posted on August 9, 2000 06:34:56 PM new
My question is this: If I authorize PayPal to debit my account at my request, what is stopping someone from illegally accessing (hacking) my PayPal account and draining my bank account by claiming to be me.
How do you go about verifying that it is actually me that is authorizing the debit transaction?
This is the main reason I have not verified my account. SECURITY CONCERNS. If this is addressed with say a second password that is needed to start a transaction, I would think about it.
NOTE: I don't want to hear about what you would do after the fact is something like this were to happen. I want to know what steps you are taking to prevent it from happening in the first place.
I am very unhappy about PayPal's strong arm tacktics (Your unverified user warnings). This has caused concerns from several of our first time customers.
PayPal either needs to address these and other concerns or come up with a different means of verification. Right now you are just thumbing your noses at your sellers.
posted on August 10, 2000 12:18:37 PM new
HI feistyone,
Thanks for the feedback. I have addressed the verified/unverified message and I am gathering information to see how it can seem less deadly than it sounds.
As it relates to security, the verification process is actually more secure. In addition, your accounts are insured against unauthorized access.
Why is verification secure?
Two-way process between PayPal and Account holder to identify that this is the end user.
A one-way process, such as you telling us where to send it only, does not allow us to make sure it is you. In theory, I could add your bank account, be it by mistake or other, and initiate deposits/withdrawals. The verification process reduces this potential for error and reduces any probability for fraud.
posted on August 10, 2000 01:47:42 PM new
Damon - you use the phrases "reduces this potential" and "reduces any probability". I think what we are looking for here are phrases like "eliminates any potential" and "eliminates any probability". The operative word, of course, is "eliminates". Hackers who can break into the Pentagon, into NASA, into giant blue-chip companies, etc. will just snicker at the word "reduces" as they proceed to pillage and plunder. I share feistyone's concern - it is a real one.
posted on August 10, 2000 01:53:46 PM new
Hi Bigbux,
I understand the wording may not be as clean as you would like it, but I am being honest. Crooks can find ways around systems and we develop ways to prevent it. The bank account verification is the best one out there from an identification standpoint without requiring social security numbers to do so, an item that many users are reluctant to give out. The more people verified, the safer the network is against fraud.
posted on August 12, 2000 11:24:18 AM new
I was so tired of my buyers concerns about that "(This recipient is an Unverified Personal Account Member)", that I gave PayPal my checking account number a couple of days ago. It hasn't had time to be posted yet. Now, I am really haveing second thoughts about it. If I go to the bank and tell them, that not under any circumstances not to let PayPal or X.com withdraw monies from my account, will that work? I feel like such an idiot now! I waited awhile to use PayPal, just to see if they were legit. I have really been happy with them so far, (until this).
posted on August 12, 2000 12:03:44 PM new
I think when PayPal started, they were unaware of all the problems with credit card processing. There is no legal way PayPal can prevent a charge back from an unhappy credit card payer! Everyone who uses a credit card has the right to contest any transaction charged to their card. PayPal is caught in the middle. They are not selling a product. They have absolutely no way of knowing what kind of business person a seller is or what quality the merchandise being purchased is. If a buyer does not like the product and ask to return it and they are told no, they can still contest the charge with their credit card company. PayPal cannot stop that. It is the law! Since PayPal technically is the receiver of the funds from credit card charges, they are the ones who have to give the money back if contested. They in turn have to have a way of getting their money back (willing or unwillingly). How could you expect them to do otherwise?? Look at it from their position. A buyer pays through PP for a purchase. The seller gets the money in their account, they send the item. It gets lost in the mail. Buyer want's a refund. Seller says not my fault it's lost in the mail. Buyer contacts CC company and contests the charge. CC contacts PP. PP has to send money back. PP notifies seller to return the money to PP. Seller says NO. PP will get their money one way or the other. Count on it, and you can't blame them. I think maybe we should just go back to the old fashioned "send me a MO or Cashier Check". If you want to be able to state in your ads "we now accept credit cards", you have to play by the credit card rules. You cannot have your cake and eat it too! This really isn't a PayPal thing at all. Merchant's who process credit cards already know the headachs that come from that convienience and now so do the rest of us!
posted on August 13, 2000 08:00:24 AM new
PP has said repeatedly that they will NOT withdraw from your bank account, even in the event of a charge back. I checked with my bank and I can stop such a withdrawal just like I can stop a check I write. I can also revoke PP's right to access my account at any time. I can also use my empty x.com account to verify myself. So all this fear about PP helping themselves to people's bank accounts are unjustified.
