Resolved Apps use PayPal Automatic Payments to stay logged in! PSA

[0339327]

PSA:

My teenage daughter wanted some junk from Temu. I chose PayPal for security, making sure to choose a one-time log-in. I continued to see charges, which my daughter acknowledged*. However, she should not have been able to make any additional purchases, as I specifically choose one-time use.

I logged into PayPal, Settings, Security, and turned off Auto Login on all devices. Further, I logged out of all devices. Somehow, she was still able to make purchases.*

It turns out that PayPal has Automatic Payment settings, NOT LISTED UNDER SECURITY. It is listed under Payments and is meant for utilities and the like that have regular, reoccurring charges. The problem is that, despite logging out of all devices, PayPal never logs these out. I had authorized payments setup for Kmart of all places, alongside, Google, Staples, FaceBook, eBay and many more. And, one must turn these off individually. There is no way to delete them either, just deactivate them.

This is a HUGE security flaw and yet another reason to never use PayPal.

*Initially my daughter misunderstood the way the App worked and then I continued to allow her to purchase small items so I could identify the problem before it happened with a nefarious player.

 

[kocoman]

then they use the automatic payment to ship the items in your wish list when they are in stock

 

[jz0309]

PSA:

My teenage daughter wanted some junk from Temu. I chose PayPal for security, making sure to choose a one-time log-in. I continued to see charges, which my daughter acknowledged*. However, she should not have been able to make any additional purchases, as I specifically choose one-time use.

I logged into PayPal, Settings, Security, and turned off Auto Login on all devices. Further, I logged out of all devices. Somehow, she was still able to make purchases.*

It turns out that PayPal has Automatic Payment settings, NOT LISTED UNDER SECURITY. It is listed under Payments and is meant for utilities and the like that have regular, reoccurring charges. The problem is that, despite logging out of all devices, PayPal never logs these out. I had authorized payments setup for Kmart of all places, alongside, Google, Staples, FaceBook, eBay and many more. And, one must turn these off individually. There is no way to delete them either, just deactivate them.

This is a HUGE security flaw and yet another reason to never use PayPal.

*Initially my daughter misunderstood the way the App worked and then I continued to allow her to purchase small items so I could identify the problem before it happened with a nefarious player.

sp paypal has no option to turn these off? don't they have customer support? (Disclaimer, never used PayPal so honestly don't know)

 

[0339327]

sp paypal has no option to turn these off? don't they have customer support? (Disclaimer, never used PayPal so honestly don't know)

You can shut it off. The problem is that the setting is hidden in another area of the website. It is not listed under log-ins or security. Also, you can't tell PayPal to never allow this. When we checked out in Temu, it was a simple check-out and I selected "one-time use". However, Temu set it up with PayPal to appear like a reoccurring payment, so my daughter was able to make additional purchases for various amounts, without a log-in or password requirement.

 

[jz0309]

You can shut it off. The problem is that the setting is hidden in another area of the website. It is not listed under log-ins or security. Also, you can't tell PayPal to never allow this. When we checked out in Temu, it was a simple check-out and I selected "one-time use". However, Temu set it up with PayPal to appear like a reoccurring payment, so my daughter was able to make additional purchases for various amounts, without a log-in or password requirement.

thanks ... so there are 2 red flags:
1. paypal for hiding this
2. Temu for not honoring (or abusing) your one-time use setting