Preventing Fraud in PayPal

After a series of scams exploited the company's payment system, PayPal formulated a plan to prevent criminals from using computer programs to open dozens of fraudulent accounts with stolen credit card numbers. This system, known as the "Gausebeck-Levchin" test, requires new account creators to type in a word found in a small image file on the account creation page. A script or a bot can't read this word; only a human can decipher it. Tests like this are more commonly referred to as CAPTCHA (Completely Automated Public Turing Test To Tell Computers and Humans Apart), a term coined by computer scientists from Carnegie Mellon University in 2000. Thousands of Web sites today use CAPTCHA or similar tests to automate their own anti-fraud detection. PayPal also uses special programs to detect potentially fraudulent activity. These programs watch for red flags that might be signs of fraud, such as sudden increases in volume or quantity of transfers, denied credit card charges or invalid IP addresses [sources: Balko, CMU, PayPal].

PayPal Infrastructure

From a buyer's perspective, PayPal changed the way people exchange money online. Behind the scenes, though, it didn't fundamentally change the way merchants interact with banks and credit card companies. PayPal just acts as a middleman.

To understand what that means, consider that credit and debit card transactions travel on several different networks. When a merchant accepts a charge from a card, that merchant pays an interchange, which is a fee of about 10 cents, plus approximately 2 percent of the transaction amount. The interchange is made up of a variety of smaller fees paid to all the different companies that have a part in the transaction: the merchant's bank, the credit card association and the company that issued the card. If someone pays by check, a different network is used, one that costs the merchant less but moves more slowly [source: Ellis].

What part does PayPal play in all this? Both buyer and seller deal with PayPal instead of each other. Both sides have provided their bank account or credit card information to PayPal. PayPal, in turn, handles all the transactions with various banks and credit card companies, and pays the interchange.

PayPal makes its own money in two ways. The first is the fees they charge to a payment's recipients. Though most transactions are free for the average user, merchants pay a fee on transactions. PayPal also collects interest on money left in PayPal accounts. All the money held in PayPal accounts is placed into one or more interest-earning bank accounts. An account holders doesn't receive any of the interest gained on the money while it sits in a PayPal account.

PayPal touts its presence as an extra layer as a security feature. That's because everyone's information, including credit card numbers, bank account numbers and address, stays within PayPal. With other online transactions, that information is transmitted across all the networks involved in the transaction, from the buyer to the merchant to the credit card processor.

As an added layer of security, PayPal also offers a PayPal Security Key, which is a portable device that creates a six-digit code every 30 seconds. The user links this key to his or her eBay or PayPal account. The six-digit code is used in conjunction with the user ID and password to create a unique security code. This extra service requires either a one-time purchase of $29.95 for the device or a mobile phone with text messaging to receive codes from a virtual key (the mobile service's SMS charges apply) [source: PayPal].

Next, let's roll back the clock and see how PayPal came to be the biggest name in online payment services.