PayPal President's Credit Card Hacked

When David Marcus’ credit card was skimmed, cloned and used for an unauthorized shopping spree, he saw a business opportunity.

That’s because Marcus is the president of PayPal, an Internet-based payment processing business that has been billed as an alternative to the tedious and sometimes insecure process of entering a credit card number when making transactions online. Marcus’ credit card was skimmed while he was in the United Kingdom, which he announced on Twitter:

My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn’t have happened if merchant accepted PayPal…

— David Marcus (@davidmarcus) February 10, 2014

Obfuscating card data online, on mobile, and now more and more offline remains one of PayPal’s strongest value props.

— David Marcus (@davidmarcus) February 10, 2014

Credit card technology and security has been widely analyzed in the news media since Target announced a massive data breach in December. Some experts have suggested the Target hackers could have been deterred by EMV, or chip-and-pin, credit card technology, which is commonplace abroad but not yet mainstream in the U.S. Here, credit cards still use magnetic stripes to complete payment, a technology that dates to the 1960s, and credit card skimmers have perfected the mag-stripe cloning process as a way to steal batches of card numbers.

Marcus says his card has EMV technology, but acknowledged the mag-stripe may have been cloned, since some cards carry both technologies so they can be used internationally.

Is PayPal the Answer?

There are different schools of thought on whether chip-and-pin ubiquity would substantially improve credit card security or whether the technological upgrade would be worth the expense. After all, hackers will find a way to beat the security measures. Technology has evolved this way for decades.

Get everything you need to master your credit today.

Get started for free

But PayPal has its own strengths and weaknesses. Users tie their bank accounts or credit card to PayPal, which you access by entering your email address and a password. Email-password security has its own limitations, considering how nonchalant some people are about their password choices.

Deena Coffman, information security officer for IdentityTheft 911, said email addresses and passwords aren’t necessarily enough to protect your account from getting hacked, even though PayPal encrypts your account information on its own secure servers. If a hacker can get your name and password, they can get access to your account.

Coffman also highlighted a PayPal strength: Its bug bounty program. If a hacker finds a weakness in the platform’s security, they’re compensated for alerting the company. It serves as a breach deterrent and doubles as security research.

Amid the credit card security debate, it’s understandable for a consumer to feel a little lost. Security will always be a concern, even as new technologies hit the market, so the best thing you can do is monitor your bank accounts and credit for misuse. It’s a good habit to check your bank activity daily, in addition to regularly reviewing your credit reports and checking your credit scores. A free tool like Credit.com’s Credit Report Card can help you monitor your credit scores for changes, which can be a cue to check your credit reports (which you can pull for free once a year) for errors or unauthorized accounts.