Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

0339327

Cancelled
Original poster
Jun 14, 2007
634
1,936
PSA:

My teenage daughter wanted some junk from Temu. I chose PayPal for security, making sure to choose a one-time log-in. I continued to see charges, which my daughter acknowledged*. However, she should not have been able to make any additional purchases, as I specifically choose one-time use.

I logged into PayPal, Settings, Security, and turned off Auto Login on all devices. Further, I logged out of all devices. Somehow, she was still able to make purchases.*

It turns out that PayPal has Automatic Payment settings, NOT LISTED UNDER SECURITY. It is listed under Payments and is meant for utilities and the like that have regular, reoccurring charges. The problem is that, despite logging out of all devices, PayPal never logs these out. I had authorized payments setup for Kmart of all places, alongside, Google, Staples, FaceBook, eBay and many more. And, one must turn these off individually. There is no way to delete them either, just deactivate them.

This is a HUGE security flaw and yet another reason to never use PayPal.

*Initially my daughter misunderstood the way the App worked and then I continued to allow her to purchase small items so I could identify the problem before it happened with a nefarious player.
 
Last edited:
  • Like
Reactions: jz0309 and KaliYoni

kocoman

macrumors 6502
Dec 26, 2007
327
44
then they use the automatic payment to ship the items in your wish list when they are in stock
 

jz0309

Contributor
Sep 25, 2018
11,408
30,103
SoCal
PSA:

My teenage daughter wanted some junk from Temu. I chose PayPal for security, making sure to choose a one-time log-in. I continued to see charges, which my daughter acknowledged*. However, she should not have been able to make any additional purchases, as I specifically choose one-time use.

I logged into PayPal, Settings, Security, and turned off Auto Login on all devices. Further, I logged out of all devices. Somehow, she was still able to make purchases.*

It turns out that PayPal has Automatic Payment settings, NOT LISTED UNDER SECURITY. It is listed under Payments and is meant for utilities and the like that have regular, reoccurring charges. The problem is that, despite logging out of all devices, PayPal never logs these out. I had authorized payments setup for Kmart of all places, alongside, Google, Staples, FaceBook, eBay and many more. And, one must turn these off individually. There is no way to delete them either, just deactivate them.

This is a HUGE security flaw and yet another reason to never use PayPal.

*Initially my daughter misunderstood the way the App worked and then I continued to allow her to purchase small items so I could identify the problem before it happened with a nefarious player.
sp paypal has no option to turn these off? don't they have customer support? (Disclaimer, never used PayPal so honestly don't know)
 

0339327

Cancelled
Original poster
Jun 14, 2007
634
1,936
sp paypal has no option to turn these off? don't they have customer support? (Disclaimer, never used PayPal so honestly don't know)

You can shut it off. The problem is that the setting is hidden in another area of the website. It is not listed under log-ins or security. Also, you can't tell PayPal to never allow this. When we checked out in Temu, it was a simple check-out and I selected "one-time use". However, Temu set it up with PayPal to appear like a reoccurring payment, so my daughter was able to make additional purchases for various amounts, without a log-in or password requirement.
 

jz0309

Contributor
Sep 25, 2018
11,408
30,103
SoCal
You can shut it off. The problem is that the setting is hidden in another area of the website. It is not listed under log-ins or security. Also, you can't tell PayPal to never allow this. When we checked out in Temu, it was a simple check-out and I selected "one-time use". However, Temu set it up with PayPal to appear like a reoccurring payment, so my daughter was able to make additional purchases for various amounts, without a log-in or password requirement.
thanks ... so there are 2 red flags:
1. paypal for hiding this
2. Temu for not honoring (or abusing) your one-time use setting
 
  • Like
Reactions: 0339327
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.