Mike Vergara, VP Global Consumer Risk, PayPal
Please see this post on our new PayPal Stories site.
Last year, according to Symantec, 
So, we thought it might be helpful to define the terms and their differences, so that you are able to identify if you have been a victim of any of these behaviors -- and hopefully gain peace of mind if you haven’t.
Breach – When a breach occurs, protected data has been viewed or stolen by an unauthorized person or entity. For example, in May this year, the Internal Revenue Service (IRS) recently suffered a data breach in which 104,000 tax records were confiscated by cybercriminals. Often when a data breach occurs, sensitive financial or personal data is disclosed, which may result in identity theft or other types of fraud. Hack – When a company or individual gets hacked, it means that someone has gained unauthorized access to another person’s network, computer or personal accounts. A common example is when an email account is hacked. We’ve talked a lot at PayPal about how to avoid phishing scams and account hacks. In general, you can protect yourself from account hacks by using secure passwords, never clicking on links in emails and never providing personal, financial or password information in response to an email. Fraud – When fraud occurs, it’s because criminals have used stolen information to misrepresent themselves as another person, typically for personal or financial gain. Many people have experienced fraud in the form of illegitimate charges to their credit cards or bank accounts. Fraud is often the result of a hack or a breach. In 2014, several companies experienced significant data breaches, which resulted in millions of email addresses and credit card numbers being stolen. Soon after, many people began seeing charges to their credit cards that they had not authorized; the term fraud applies to the act of these charges being made without the authorization of the card older.
At PayPal, we are committed to protecting your financial information from breaches or hacks and to prevent fraud before it ever affects your account. Our proprietary security and fraud prevention systems are among the most advanced in the industry, and because PayPal doesn’t share our customers’ financial information with merchants, an extra layer of privacy is built into our service.
We know it’s impossible to eliminate the bad guys completely, so we work to be very good at detecting and blocking the bad guys, so they move onto easier targets. Our system gets smarter with every transaction we process (we’ve processed billions to date), allowing us to accurately establish patterns to trust the good people and to spot the bad ones. Because of these systems, PayPal has one of the lowest fraud loss rates in the industry, at 0.32%, or less than one third of one percent.
PayPal is also helping to lead industry-changing initiatives to make authentication easier and more secure without sacrificing privacy, such as the FIDO (Fast Identity Online) Alliance. We pushed forward the initiative in 2013 and now have over 150 members including Google, Samsung and Microsoft. This collaboration is helping to move the industry beyond passwords and allow for technologies such as One Touch™ with PayPal payments.
Whether it’s fraud, a breach or a hack, PayPal protects you, and we are committed to making sure your financial information stays where it belongs – with you. And, in the rare instances where fraud does occur, we help you get your money back on unauthorized transactions.
For more information and tips on how to protect yourself, visit the PayPal Security Center.