posted on September 18, 2000 10:40:30 PM
Noticed in buying something tonight that PayPal is pushing paying by checking account rather than credit card for "verified users." I predicted as much some weeks ago, since that payment method costs PayPal less to process.
Here's the $64 SECURITY question: If someone gets your PayPal password or otherwise hacks into your account and you're a verified user, they could pay for item(s) using your checking account. That option, and your credit card, are in a drop-down box, with the checking account as the FIRST (default) option. There's no second password or additional security level.
So what happens if someone hacks into your account and pays out of your bank account?!? I don't think in that situation you're covered either by credit or debit-card legal protections like the $50 liability cap. I seem to recall reading that under that scenario, your losses are potentially unlimited.
In other words, you could lose the greater of the amount in your checking account (+ overdraft protection) or your PayPal spending limit. $2,000 is a lot different than $50!
At that point, what's the recourse? Does PayPal have some insurance against that sort of thing that you would make a claim against (yeah, right 'bro, we'll cover you...)
I can hear many people thinking, "So don't compromise your password, you idiot." But the world's best hacking minds don't necessarily NEED passwords (Remember the big Hotmail security breach of a year or so ago?)
If that happened on PayPal I can see where dozens, maybe hundreds, of accounts could be emptied to the spending limits (or the limits of the checking accounts), transferred into a single account and then transferred out again (Caymans, here we come...) in a very short time. Law enforcement *might* nab the hackers, but I doubt the money would ever be recovered. And with a large-scale breach, all insurance-recovery bets are off.
More likely would be cases where an unscrupulous cybercafe operator would capture PayPal passwords entered on public computers and use or resell them. Again, it's not a great concern if you have a $50 liability cap, but becomes much greater if they can drain your checking account and you have NO effective recourse.
I'm skittish about using PayPal from public computers for that reason, but I'm surprised they don't display prominent warnings against this. People without PCs, people on the road who are laptop-less and others DO use cybercafes.
It would also seem that PayPal would be a VERY plum site for hackers to attack -- whether the hacker had criminal intent to try transferring money or just wanted to crack a supposedly secure site for bragging rights.
Sorry about the length of this post. The more I think about it the more concerns I have. (I don't know enough about hacking to be dangerous but do know enough to be concerned as a buyer).
So what's the deal? If PayPal can't answer these security concerns to my satisfaction then I'll unregister (one way or another). I take the security threat much more seriously now that they've unilaterally added this all-too-easy pathway to do checking-account debits. It would seem that by doing so, they may have exposed their users to much greater financial risks from security breaches.
Comments? Set me straight if I'm missing anything here.
posted on September 18, 2000 11:09:20 PM
Oh great! If I am understanding this correctly, FIRST Paypal breaks our arms to get us verified and when we do, they now turn the customers on to another form of Payment?? This whole PayPal thing just gets curiouser and curiouser.....
posted on September 18, 2000 11:22:20 PM
I agree. I read the terms of service again and found this:
"You acknowledge that (i) the Service is not a banking service (ii) Service accounts are not insured by any government agency, (iii) the Service is not subject to banking regulations and (iv) X.com will invest in liquid assets and that interest earned on those assets will be the property of X.com."
If's PayPal's not a banking service, and therefore is not governed by the rules and regulations that govern our banks, WHAT exactly IS PayPal, and what rules must they follow? Seems like none.
Oh Boy. 3 million users have entrusted their money to paypal. How is the money being invested? Who are the investors? Are they a bunch of men and women how now own a tropical island, and are sitting around laughing their #$#S off as we all turn over our money to them?
posted on September 18, 2000 11:33:20 PM
well, ironicly, I had a person email me tonight saying someone has hacked into her system, stole her paypal account info and password and is recieving goods to her business address that she did not bid for.
she too is a eBay user, as is the thief... as that is were the only corelation is.
Stupid thief didnt change the address on the paypal account info, so all the goods are going to her.
She is working on recourse, and has no idea what to expect thru paypal but intends on keeping me updated.. and plans on sending back the merchandise there after...
in tune, I'll let you guys know what happens to.
btw, of over 2000 transactions I have recieved with paypal in the past 7 months, this is my only strange occurance to date.
deja deja deja vu believe it and it will come true!
posted on September 18, 2000 11:41:28 PM
Blond - I hope this isn't a bidder who won Disney Pins. (OK, ebay has over 5,000 to 6,000 pins for sale, so this info shouldn't identify the bidder.)
I ran into an ebay bidder with the same type of story, and that's all it was, a story.
Kelly
[ edited by kellyb1 on Sep 18, 2000 11:42 PM ]
posted on September 19, 2000 02:47:46 AM"So what happens if someone hacks into your account and pays out of your bank account?!?"
