In a perfect world, you just look at the certificate and make sure it's valid.
Try giving them a call:
1-888-221-1161
Certificate? Valid? You are talking about things I don't understand here.
I called the number, and a person representing himself as PayPal answered and assured me that it is legitimate. The reasoning is they want to make sure that the person making the payment really is the account holder, otherwise if I had your PayPal user ID and password I could make a fraudulent payment to myself and then skip the country. Hmmm... Mexico sounds nice.
I am still suspicious. The PayPal home page has a nice little donation window near the bottom to send relief money to the Phillipines. I don't recall that sort of humanitarian concern on PayPal's website in the past.
And now, as part of their Security Check, they want me to enter and confirm a new password and enter new authentication answers to some pretty non-useful questions.
I'm not happy about this.
tanstaafl.