• The Forums are now open to new registrations, adverts are also being de-tuned.

PayPal Prob ??

bassist

bassist

Active Member
Joined
Sep 15, 2009
Messages
112
Location
Cambridge
Car
R230 SL500 /GLA 250
It's happened again !! :mad::mad:
Card cloned and it seems the only transaction that could have been compromised is one to Paypal.:devil:

Bought a set of wheels about 3 weeks ago from fleebay, payment via Paypal. No problems, wheels arrived on time and seller appeared to be OK, 100% feedback.

Today at 11.30am my bank emailed me to confirm my change of security password for debit card, which I had not done. I contacted them immediately and in the 10 yes !! 10 minutes from contact, the thieving b***tards had made three transactions, £1 then £5 then £936. Fortunately the operator was able to stop the big one instantly. More by luck than judgement that I checked my emails at that moment otherwise who knows how much they would have stuck me for.

The underlying tone from the Fraud section of my bank suggested that they have a very high level of problems with PayPal fraud.

All other transactions in the recent 3 - 4 weeks had been in my local garage whom I have known personally for many years.

Last time I use PayPal methinks.
 
I thought to change a security password takes more info than that found on a card?

Mine certainly does!

Also 3 weeks seems a long time to wait before using it? Garages have been prime culprits in the past. Did the person you know personally deal with all the transactions? Or was there a "Saturday" helper in the kiosk?
 
If I read that right, the card's not been compromised, your online banking has. If you've only ever (EVER) used this from your home PC then your home PC is compromised and requires rebuilding.

If you've used an internet cafe or friend's PC or whatever, then you've been stung.
 
The security password is the additional security that some retailers ask for to authenticate the card. I don't know how they do it but they did and then purchased from Dixons Direct.

Fraud guys say that there is no average time for transactions some can take weeks or be almost instant.

Yes I know the person in the garage and they are very trustworthy.

I asked the question "are you saying that PayPal is not secure?" and the guarded reply was Yes !!

No Bank names naturally.
 
No, only that card, my online banking is secure and spookily I have just started using a brand new debit card which was another reason for contacting the bank so quickly. Fortunately that has not been compromised as it is a new provider.
 
Well I have used paypal for years and have multiple cards linked to my account and no fraudlent transactions. Anyone you pay via paypal does not get any of your bank account info or card info.

More likely your pc has been compromised. Have you not got verified by visa / mastercard setup for your cards? How did they get the passwords for this? They would have needed them for an online purchase from Dixons. Paypal dont have your verified by visa / mastercard password.

If the security password they changed is the verified by visa / mastercard they certainly have all your info as IIRC you need to verify your d.o.b, address, email etc to change it.
 
Last edited:
Hi Npuk,

The "verified by" password is exactly what was changed !! that's what the bank emailed me about.

I'm no computer wiz but I've got so many security protection gizmos on this machine, including the bank's own. I only use it once in a blue moon for online purchasing that's why I believe I can narrow it down to a single transaction.

Fraud guys are on the case, and they have promised to come back to me. If I get any sensible answers I'll post later.

I am also not wireless connected.
 
Last edited:
I thought verified by visa was mega secure and password resets needed a lot of detail, not only that but they would be sent to the registered e mail address as well, this one is weird but I bet it is not down to PayPal as I like npuk have never had a problem and do a lot of transactions through them
 
Touchwood I have never had any grief with PayPal, could you have opened a fake PayPal email - a Phishing Scam asking you to log in etc?
 
This email you received asking you to call the bank...

Are you sure it was the bank that you called and not the number of a scammer?
 
Sp!ke said:
This email you received asking you to call the bank...

Are you sure it was the bank that you called and not the number of a scammer?
Click to expand...
:eek::eek: That`s a very good point
 
Somewhere, you used your card and somebody copied your name, card number, expiry date and the 3 digits off the back.

Unless you changed it, your "verified by"/"secured by" website logon user name will be your first and last name followed by a number. If your name is (even relatively) unusual, the number will not be very big and so "brute force" to get the right combo of ID and the card number will not take long.

If they guess this user name, they can follow the "forgotten password" link using your full card number - try it yourself now, checking what (pathetically easy to get) other info is asked for, and then give some thought to who (and how) might have access to that info.

Having changed the password, they have until you receive AND act on the changed password mail to screw you online (where the pin is not needed, just the card number, the 3 digits off the back and 3 characters from your newly changed password)! The small transaction is a "feeler" to see if the change worked and didn't trigger the card to be stopped then they "go for it".

Been there myself....on the receiving end.

Logon to your secure profile (all of them!) and CHANGE the userid to something that is NOT your name!
 
flanaia1 said:
I thought verified by visa was mega secure and password resets needed a lot of detail, not only that but they would be sent to the registered e mail address as well, this one is weird but I bet it is not down to PayPal as I like npuk have never had a problem and do a lot of transactions through them
Click to expand...

I had to change my v-b-v password this weekend (don't use it very often and had forgotten it) - only asked for my DoB and 3-digit security code. No emails sent, etc, and I was able to use the new password straight away.
 
w124coupe said:
Somewhere, you used your card and somebody copied your name, card number, expiry date and the 3 digits off the back.

Unless you changed it, your "verified by"/"secured by" website logon user name will be your first and last name followed by a number. If your name is (even relatively) unusual, the number will not be very big and so "brute force" to get the right combo of ID and the card number will not take long.

If they guess this user name, they can follow the "forgotten password" link using your full card number - try it yourself now, checking what (pathetically easy to get) other info is asked for, and then give some thought to who (and how) might have access to that info.

Having changed the password, they have until you receive AND act on the changed password mail to screw you online (where the pin is not needed, just the card number, the 3 digits off the back and 3 characters from your newly changed password)! The small transaction is a "feeler" to see if the change worked and didn't trigger the card to be stopped then they "go for it".

Been there myself....on the receiving end.

Logon to your secure profile (all of them!) and CHANGE the userid to something that is NOT your name!
Click to expand...

Thats not always the case each card provider has different rules for user name the worst one is NAT West who use the first name then surname followed by a number which is absolutely insane as you quite rightly point out this and a bit of savvy to fill in the other information requested which is easily available publicly and you have all you need to have a spree on line.

Thankfully some of the more responsible banks do not follow the login and password rules above and are far more secure.

Great advice from W124coupe though change your user name to something other than your actual name, don't make it easy for them :mad:
 
Mr E seems to have grabbed what the fraud guys said.

It seems too easy if you have the basic card info which has to be given when registering a card for online purchases. Only 2 bits of further info to change the verification password and you're in.

I'm pleased that no-one appears to have had a problem with PayPal but they are the only organisation I have ever registered my card with although I have on ocassion been asked for the 3 digit code on the back in telephone purchases.

Seems like I have upset the apple cart somewhat, my apologies I didn't want to start WW111
 
Paypal is many many times more secure than telephone purchases.

I never pay for anything over the phone as you simply dont know where that number is being written down or passed on (often by underpaid call centre workers).

With Paypal, no one gets to see your CC number at all. Even the registration of your CC for the account is bank to bank and doesn't involve staff or third parties having access to the details.
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Similar threads

AMGeed
Any IT security experts here?
Replies
14
Views
3K
fabes
fabes
B
W220 Wanting to keep it or change to E Class Estate???
Replies
12
Views
1K
219
219
T5R+
DIY Diamond Cut Alloys
Replies
7
Views
1K
TomF
TomF
Moultoneer
First snag.
2 3
Replies
48
Views
5K
tron
tron
J
Electrical and other bits plus an admission
Replies
9
Views
532
Deleted member 126969
D
Back
Top Bottom