You've got up to $100,000.00 insurance against unauthorized access to your bank acount. If you're uncomfortable with the risk of someone using your password I suggest you have a unique password that you guard. If you're still not comfortable I'd advise against any online financial dealings, PayPal, Online Banks, Online Brokerage firms, or Online Bill Payments, etc.
You might even check out if your bank can be accessed by computers (they probably do), if so you might want to switch to First Amish National.
posted on September 19, 2000 04:08:03 AM
FORGET THE MYSTERIOUS HACKER! SELDOM HAPPENS!
The GREATEST danger is that a user will leave the password where their kids/spouse/roomate/ex can find it and use it. I asked PayPal for a "no withdrawals" flag on accounts to prevent this.
The second easiest way to get passwords is "phishing" ... convincing someone to hand account info over by sending them an email to go to a page (which will be an EXACT copy of the service the phisher wants to use) and enter the information.
NO SERVICE WILL EVER HAVE TO ASK YOU FOR YOUR PASSWORD ... Sysops can get into those files if they need to.
posted on September 19, 2000 08:07:28 AM
Here come all the paranoids with their crazy stories. That story about the woman who claims someone hacked her PP account and ordered merchandise but forgot to change the address so it's going to her - what a crock! When you make a PP payment, YOU fill in the address. PP does not pass on the account address to the seller. This is one of the things sellers asked for but never got. So why would a thief deliberately send stuff to HER address? This is obviously another story the deadbeat has come up with to explain not completing the transaction.
Why would someone even bother to hack one single PP account?
The only way to get money out of PP is to send it to another PP account and then withdraw it to a bank account or ask for a check. Either of those methods takes a few days, during which payment can be stopped. Either method leaves a trail. PP would know which account it went to. It's just not that easy.
So stop coming up with these crazy stories and answer the same question I've asked a dozen times.
Has a single person had their account hacked, had a charge back that was not justified, had money taken out of their account by PP or anyone else? I want to hear from the person directly, not their cousin's friend's neighbor.
posted on September 19, 2000 08:25:27 AM
yisgood has a good point here. Look folks, if you have already made up your mind about Paypal & decided not to use it...good for you.
No need to make things up. Don't be a sour grape. Nobody likes a sour grape. Its enough that you don't use Paypal...no need to slander & dream up tales of horror. Let us be responsible for our money & yes we are all foolish but the way I see it, its my money & I never knew you were so concern about it.
This reminds me of all the postings about how eBay has forgotten about the little fishy. For pete's sake & Auntie Jemina underpants, you profited from eBay & eBay profited from you so don't tell me you did eBay a favor by listing. You listed to make money not for the benefit of eBay, its community & surely not for me.
In recent weeks this board has become flooded with sour grapes. How about starting that eBay sales are down threads or I don't sell to Canada threads?.
posted on September 19, 2000 08:57:50 AMWhen you make a PP payment, YOU fill in the address.
Just as an aside, the above only applies if you are paying for an auction. I bought a book from a used paperback company last week (direct purchase) and there was no check off box with my address. I had to type it in the message area.
posted on September 19, 2000 09:00:33 AM
Unauthorized electronic payments are handled the exact same way as a stolen check. If you're overly worried about this, it's wisest to check with your bank to see what their policies are on handling stolen checks. This type of situation is no different.
posted on September 19, 2000 09:16:56 AM
There have been cases of documented fraud related to x.com bank accounts ... so it does happen, though I don't believe often.
The following MSNBC article is titled: "Online Bank Allows Easy Scam." It was a number of months ago, so hopefully X.com has closed some of the loopholes by now.
posted on September 19, 2000 09:20:45 AM
[Well, Here come all the cheerleaders with
their blind, unfounded faith in PayPal.
I'm not running a popularity contest here so
you may call my remarks sour grapes if you
like. Wait until you are mistreated as I
have been by PayPal. I just wonder how high
you will jump over the fence then.
Let's get back on topic...PayPal in charge of
Security. Doesn't the thought just curl your
toes?
posted on September 19, 2000 09:34:06 AM
Well here come the prophets of doom with their blind rage.
I'm not running a popularity contest either. I've used my computer online more and more for finances, banks, brokerage firms, billpayments, paypal, etc. For me it's a great advantage. I feel a bit sorry for those that aren't able to take advantage of these conveniences because of unfounded fears.
I felt really sorry for some folk that stockpiled food, gas, and cash when the dreaded Y2K bug approached also.
posted on September 19, 2000 10:04:26 AM
ploughman
>>"Noticed in buying something tonight that PayPal is pushing paying by checking account rather than credit card for "verified users." I predicted as much some weeks ago, since that payment method costs PayPal less to process."<<
Let me see if I've got this strait. PayPal tells us they are just passing on Credit Card Fees... They charge us for all transactions... Then they attempt to get verified users to pay using their checking accounts to bypass credit card transaction fees.
