<<By this do they mean the MAC address of anything that connects to the internet, or are they referring to the IMEI of when you use mobile devices?>>

NO.

Device ID has nothing to do with either of those, but is referred to as browser fingerprint by Amazon, and in PayPal's case, doesn't mean anything at all - just a general term referring to the sum of all information about your device, including a very partial browser fingerprint.

It's really nothing new or anything to think about. The whole story is outlined in the Short List.

''Information we collect automatically: When you use PayPal Services, we collect information sent to us by your computer, mobile phone or other access device. The information sent to us includes, but is not limited to, the following: data about the pages you access, computer IP address, device ID or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data and other information.''

device ID or unique identifier -
It sounds as though they are referring to something specific.

I had also heard from a reliable computer security expert that they can record your hard drive serial number, and it is possible to spoof this also to combat this. Have you heard anything like this?

It really doesn't work that way at all. In some instances, for example

Digital Commerce 360 | Retail Ecommerce News & Data | Internet Retailer

Zoot | Advanced Data Orchestration & Decisioning Solutions

iovation : Device-Based Authentication & Fraud Prevention - Insights Success

the merchant is able to look behind the proxy to your actual IP address, and to secure some "device identifying" data, but it's not as exact a science as you or your computer security expert imply. Nor does PayPal go as far as the techniques described by iovation - for them, device ID doesn't mean much of anything, at least not yet. Perhaps in the future PayPal will go further with device identification, but not today.

Wipe out your cookies and flash objects, login with the exact same IP address using a proxy two times in a row, and PayPal will fail to recognize anything similar about you and ask for account verification if you try to send money. That inductively means that there is no device ID being used.

And then Amazon goes on and on about "browser fingerprints" and yet routinely allows orders from fraudsters logging in with dual layers of proxies making themselves completely untraceable.

The basics: cookies, flash objects (LSOs) and IP address are the keys here. Try to login without cookies/flash objects and with a different IP address (especially with a proxy), and most every financial institution on the planet will ask for verification. Of course the Short List goes into much much detail but these are the basics and currently device ID as you use the term is not part of the equation.

However your research is useful and I encourage you to investigate further, including by analyzing what iovation does, and report back to us with more on this topic. Thanks!

That is very relevant point, Modee. If hardware ID number tracking was anywhere as prevalent as some suggest then fraud would not be at anywhere near the levels it's at.

Perhaps some of the confusion going around is taken from various different scenarios and applying them elsewhere they don't necessarily belong.

For example, XBox used to ban the MAC address of any user they found using counterfeit software, then when they discovered people could spoof MAC addresses they went onto banning the activation key. But that's the same kind of thing that Apple would be able to know more about your device if you use an iPhone - certainly far more than a site you visit using your iPhone.

Then there's when you install software. For example if you install the PayPal APP you allow them greater access to your system they can use to identify your device.

These are different circumstances to simply when you visit a website from a browser.

How much can be collected about you through that channel is still very much a live debate.

well i think this will effect us, because recently my few accounts has been blocked, it has never happened like this that they have stop me to send first money , but this time they did, after this policy, so i think a way to get rid of this is using a vps?