1) financial sites have more secure / higher-friction password recovery techniques than non-financial sites
2) more inside-baseball point that i didn't get into -- PayPal security questions weren't in the acct signup flow, they were in the after-txn flow of email confirmation. HOWEVER, since many people either
a) intentionally or accidentally didn't provide the right email, or
b) even if they entered the right email, they didn't go thru email confirm, then
result: MANY MANY people -- i estimated at least 10%, possibly up to 25-50% -- never entered their security reminder Q's. this subsequently resulted in limited ability to recover password info without having to FAX IN driver's license or other paper info, which most users screamed about.
in short: it's a long story, but password recovery for financial sites is much harder than non-financial sites, and for PayPal is even harder still than other normal financial sites due to the way we had implemented mandatory acct creation workflow and security reminder Q'n workflow.
needless to say, this was a fucked-up situation that resulted in a lot of customer service hassle... which i got to experience first-hand on many occasions.
(sorry for the long-winder explanation, but you asked, so... but it's not your fault. even many people who worked there didn't understand this very well. it used to frustrate the hell out of me)
1) financial sites have more secure / higher-friction password recovery techniques than non-financial sites
2) more inside-baseball point that i didn't get into -- PayPal security questions weren't in the acct signup flow, they were in the after-txn flow of email confirmation. HOWEVER, since many people either a) intentionally or accidentally didn't provide the right email, or b) even if they entered the right email, they didn't go thru email confirm, then
result: MANY MANY people -- i estimated at least 10%, possibly up to 25-50% -- never entered their security reminder Q's. this subsequently resulted in limited ability to recover password info without having to FAX IN driver's license or other paper info, which most users screamed about.
in short: it's a long story, but password recovery for financial sites is much harder than non-financial sites, and for PayPal is even harder still than other normal financial sites due to the way we had implemented mandatory acct creation workflow and security reminder Q'n workflow.
needless to say, this was a fucked-up situation that resulted in a lot of customer service hassle... which i got to experience first-hand on many occasions.
(sorry for the long-winder explanation, but you asked, so... but it's not your fault. even many people who worked there didn't understand this very well. it used to frustrate the hell out of me)