At present there are around 173 million active PayPal accounts, according to information clearinghouse Statista.

That is, collectively, a LOT of money sitting out there connected to the internet. Bad guys know that. They’ve always coveted your PayPal credentials, because it means access to a bank account full of real money, and probably at least one credit card. Access to your transaction history is a bonus, as that could be leveraged in a number of ways.

Two things you need to do pretty much right now if you have a PayPal account, particularly if you’ve had one for a really long time and haven’t thought about it.

Enable Two-Factor Authentication

If you don’t have this turned on by now, you’re insane.

Two-factor authentication (2FA) is a protective measure that ensures (in theory) your account cannot be used without entering a security code that is delivered to your mobile phone. The cornerstone principle of 2FA is “something you know” (username/password) and “something you have” (mobile phone), so both of those being met, you are proven the rightful owner of your account and life is worlds more secure than it was without it.

It’s not infallible but you may as well consider it so for now. Go here and get started.

Don’t connect PayPal to all of your money

Because PayPal demands that you link it to a bank account, this is a great time to consider some personal financial strategy.

As a matter of general good sense, you want the majority of your money in an account that is effectively shielded from the world. Savings accounts provide that function. Only you and your bank know that account exists; it has never been used at any employer for payroll deposit, or set up with a lender or creditor or a utility company for direct debit. No one has ever written a check against it and has given out the routing information. And it certainly has never been connected to a plastic card, swiped at anywhere USA.

An account containing most of your money is the last place you want PayPal connected to. You want PayPal drawing from an account with a very small amount of money; an amount that, if it were compromised, would be of little consequence while the details were being sorted and you were made whole again. Consider the following three-tiered account strategy:

  • Checking Account, containing just a little more than your total monthly bills
  • Savings Account, containing everything above and beyond what you’d normally just dump into checking
  • Savings Account 2, a minimally funded slush fund

You can see where PayPal fits in.

No matter what your financial means are, aspire to this level of separation, even if it means you only support having PayPal connected to a slush fund account, with “all of your money” in a separate place.