Slashdot Mirror

← Back to Stories (view on slashdot.org)

PayPal Security Holes Expose Customer Card Data, Personal Details

Posted by Soulskill on from the time-to-do-a-chargeback-on-their-security-contractors dept.

mask.of.sanity writes "Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories. The holes still exist. One was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. PayPal is working to close the holes."

4 of 87 comments (clear)

  1. PayPal is not a bank by DaTrueDave · · Score: 5, Insightful

    And it's unfortunate that people sometimes consider it as safe as one. It's more like giving money to a trusted acquaintance to pay somebody for you. And about as reliable.

    1. Re:PayPal is not a bank by HerculesMO · · Score: 5, Insightful

      But the problem is that they operate like one. And as such, should be regulated as one.

      Right now there is no recourse if people want to get their money out/back/etc, and if they were a normal bank they'd have to provide a method to extract money and some regulations around their "review" process.

      --
      The price is always right if someone else is paying.
    2. Re:PayPal is not a bank by Kenja · · Score: 5, Funny

      Yep, they want all the functionality of a bank, but none of the regulation.

      So they want to be a bank! <zing!>

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    3. Re:PayPal is not a bank by tibit · · Score: 5, Insightful

      Are you a shill or are you serious?! The transaction cost on PayPal is ridiculously high as it is. I'm sure it can cover compliance with banking rules, with plenty left to spare. Go read ebay's financial reports, they own PayPal. PayPal's profit margins make regular banks look silly, and it's not due to lack of regulation. Nobody would bank in a bank that has fee structure of PayPal. But then there are no alternatives to PayPal, so if they were regulated like a bank it wouldn't change a thing for the worse for anyone, except that people's lives wouldn't be ruined if some outsourced guy in their "customer support", who has no clue about U.S. culture and customs, gets suspicious about a transaction that got flagged.

      The whole "don't keep money in PayPal" spiel is stupid, you obviously don't have a fucking clue what you talk about. If PayPal decides you owe them, or they want to hold on to some of your money, they'll do it no matter what your account balance is. You just end up with negative balance that's due and payable now, and if you happen to have a linked checking account (like you need to not to face silly transaction limits), they'll gladly take the money out from there whether you like it or not. If your checking happens to be dry (anyone sane has a separate account for use with paypal), you'll be slammed with NSF fees from both ends, and you'll still owe PayPal, and it will show up on your credit report very quickly. Basically PayPal can screw you, and unless you have plenty of money for lawyers, there is absolutely no recourse. Even if you have money for lawyers, you'll only recover your costs if you manage to extract punitive damages. Otherwise you'll pay $50k for lawyers to recover what, 10% or less of it? Banking on being awarded attorney costs just because you were the one who was wronged is naive as well.

      --
      A successful API design takes a mixture of software design and pedagogy.