For digital goods, PayPal tends to give the benefit of every doubt to the payer; it's just a cost of doing business. If you have an out-of-pocket "wholesale cost" for any digital goods you are selling (e.g. phonecard PIN numbers you'd buy in bulk), there are a few things you can do to minimize your losses. For instance, you can disable the "Let buyer edit quantity" setting for each of your products, to allow purchase of only one unit at a time, which would inhibit a crook's ability to "clean you out" in one fraudulent purchase.
If you redirect buyers to a Common Thank-you Page URL (Seller Admin > Account Preferences) after checkout rather than using your standard E-junkie thank-you page, the buyer would be unable to claim their digital goods immediately following checkout; instead, in order to claim their product, they would need to wait to receive their thank-you email message, which we would send to the payer account's registered PayPal Email for PayPal checkouts. If the buyer is actually a crook using a stolen/hacked PayPal account, they would also need to have access to the actual inbox of the payer account's PayPal Email address -- e.g., if the buyer hacked into the PayPal account for email@example.com, they would also need to have hacked into that person's Gmail account as well, in order to receive the thank-you email with the code or download link they purchased. You would also want to set "PayPal Account Optional: Off" in your own PayPal account, so buyers could not just checkout with a (stolen) credit card and provide whatever email address they wish.