As for hackers using your account, the same hackers could hack into your bank, into any department store or web site you ever made a purchase from, they can steal the record from any restaraunt you ever paid by CC. Why should you be more concerned about PP? If they did hack into your PP account and sent out a payment, it would have to be to another PP account and then PP would have to track it down themselves. PP accounts are insured against fraud and your CC should only allow a max of $50 liability anyway.
posted on August 13, 2000 10:02:04 AM new
Yisgood,
I believe that fear in this case is justified
but wheather justified or not, fear is abounding!
Even you were concerned enough to check with your bank.
PayPal says "we will not withdraw money from your account" but the fact remains that they
CAN withdraw money from your account. And at the rate that they are rewriting the rules,
who knows what they "will do" later on.
posted on August 13, 2000 10:48:08 AM new
>>PayPal says "we will not withdraw money from your account" but the fact remains that they CAN withdraw money from your account. <<
They can withdraw the money and you can get it back and you can block them from access to your account and you can give them your x.com account for verification and leave no money in it, so I dont see the reason for all this fear.
>>And at the rate that they are rewriting the rules, who knows what they "will do" later on.<<
They can rewrite Paypal rules but they can not rewrite banking rules and it's those rules that will prevent Paypal from ever doing anything with my bank account that I dont permit, even if they did decide to try. Right now they have made it very clear that they won't.
posted on August 13, 2000 01:57:29 PM newAs for hackers using your account, the same hackers could hack into your bank,
Maybe so, but somehow I trust my bank's security more than PP at this point. PP does not appear to be very organized.
into any department store or web site you ever made a purchase from, they can steal the record from any restaraunt you ever paid by CC. Why should you be more concerned about PP?
Because all they will get from above mentioned locations is the cc info. If they get into pp they will also get my bank account info.
posted on August 14, 2000 07:48:44 AM new
>>If they get into pp they will also get my bank account info. <<
What info does PP ask? The account number of your bank? That is hardly top secret. It is printed on every check your write. But I guess you're concerned that armed with this top secret info, a hacker could kill you and take your place and even your family won't know. I heard that if you put silver foil in your underwear it prevents this.
Just because you're paranoid, doesnt mean they arent out to get you.
posted on August 14, 2000 08:06:08 AM newThey can rewrite Paypal rules but they can not rewrite banking rules and it's those rules that will prevent Paypal from ever doing anything with my bank account that I dont permit, even if they did decide to try. Right now they have made it very clear that they won't.
First statement I've agreed with you on, yisgood.
However, that's precisely WHY, despite being "verified", I no longer use Paypal.
Paypal clearly did not write out, let alone THINK out, these new policy changes; otherwise damon wouldn't have spent the past 2 weeks scrambling for the most basic of information.
This experience, and Paypal's subsequent modifications in its TOU in an effort to play catch-up, do not bode well for how Paypal will handle policy changes in the future. Now one might HOPE Paypal has learned its lesson and won't pull this sort of stunt again (an unannounced, retroactive policy change, with virtually no documentation, that has a significant impact on its users' businesses), but I don't run my business on "hope".
I base my business decisions on WRITTEN terms I know I can expect not to change in the night without notice. I actualy READ contracts before I sign them, and don't just "hope" that the other party won't decide to exercise some of those rights I've granted him. Call me cynical, but that's what I learned from years working for some of the most respected corporate/contract attorneys in the country.
You are absolutely right. Banks can't just - well, for lack of a better term, vhange their minds overnight. Nothing prevents Paypal from doing so, because as far as we can tell it's NOT regulated by ANYbody. And although Paypal MAY (not "will" not be able to get its hands on my bank account, I don't feel like setting myself up for any of Paypal's other games, like freezing my Paypal account while it investigates the legitimacy of a chargeback - which punishes me BEFORE I'm found guilty.
posted on August 14, 2000 10:15:42 AM new
Hi Bopkh,
You can find this statement under item#7 in the terms of use.
X.com will never make electronic transfers from your bank account without your explicit permission. Furthermore, X.com provides you unlimited protection against unauthorized withdrawals from your bank account.
You said in your last post that X.com will never access your bank account without your explicit permission. But if I understand this correctly, part of the verification process is giving explicit permission for PayPal to withdraw funds from the user's account. Is this correct or incorrect? I seem to recall HCQ asking (basically) this same question in another thread, and unless I missed it I don't think there has been an answer. HCQ, if I'm incorrect about that I sincerely apologize.
posted on August 18, 2000 05:13:36 AM newdamon, it seems you just don't get it. The concern is that the authorization as written gives a BLANKET authorization to Paypal to make withdrawals, and that we indeed ARE making a "request" for withdrawals to be made.
Jeez, get some LEGAL WRITERS over there!!! Who's writing this stuff, some wet-behind-the-ears MBAs? It is not rocket science to realize that if, more than TWO WEEKS after the changes were announced, some go-between is still having to explain the TOU, then the TOU are unclear and confusing, and therefore open to interpretation. As has been pointed out in other threads, damon, I know you're doing your best, but YOUR assurances as to the meaning of the TOU aren't worth a bucket of warm spit. The only thing that matters is what's actually WRITTEN, not your interpretation of it.
abingdoncomputers, take a gander at this thread for more on this subject:
posted on August 18, 2000 10:05:50 AM new
Hi HartCottageQuilts,
I have said the wording is not clear, but you really need to read terms of use, item#7. I have posted this numerous times and it is not giving blanket access to your accounts. KEY WORDS: "At your request". No transaction would ever take place without customer consent.
Electronic Transfers. Upon your request, X.com will make electronic transfers via the Automated Clearing House (ACH) system to and from your bank account. You agree that such requests constitute authorization for such transfers.(you are authorizing us to verify your bank account by doing the deposits) If you request an electronic transfer from your bank account, you grant X.com the right to validate the authenticity of your bank account by making two small deposits to your bank account at X.com's own expense. (your request. You are initiating it and we are asking to verify it. Permission is granted on a per transaction basis, also done at customer request)
Your bank account and your PayPal account will be considered verified once you correctly enter the deposit amounts on the X.com website.
X.com will never make electronic transfers from your bank account without your explicit permission. Furthermore, X.com provides you unlimited protection against unauthorized withdrawals from your bank account.
posted on August 18, 2000 05:39:41 PM new
Damon, I HAVE read it. And it reads like gobbledygook. And you've agreed yourself that it's unclear. So REreading it yet again only REinforces the confusion.
Here's the text I see as unclear:
Upon your request, X.com will make electronic transfers via the Automated Clearing House (ACH) system to and from your bank account. You agree that such requests constitute authorization for such transfers.
X.com will never make electronic transfers from your bank account without your explicit permission.
Together, these CAN be read as a BLANKET authorization for transfers to AND FROM a bank account, which you reinforce with your explanatory phrase you are authorizing us to verify your bank account by doing the deposits - which LINKS the verification with the blanket transfer authorization.
It SHOULD read - as I've said before -
At your request, X.com will make AN electronic transfer via the Automated Clearing House (ACH) system to OR from your bank account. You agree that such A request constitutes authorization for THAT PARTICULAR transfer.
BTW...if the TOU are so explicit, howcome you have to add these parentheticals, which include Permission is granted on a per transaction basis, also done at customer request - and which I can find NO basis for in the actual TOU?
Again, damon, you can 'splain and interpret all you want, but if it's not EXPLICITLY stated in the TOU, it's open to interpretation by Paypal on a case-by-case basis.
