PayPal Security Holes Expose Customer Card Data, Personal Details

mask.of.sanity writes "Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories. The holes still exist. One was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. PayPal is working to close the holes."

Re:PayPal is not a bank - it is in Europe!

[stiggle]

Paypal Europe is a Luxembourg based Bank and regulated in the EU as such.

PCI, anyone?

[dkleinsc]

If Visa, Mastercard, Amex etc are treating everyone fairly, it seems like PayPal would now be due for a major smackdown courtesy of the big-name credit card networks. I'm talking about a $10^9 order of magnitude smackdown. If I recall correctly, proper compliance means certifying a bunch of stuff under penalty of perjury, which means that PayPal is not only organizationally breaking the rules but may have individuals breaking the rules as well.

Of course, equally likely, these companies will be too worried about hurting their relationship with a big payment processor to actually do anything about it.