Is it safe to shop online? What you should know about common payment gateways.

Next story
Josh Sale

Whether it is scrolling through online stores while commuting or making a more substantial purchase from an overseas vendor, there is no denying online and mobile shopping have improved our access to just about anything we want. The key component that enables this is the evolution of online payment technology, and new players are regularly emerging.

If you have ever needed to transfer funds, make a purchase or accept money online, chances are you’ve heard of or encountered some of the most common online payment gateways, including PayPal and the New Payments Platform, which includes PayID and Osko.

As our love of online shopping seems unlikely to wane any time soon, it’s important to be aware of some potential security risks and to practice safe online habits, to help keep your financial data (and money) as secure as possible. Here we’ll explore a few of the key features and risks associated with these online payment options, and offer some tips on how to use them as safely as possible.



PayPal is currently one of the most popular online payment gateways, with around 286 million active user accounts around the world as of June 30, 2019. PayPal lets users pay for goods, send money and receive payments quickly and securely online. You’re most likely to encounter PayPal when shopping in an online store, such as eBay, for example.

Potential benefits

PayPal claims to use data encryption and anti-fraud technology to keep customers’ details safe. It also says it doesn’t share the financial information of its users with the merchants or recipients of payments.

Risks and potential security issues

Many of the most significant security issues that may arise when using PayPal are generally considered to be a result of hackers taking advantage of user behaviour. Here are three common risks that might expose a user to fraud:

  1. Linking your PayPal account to your bank account or debit card. If someone gains fraudulent access to your PayPal account, they could potentially also access your linked bank account or the account connected to your debit card. However, if you link your credit card to fund your PayPal purchases instead, you gain an extra layer of protection from your credit card provider and its fraud protection measures, plus hackers will generally only have access to your credit limit, not your entire life savings.
  2. Poor password hygiene. If you do not set a strong password or have used the same password for multiple accounts and sites, you may be an easier target for hackers. If they gain access to your PayPal password, then they could get into your account, which could give them access to your linked card or account.
  3. Not having a secure digital connection to PayPal. As with all online money transfers, you could be exposed to a higher level of risk if you shop online while using public Wi-Fi, with hackers potentially able to access your login details. Public Wi-Fi connections are typically easier for hackers to breach than a private connection within your home.


New Payments Platform (NPP) – PayID and Osko (by BPAY)

The NPP is a payment infrastructure enabling Australian consumers, businesses and government agencies to make real-time payments between accounts at participating financial institutions. Users of the platform can choose to create an easy-to-remember PayID, which could be their mobile number, Australian Business Number (ABN) or email address, that links to their bank account. Users can then provide their PayID to people or organisations they wish to receive money from.

One of the first services to use the NPP technology is Osko by BPAY. Osko offers customers the ability to transfer money from one participating bank to another almost instantly, either by using a BSB and account number or a PayID. Financial institutions offering Osko generally make it available to customers through mobile and online banking.

Potential benefits

PayID is a simplified payments process that can help eliminate the need for users to share their BSB and bank account details for a transaction, therefore reducing the risk of an error. According to BPAY, the main benefit of Osko is the speed at which the service can transfer money from one eligible account to the next. If you are a customer of a participating institution, you could potentially use Osko to send money to an eligible account in minutes at any time of the day or night, even on weekends and public holidays. BPAY says Osko is also looking at ways to improve its service offering, including hoping to link the platform to superannuation accounts in the future, which could mean simplified, instantaneous super contributions.

Risks and potential security issues

The NPP claims to use world-leading data security standards and to be monitored 24/7. Users’ security, however, relies on participating financial institutions having appropriate protective controls in place. For example, a security gap was highlighted recently when Westpac experienced a cyber-attack on its NPP service and some of its customers’ PayID details were exposed. As PayID operates like a phone book, it is possible for people to type in a mobile number or email address and see the name of the corresponding account holder. That being said, generally no bank account details would be compromised in that scenario.


7 quick tips to help you use online payment services safely

While these gateways can offer a high degree of convenience when making a purchase online or transferring money, they can also expose us to some possible threats. Here are a few simple methods you can adopt to help you use these payment gateways more effectively and safely:

  1. Make sure your device is always secure, with a strong password to log in, in case someone gains access to it.
  2. Ensure your computer’s operating software is up to date, to make sure you have the latest security updates.
  3. Consider installing reliable cybersecurity software on your mobile devices (namely any phones or tablets you may have) and your home computer or laptop, to better protect yourself against security threats.
  4. Create strong, unique passwords for your accounts (such as PayPal).
  5. Avoid making online payments when connected to public Wi-Fi.
  6. Consider linking your PayPal account to your credit card instead of a debit or savings account and incorporating two-factor verification.
  7. Only buy from verified merchants and look for the secure padlock in the left side of the address bar (this indicates your information is encrypted to prevent ‘eavesdropping’ from external sources).

Online payment technology is expected to continue evolving and improving. However, despite these advances in security and functionality, there’s always an element of risk when making payments or transferring money online. It’s therefore a good idea to review your online habits and consider whether your device and cybersecurity software is updated and adequate for your online spending habits.


About Josh Sale

Josh Sale is a Senior Research Analyst at Canstar, responsible for the continued methodology development and delivery of Canstar's flagship Star Ratings. Josh has tertiary qualifications in economics and finance, and transforms millions of rows of calculations into consumer-friendly Star Ratings.