If I'm buying something from an unfamiliar website, which has a PayPal option, I often use it in preference to entering my credit card details directly.
As part of the transaction, I am usually redirected to Paypal to enter my login details, then diverted back to the original website for the "thankyou for your purchase" message.
So far, so good. But what I've found is that if I then independently navigate to the Paypal website, I'm still logged in, with my transaction history and account details on screen. I have no idea how long this log-in takes to time out, or whether there's a setting somewhere to prevent it happening.
AIBU to suggest that is a very basic security flaw and Paypal should know better? Surely Paypal should log you out when it returns you to the vendor's website?
Secondly, Paypal has no optional setting for whether you want your card details saved or not. Every time I buy something I have to go and manually remove the card details for the site, because I don't want to leave them vulnerable to a security breach. (The same is true for Amazon, and Marks and Spencer). This is a big disincentive for me to use Paypal. Once again they should know better, and give people the option to disable this feature. After all one person's 'convenience' is another person's security headache.
There's a box to tick or untick if you want to stay logged in. I always log out of paypal as I use my personal account and my business account on the same computer. I have never found myself still logged in without intending to. Next time make sure you don't tick the 'this is a private computer' box as that's their misleading way of saying 'keep me logged in'.