It is normal for online services to send you an emailed notification when certain things happen on your account. For example, when you check-in to a flight with British Airways, they send you an email notification of this. When I last changed my password on PayPal, I got the email notification below:

paypal password

Included in this email notification is a request for the user (in this case, me) to notify PayPal if I did not authorise that change. A problem with this system is that sometimes, it can take time for the service provider to receive my request, and for them to then take action. In the meantime, hackers can steal a chunk of my money.

This problem is solvable: Online services should add a simple link in these email notifications that a user can tap on, and instantly freeze the account. This will save users from being defrauded in situations where transactions can take place very quickly.

Once the account is frozen, more time can then be taken to properly investigate and resolve the underlying issue. However, such an enhancement will reduce the harm caused when hackers gain unauthorised access to accounts, and will make our online accounts more resilient and anti-fragile.