guy fixed my phone number, told me I had to reset my password, I did that, he told me to try to login, and ... my account is still locked. He couldn't unlock it and said I had to wait 48 hours, then I would get another security challenge when attempting to login. If I had trouble with that, call them back.
I realize some of this was my fault, but people do make mistakes. I'm the author of HashBackup and have thought about trying to sell licenses from time to time, but this kind of crap with payment services is a major reason I haven't. Can you imagine having tens of thousands of dollars flowing through a shitty service like this? Scary!
They said they couldn't do anything unless I submitted the bank statement with the CC number. I told them to just delete all the cards from my account but that wasn't an option either.
That was around 5 years ago and I still don't have access to that account and I'm expecting to never be able to get in again.