A big PayPal problem, possibly coming to an e-store near you
He chose Paypal because he was convinced that they would take care of problems...
Explanation: Liber Liber is an Italian ONG founded in the early 1990s, whose mission is to promote the conscious use of ICT in the humanities. To pursue their mission and pay their expenses, Liber Liber also sells books, music and other products online. The text that follows is my translation of a call for help about a serious problem with PayPal that Marco Calvo, president of Liber Liber, made on Facebook a few hours ago.
Disclaimer: I am not a lawyer, and don’t know enough about Paypal to verify what happened or make any judgment about it. However, having followed Calvo and Liber Liber for decades, I know Calvo knows much more than me about e-commerce with or without Paypal, and am pretty sure he wouldn’t say what he says without good reasons. So, thanks in advance for anybody who will help Calvo, me and everybody else to know what to do with Paypal when something like this happens again, and how to prevent it.
Getting fined because scammers found you
Says Calvo:
A few days ago, the Liber Liber shop received many orders from US citizens. Too many and too close together to be normal.
I believe these purchases were made by scammers for testing purposes: buying something from our or any other online shop immediately tells whoever is doing it whether the transaction was successful or not. So, I believe the people behind this were testing thousands of stolen credentials, just to see which ones were still valid, and then get all the money they could from the corresponding accounts.
Anyway, I immediately reported the anomaly to PayPal, but the dialogue with their AI ended up in PayPal blocking my login credentials, rather than solving the problem.
Several days later, after various vicissitudes, my credentials were restored. However, not only the anomalous orders persisted, but many US users obviously began disputing the charges.
I have no problem with that, because as I already said those purchases were undoubtedly made by scammers; the problem is PayPal is withdrawing €16 from our account as compensation for each of the transactions they authorized. €16 per transaction, and there are hundreds pending...
It seems clear to me that this is a serious flaw on their part, because:
it was PayPal that withdrew money from those users’ accounts
it was PayPal that (or should have) verified the buyers’ identities
it was PayPal that sent us their money
Obviously, we have no problem whatsoever to give back to Paypal all the money that we received (without any wrongdoing on our side!) for those illegal purchases. But pocketing €16 for each chargeback transaction is absurd. It’s their vulnerability, their mistake. They make a mistake, we pay.
When I finally managed to speak to a human operator and explained the problem, he rather brazenly denied it. He also denied that PayPal has security vulnerabilities, and insisted on demanding €16 for each transaction.
I chose Paypal because I was convinced that they would take care of verifying the buyer’s identity, verifying their genuine intent to purchase, and checking via username, password, and two-factor authentication that everything is OK.
Evidently, this isn’t the case. Not only is PayPal denying the evidence, but they’ve also failed to comply with the legal requirement to report a breach of their systems. At least the operator didn’t mention it, and I haven’t found any evidence online.
Is there a lawyer willing to help? Or a journalist interested in the story? I think it’s important to raise awareness of the problem, because right now it is affecting at least hundreds of people in the US but it’s likely that sooner or later, other scammers around the world will also begin exploiting this PayPal’s vulnerability. In the meantime, I’ve had to block all orders from the USA, including the good ones, to limit the damage. But I’ve already started to get orders from fake Italian addresses...
Since you’re here...
What you just read is the actual call from Marco Calvo, which I offered to translate and publish here to help him and everybody else with the same problem to figure it out. But since you are here... please spend one more minute browsing my archive, subscribing if you like what you see, and sending suggestions or requests for more work like that to mfioretti@nexaima.net.