Whilst PayPal is a secure method to pay on line, there is a loophole in the automatic payment system.
It appears that any merchant that has been paid thru PayPal can set themselves up as AutoPay recipient without any approval and subsequently deduct money from the account without any authorization. This happened to me recently with a dodgy web site that promised to answer technical queries by web chat for a payment of £1 refundable if solution could not be provided. Without my knowledge or approval, they were allowed to set themselves as AutoPay recipient. I received no notification from PayPal that they had done so. Whereas this is similar to when a DirectDebitGuaranttee authorized merchant sets up a direct debit mandate with a bank, what checks are in place at PayPal?
If PayPal are to be more secure payment medium than direct payment from a bank, PayPal need to include a check before any merchant can set themselves up on AutoPay. How about a check box when approving the initial payment allowing or disallowing the merchant from setting up AutoPay?
And my advice to all PayPal users: Log on to your account regularly, click on the Settings (Gear Shaped icon), click on Payments tab and check the list of merchants who have set themselves up for automatic payments without your approval or knowledge. You can't delete them but you can at least de-activate the suspect ones.
PS There is something wrong with the security settings at https://payments-reports-migration.payflow.edge.paypal.com/uk/cshelp/article/what-is-a-direct-debit-... that explains how merchants on AutoPay list can deduct money from PayPal accounts without logging into the account.
