While PayPal holds a banking licence and is signed up to the Financial Ombudsman Service, users don’t have the same protections offered by other financial products.

PayPal offers its own Buyer Protection policy that promises to safeguard users against breaches of contract, including missing deliveries, or when items turn out to be fake, faulty or not what the customer was expecting.

However, it’s not part of the voluntary code for authorised push payments, which commits banks to reimbursing customers who have been tricked into parting with their money.

Some PayPal users told Which? how a lack of protection means they have struggled to get their money back when they have been conned into sending money to fraudsters or targeted by hackers who have taken control of their account.

Joe Howard had his PayPal account taken over by scammers who embarked on an eBay spending spree. They sent £1,619 of used smartphones to an address in Washington DC before Joe was able to get his bank to block his accounts. The hackers had changed the email address associated with Joe’s PayPal account.

This meant he was locked out and could not use the security measures designed to recover access. PayPal said at first that it couldn’t investigate because Joe’s email address did not match the email on his account – which was only true because it had been changed by the hackers.

Even after months of back and forth with customer services, PayPal agreed to refund just £800. It told Joe it didn’t believe the remaining payments were fraudulent, but didn’t explain why it reached this conclusion.

PayPal says it has now refunded Joe £1,574.50 and he has been able to access his account again.

Another PayPal customer told Which? he found it difficult to get reimbursed when making an authorised payment that turned out to be fraudulent.

Charlie Cross booked an Italian holiday home after spotting an advert online. He paid £800 through PayPal, trusting that he was protected if something went wrong. But after sending the money, the hosts disappeared and Charlie realised he had been scammed.

Charlie said: “PayPal told me that it only covers unauthorised transactions. I tried to make a claim with my bank, but they said that because I authorised the payment using PayPal, that they couldn’t help.”

A voluntary industry code to protect consumers from authorised push payment fraud came into effect on 28 May 2019. The code offers increased protection from scammers, including reimbursement to blameless victims.

Most high street banks have now signed up to the code which commits them to reimbursing customers who have been tricked into parting with their money in this way.

PayPal could also sign up for the scheme and protect people like Charlie, but it did not provide a comment to Which? when asked if it would consider joining.

PayPal claims to monitor every transaction for fraud, but its policy on how it handles reimbursement claims when someone has been tricked into authorising a transaction is unclear.

Which? believes that strong protections should be in place regardless of payment method and that consumer rights should not be dependent on whether you used a credit card, bank transfer or payment platform.

The consumer champion also believes the bank transfer scams code should be made mandatory for all banking institutions – including payment platforms such as PayPal – to ensure that they are fully committed to reimbursing innocent victims.

Harry Rose, editor of Which? Magazine, said: “Consumers should feel confident that their money is protected however they choose to make a payment, but our PayPal investigation shows there is currently an uneven playing field that leaves scam victims exposed to losing large sums of money.

“The government’s payments review must result in fairer treatment for consumers. This includes toughening up the scams code, where the rules should be changed so that all banking institutions are required to refund money lost by innocent victims of fraud.”