Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

PayPal Security Holes Expose Customer Card Data, Personal Details 87

Posted by Soulskill from the time-to-do-a-chargeback-on-their-security-contractors dept.
mask.of.sanity writes "Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories. The holes still exist. One was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. PayPal is working to close the holes."
This discussion has been archived. No new comments can be posted.

PayPal Security Holes Expose Customer Card Data, Personal Details More

PayPal Security Holes Expose Customer Card Data, Personal Details

Comments Filter:

  • Re:PayPal is not a bank - it is in Europe! (Score:5, Interesting)

    by stiggle ( 649614 ) on Friday November 02, 2012 @11:50AM (#41853751)

    Paypal Europe is a Luxembourg based Bank and regulated in the EU as such.

  • PCI, anyone? (Score:4, Interesting)

    by dkleinsc ( 563838 ) on Friday November 02, 2012 @12:55PM (#41854533) Homepage

    If Visa, Mastercard, Amex etc are treating everyone fairly, it seems like PayPal would now be due for a major smackdown courtesy of the big-name credit card networks. I'm talking about a $10^9 order of magnitude smackdown. If I recall correctly, proper compliance means certifying a bunch of stuff under penalty of perjury, which means that PayPal is not only organizationally breaking the rules but may have individuals breaking the rules as well.

    Of course, equally likely, these companies will be too worried about hurting their relationship with a big payment processor to actually do anything about it.

  • Re:If you're victimized by this (Score:2, Interesting)

    by Anonymous Coward on Friday November 02, 2012 @01:30PM (#41854989)

    You can always file a class action lawsuit. Oh. Wait.

    IANAL, but couldn't we organize as many affected people as possible to simultaneously file individual Small Claims for their maximum value (now $10,000 here in California for individuals, $5,000 for business) all over the country? How many representatives do you think PayPal can (or is willing to) send to each and every court case? The majority of people will probably win on default.

    PayPal can either pay a few million up front on a class action, or up to $10,000 per person individually. Personally, I'd rather go fro the small claims. More money for you (it's expensive to get your identity back if stolen) and potentially higher penalty for PayPal if you can get everyone to file claims. It is unlikely they'll file for bankruptcy and skimp out on the collection, and their "wages" should be adequate enough to see a lump sum.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close