PayPal’s (PYPL.Q) rumoured next foray into crypto still comes with security problems

PayPal (PYPL.Q) has been trying to get into crypto for years, but it’s always had a sharp and distinct problem with the variance in processing speeds required to transact. Now they, along with Venmo, are looking to find away to offer cryptocurrency options to their customers.

They been offering back door access to exchanges like Coinbase, acting as an intermediary between the buyer and the exchange. That’s not a bad way to do things, because Paypal is considerably more user-friendly than most exchanges, Coinbase included, but now that they’re looking to move beyond and offer crypto themselves, there are some issues.

First, let’s acknowledge the problem PayPal is hoping to solve.

Exchanges aren’t great. They’re eminently hackable, frequently compromised, and sometimes their leadership goes on vacation and dies and leaves all of your holdings locked in a vault somewhere.  Maybe.  There are rumours that he’s bought a small island that with every piece of news revealed starts looking more like a possibility.

But PayPal is honestly the worst when it comes to security.

There are two reasons:

You’re looking to buy a tenth of a Bitcoin and you’ve got your $1000 all lined up and ready to go. You find yourself someone online who’s willing to part with it, but all he’s got is PayPal. But PayPal’s a reasonable, trusted service, why wouldn’t you use it? So you get yourself involved—put your money in and he puts his 10% in—and wait for the block to close and the exchange to happen. But something happens eight minutes later, and you’re staring at a message from PayPal saying the transaction didn’t go through. The other guy cancelled it. But your money’s gone moments after you pushed the accept button, and you still had to wait ten minutes.

Then suddenly, the guy’s gone and he’s not answering e-mails. An hour later, his PayPal account is closed. It dawns on you that you’re not going to get your money back, and your Bitcoin tranche has vaporized.

That’s called counterparty risk, and it’s one of the biggest issues in all of cryptocurrency.

Vendors run into it if they offer crypto, because by the time the block closes and they get paid, your coffee is half gone and you’re at your desk checking your email. If there’s a glitch or your money’s just not there then you’re not there to receive the stinkeye and the polite request for another payment method.

PayPal’s official take on using their service to sell cryptocurrency, or run a cryptocurrency exchange, is don’t.

Here’s a testimonial from their site:

“Over the 5 months, I’ve had several disputes which I lost because Bitcoin is not a “tangible item” and not covered under Seller Protection.  I’ve lost over $2000, which essentially means I had over $2000 stolen from me via fraudulent PayPal charges.  These buyers knew what they were doing and knew they could get away with it.”

The second reason is that PayPal is regularly hacked. Granted, most of these are the social engineering variety, wherein some enterprising kid in his mother’s basement constructs a trojan and emails it out to some unwitting grandma, who downloads it onto her computer. But a few of these have been substantially more serious, including brute force attacks and a critical login attack issue.

Steer clear until they can figure out the solution to these two key problems.

—Joseph Morton

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: