PayPal has found itself under public attack by Visa over the security of its new in-store transaction system.

PayPal began testing in-store transactions earlier this year at 5 (now expanded to 51) Home Depot stores. Next up was a test at a small number of Office Depots. PayPal says it hopes to roll out the service to as many as 20 major retailers by the end of 2012.

With in-store transactions, PayPal will directly compete with other payment processing services, such as Visa’s and Mastercard’s credit and debit cards. Only with PayPal, no actual card is needed. PayPal users will be able to key their mobile phone number and a passcode into the payment terminal. The option of using a PayPal card will be available as well. When a payment is made, the funds will be pulled out of the user’s PayPal account, bank account, or whichever credit card the user has indicated through their PayPal account.

But is it safe? Earlier this week, Jim McCarthy, global head of product at Visa, floated the idea that PayPal’s plan may be a bad one. “I think there’s real issues around security,” McCarthy said while at a Goldman Sachs conference. He went on to provide the example of someone watching a shopper enter their phone number and passcode into a terminal and stealing the information.

CP contacted PayPal to ask about this, and whether shoppers using PayPal would have the same protections that are offered with credit card transactions. For example, with credit cards, shoppers have a limited liability of $50 if there are unauthorized charges made.

PayPal declined, for now, to answer our specific questions. However, they did send a statement, in which their spokesman, Anuj Nayar, said:

“In 2011, we processed more than 5 million transactions a day and almost $120 billion in global online payments volume, with the lowest loss rate in the online payment industry. We are confident that we can scale PayPal innovation to meet the potentially exponential growth in transactions that we may see from offline retail.”

Indeed, Nayar may have a point. Those 5 million transactions a day during 2011 were all online, a place where security and fraud protection are critical.

Nayar went on to say:

“With PayPal, your financial information can’t be lost or stolen from your wallet, your card or on your phone – it’s safer in the PayPal digital cloud than in your pocket.”

Home Depot seems to agree. A spokesman for the company was quoted in the Wall Street Journal today saying that Home Depot would “never venture into something we didn’t believe is secure for our customers.”

Referring to the electronic receipt that is sent to a user’s phone after a PayPal in-store transaction, he continued, “If a fraudulent purchase were made, the customer would know almost immediately.”

We’ll keep you updated here at CP as more details concerning the security of PayPal in-store transactions, and any limits on liability, come in.