I’m Michael Barrett, chief information security officer of PayPal. There has been a lot of recent news coverage about unauthorized payments to iTunes, and some of our customers are concerned about the safety of their PayPal accounts. We’ve looked into this extensively, and want to assure you that: 1) the PayPal system itself has not been compromised and continues to be secure; and 2) if you have been affected by this issue, the criminals behind it have not taken over or logged into your PayPal account.

Apple has also confirmed that iTunes’ servers have not been compromised. For those customers who have seen unauthorized iTunes charges to your PayPal or credit card account, Apple has recommended that you contact your financial institution about a chargeback and change your iTunes password right away. They have some useful tips on protecting your iTunes account security here.

Also, if you have had any fraudulent charges to your PayPal account, please call PayPal customer service – we’ll help you get the charges reimbursed.

We talk a lot on this blog about protecting yourself online (my colleague Mike Vergara just blogged about this a couple weeks ago). However, issues like this are a good reminder to be extra vigilant with any personal and financial information when you’re online. Here are a few simple things that go a long way toward protecting your accounts – whether they’re email accounts, accounts you use to shop online or online banking accounts.

• Use a safe password: use a strong password which includes a combination of upper and lowercase letters and numbers. But don’t use the same password for every online account you have. That’s basically like using the same key for your house, your car, your office and your safety deposit box. If you lose that key, you’re in trouble.
• Protect your computer: use a modern, supported operating system such as Windows 7 or Apple’s OS X Snow Leopard. You should also use an updated Internet browser that blocks fraudulent websites, like Internet Explorer 8, Safari 5, Firefox 3 or higher. As always, keep your antivirus software updated.
• Don’t click on links in email: never click on links in email and then enter your username, password or other sensitive information — even if the email looks like it’s from your bank, an e-commerce site, the IRS or popular sites like PayPal.
• Use common sense: if you wouldn’t do something in the offline world, don’t assume it’s safe online. If a stranger walked up to you at a gas station and said, “Please give me the key to your house; I need to make sure there are no burglars there,” you’d probably tell him to go take a hike. Likewise, if you get an email, phone call or some other unexpected message demanding that you turn over your username and password, don’t do it. Trust your instincts.

It’s also important to know that if a criminal gains unauthorized access to your PayPal account, PayPal will cover you for the full amount of unauthorized transactions. But I believe that an ounce of prevention is worth a pound of cure. These tips, if used consistently, will help ensure your continued safety online.

Read more: The PayPal Blog