But I give up. We have been over and over this and you clearly do NOT get that what the TOU state and what you interpret them to mean are NOT one and the same, and never will be.
Papal needs a competent corporate attorney to go over this stuff! Has Paypal even got anybody with a real JD looking at the TOU?
posted on August 18, 2000 05:49:32 PM new
Hi HartCottageQuilts,
There is a differing opinion of comprehension here. I am explaining the terminology on company stance and intent, whereas you are looking for a statement to indicate that we will withdraw funds at our leisure, something that is not stated or inferred at all.
The parenthetical expressions were added to explain and reduce the concerns. I would not be in a public forum, for all to see, advising what the statement means if there was a sinister intent behind it, of which there is none.
I have stated that the wording can be confusing and that I am working on getting it changed to explain it easier, but I have stated the same thing numerous times on the matter and what I have said is true.
posted on August 18, 2000 09:06:29 PM new. I would not be in a public forum, for all to see, advising what the statement means if there was a sinister intent behind it, of which there is none.
paypaldamon there's a disturbing precedent. A while back paypaljennifer was on this forum promising that paypal would never punish sellers for chargebacks. A very short time later, PayPal started doing exactly what paypaljennifer promised that PayPal would not do. paypaljennifer faded away, and her false promises were somehow explained as "paypaljennifer was in business development".
Some of us didn't understand that, and we presume that you might also disappear overnight while PayPal starts doing exactly what you promised they would not do.
posted on August 20, 2000 12:58:29 AM new
HI Sg52,
PayPaljennifer was a FT employee of Business Development and we needed FT coverage on the boards, an item that we did not have in place.
As business and consumer needs change, so will policy. However, there is no sinister plot behind verification other than identity. The TOU clearly state that at no time will your bank account be accessed without your permission.
posted on August 20, 2000 04:48:58 PM new. However, there is no sinister plot behind verification other than identity.
As observed on the other thread, then there is no reason that PayPal should object if the bank account is closed or otherwise withdrawn from PayPal's control.
--
The deeper issue here paypaldamon is what it means when a spokesperson for PayPal comes on here and says things which are contradicted by the formal terms of use.
If you make claims about PayPal policies and point to the terms, we all do well.
But, as illustrated by the paypaljenniferaffair, it is offensive to ask us to believe you when what you say is contradicted by the formal terms of use.
posted on August 21, 2000 10:11:43 AM new
HI SG52,
I can only say the same thing so many times. And the terms of use do not contradict what I say, but the problem is comprehension about what it states. I am trying to get this changed, but I would recommend that all users note that it states:
posted on August 21, 2000 11:25:14 AM new
PaypalDamon,
What if one of the recent "password harvesters" -- the folks with the phony PayPal e-mails with links to web sites designed to steal our login information -- gets into a "verified" PayPal account?
What safeguards will be in place to keep them from "authorizing" deposits from our checking accounts into our PayPal accounts, then moving the money to their own PayPal account(s) and withdrawing it immediately?
posted on August 21, 2000 11:42:05 AM new
HI vargas,
Accounts are encrypted. If you look at your information on screen, you will notice that you can't see the information. Accounts are also insured against unauthorized access.
To make it simple and to avoid issues, when logging in please go to www.x.com. No typographical erros and no redirect. If you type in paypal.com, it will direct to x.com.
posted on August 21, 2000 03:29:07 PM newI can only say the same thing so many times. And the terms of use do not contradict what I say, but the problem is comprehension about what it states
paypaldamon you have stated that if seller and buyer are verified, and buyer initiates a chargeback based on non-receipt, seller will be protected.
When asked for a reference from the terms, you demurred. I might be missing something, and something might have changed, but when I last read the PayPal terms, I read a flat contradiction to your claim.
posted on August 21, 2000 03:54:46 PM new
Hi SG52 and all,
The seller is protected as long as they are verified, even if the buyer IS NOT. Just be sure that you meet the conditions and that you are able to produce a method of delivery.