I'd just go to my bank and tell them to reverse the transfer. Thanks to SEPA for that one.

Or link a bank account in the middle, between your primary one and PayPal, that exists solely to receive and pass along your funds.

I do this, but not specifically for PayPal. I have a checking account solely for using with third parties, writing checks, debit card transactions, account linking, etc. It has overdraft protection disabled. All my bank funds are in a “private” accounts that aren’t linked anywhere, don’t have checks, etc.

Surely dropping PayPal would be way easier?

On the consumer side, I'd much rather use PayPal than put my card number into a potentially dodgy site. Protects me quite a bit, and with a easier UI.

If I can't PayPal or Apple Pay, I've at times gone elsewhere.

All banks I've using have strong 3D secure. One of the banks require biometrics approve with installed phone app. I have no issues directly use credit card on random merchant sites for years. Especially when most of them use one of the popular payment aggregators.

you have it backwards. 3d secure is not protection for you. it's for the merchant. it protects them against chargebacks. the merchants decides if it enables 3d secure or not, transaction by transaction. Most of them are using an external fraud risk assessment service. Accertify is such an example.

> All banks I've using have strong 3D secure.

I've yet to see any bank in the US implement such a thing.

Citi, Discover, American Express, Chase, and my local credit union all lack such a two-factor setup for charges.

Biometric approve sounds pretty cool, but I'm personally not going to install some untrusted proprietary app to find out.

My credit card provider allows me to create unlimited virtual card numbers with any expiration date I want, that way every transaction can be its own number and any fraud is extremely easy to detect and prevent.

Cool, but mine doesn't.

Check out https://privacy.com/. Pretty neat and gives similar/better features.

Tried it, but I'm giving up serious credit card points that way.

You could look at the Citi Double Cash card, it's 2% back on everything and they support "virtual account numbers" directly.

You have zero risk in this situation so I'm not sure why you feel protected.

It's not zero risk; changing my card numbers after a compromise is an annoying process given the number of places I have to do it. Not having to provide that number to the random e-commerce site I'm trying to buy something unusual from is helpful, and reduces the risk of me having to spend an afternoon making sure I switched cable, internet, Github, Patreon, Heroku, kids' school lunches, music lessons, and fifty other recurring payments over to a new card number.

(I also get to skip entering card and billing details every time. Given the number of sites that see fit to use a special non-standard widget for the state field, that saves me time and annoyance on every transaction of this nature, too.)

Wait so merchants can just pull funds out of accounts without user authentication? This seems tailor made to facilitate fraud.

Not universally but a lot of the ACH agreements you consent to have a clause allowing drafts to be initiated on-demand until you revoke that consent. This isn’t necessarily bad and can often be desirable, but then it’s often up to you and the withdrawing party to settle your disputes about what is authorized and what is not.

Paypal will issue physical checks if you want to withdraw funds. They charge $1.50 for this service, but I use it since I refuse to link any of my bank accounts directly. I have a credit card linked, but that's a safer (in my mind) way to deal with any PayPal shenanigans.

That is crazy to me. Could you at least link PayPal to an account which you do not leave funds in?

Yes, that seems like a good option, provided you can find a bank account that's free with no hoops to jump through. KeyBank offered one at some point, not sure if they still do.

Might need to use a credit union instead of a traditional bank.