Hmmmm... Does anyone else see a problem with this?
posted on September 19, 2000 10:16:11 AM
My how the tide has changed. Just a few weeks ago anyone who bashed Paypal was made to look like a fool, now those that should have been paying all along are jumping on the bandwagon. Some of you look like real fools with all the gloom and doom crap. There is less danger of your account being stolen in Paypal than there is in real life.
comic123: "No need to make things up. Don't be a sour grape. Nobody likes a sour grape. Its enough that you don't use Paypal...no need to slander & dream up tales of horror. Let us be responsible for our money & yes we are all foolish but the way I see it, its my money & I never knew you were so concern about it." How very right you are. Everyday there is a new thread proclaiming that Paypal is going down and what they have done to there poor users today. I am getting just as many Paypal payments now as I was before all this. If you don't like it, close your account, and quit dreaming up all these scenarios. It has never been more obvious to me that this country is made up of people who think they are entitled to something and that everyone owes them something. Heather(ducking because of the incoming)
posted on September 19, 2000 10:23:13 AM
Why is PayPal's giving us the ability to pay direct from our checking accounts so awful? You can still pay from your credit card if you like. I think the bank account thing is a great new feature.
Of course anyone who wants to empty mine out is going to not find anything there. PayPal will automatically sweep into my checking account, then my bank sweeps it into savings.
A point the doom and gloomers missed is you can't just withdraw $1,000,000 from my account through paypal and expect the bank to send what I've actually got. Banks don't work that way. You'll have to keep "bidding" down with returned transactions until you hit the amount in the account.
posted on September 19, 2000 10:28:41 AM
"...now those that should have been paying all along...."
And just who would this be? Those of us who were led to believe by PayPal's own wording that we didn't have to upgrade?
This was a package of features PayPal apparently thought enough people would buy into to sustain its faulty business model.
We repeatedly were told "no one will be forced to upgrade." We're STILL being told so. In addition, the PayPal site and AuctionWatch page on PayPal said/says "free" for sellers in numerous places.
I had/have no need for those services. PayPal led me to believe I did not have to upgrade unless I chose to do so.
Now PayPal is out spinning a different tale and some people are buying into it.
Please stop making those of us who did not upgrade months ago sound like cheaters. It just isn't so.
posted on September 19, 2000 10:49:31 AM
If you are a business you whould have upgraded, I do not know how hard that is to understand. I see people on here that brag about making thousands of dollars a month, but dammit they are not a business. I am not "buying in" to anything, anyone with a little sense should have know this was coming and been ready for it. No one is taking into account all the referral bonuses and the hundreds of free transaction they have received. Surely you did not think you would be getting a free ride forever? Paypal is/was a pioneer in the online industry, and should be commended for what they have done. It is coming up on a year since they really started to fly on ebay, a year of free was not good enough for you? As long as they were forking out the referral fees and paying for your transactions they were fine, right? I just don't get it......Heather
[ edited by hcross on Sep 19, 2000 10:50 AM ]
posted on September 19, 2000 11:01:47 AM
Gee, Heather, I don't know what's so hard to understand here. PayPal sold this batch of services as an upgrade for those who WANTED to upgrade. "No one will be forced to upgrade." Those were PayPal representative's words over and over. This question was asked of PayPal repeatedly.
PayPal's own site said "free for sellers."
Now the PayPal spin patrol is out with its revisionist history and some people are buying into it.
Even after PayPal changed its TOU to say businesses must upgrade, PayPal reps were on these boards saying "no one will be forced to upgrade." PayPal's own people made this sound OPTIONAL for those who did not need this package of business services.
I really don't appreciate being portrayed as one who does not play by the rules... when the rules haven't even been made yet.
Jeez, even PayPal can't define what it considers a business. I may not even fall into that category when it's all said and done.
posted on September 19, 2000 11:37:50 AM
You do not know if you are a business by Paypal rules? That is a cop out. You know perfectly well if you are a business or not. If you buy items specifcally for resale then you are a business. Heather
posted on September 19, 2000 11:41:07 AM"Am I a business if I use PayPal to buy goods on eBay that I resell? Then why am I not being charged business account fees?"
PayPal doesn't charge the buyer. So feel free to make all your business purchases with PayPal. Glad I could kill that concern for you.
posted on September 19, 2000 11:53:25 AM
[i]You do not know if you are a business by Paypal rules? That is a cop out. You know perfectly well if you are a business or not. If you buy items specifcally for resale then you are a business. Heather]/i]
Almost correct but not quite. The IRS has a few rules about this...
posted on September 19, 2000 11:58:02 AM
Rules? What rules?
It worries me to use a service such as PayPal that acts like a bank,
holds money like a bank but is not subject to federal banking regulations.
They make it very clear in the terms of
service that it is not a bank or escrow service and has no LEGAL obligation to help users who are cheated out of money.
