- Douglas Gifford faced fraudulent charges after his PayPal was hacked.
- Booking.com blamed PayPal for failing to authenticate account access and payments.
SALT LAKE CITY — Diabetes makes it tough for Douglas Gifford to get around. Yet Booking.com and PayPal seem pretty insistent he bought a two-night stay in a trendy downtown Los Angeles hotel. Even though the stay was not booked under his name.
"It's under Paul Murphy, not Douglas Gifford," Gifford said.
He said he doesn't know a Paul Murphy, but he has a theory.
"Whoever hacked into my account probably," he said.
Whoever hacked into his PayPal, they wreaked havoc. Besides lodging in LA, they used it to buy a $3,000 trip from a travel agency. Gifford said he got that charge cleared up, but he's still on the hook for the fraudulent charges on Booking.com.
"It came back and say, 'Well, it was purchased by you. There's nothing we can do about it,'" he said he was told by PayPal.
Not wanting to pay for the fraudulent charges, Douglas decided to call someone who might be able to do something about it — the KSL Investigators.
"I'm just hoping to get my money back."
Investigating this one, we found that federal rules under the Electronic Fund Transfer Act say that mobile payment apps are required to have the same level of consumer protection as any financial institution does when doing business electronically. And generally speaking, consumers aren't on the hook for fraudulent charges.
So, we reached out to both Booking.com and PayPal to ask why Gifford was on the hook.
A Booking.com spokesperson pointed the finger at PayPal. In a statement, they wrote, "The transactions were processed via PayPal, which is responsible for authenticating account access and authorizing payments, and the bookings were confirmed based on that authorization."
PayPal wouldn't comment.
But, just like that, good news. Gifford says that shortly after we reached out to the companies, he heard back that the money spent on those fraudulent charges was being refunded by PayPal.
Though he wishes he had set up two-factor verification on his PayPal before he got hacked. He says that's the lesson for all of us.
"Safeguard your accounts by using as many different options as you can."
PayPal says if you suspect you've been targeted by a scam that you should contact their Customer Support directly.
Additional resources:
How to set up 2-step verification with PayPal: https://www.paypal.com/us/cshelp/article/what-is-2-step-verification-help167
To report fraud and unusual activity on your PayPal account, go to their Security Center: https://www.paypal.com/us/security
For more information on protecting your devices that you use PayPal on, go here: https://www.paypal.com/us/security/protect-your-devices
