WTF Paypal?



  • Apparently, I just paid $70 for "Sample Buy Now Button" to something named NorasStore.

    Also I'm kind of fickle. Minutes before, I also dropped $500 on the fabulous thing called "252 Giga Store". But then I immediately changed my mind and got refunded (minus the paypal cut).

    Yup, I'm disputing these, then removing my credit card from paypal.


  • Notification Spam Recipient

    You should probably consider changing the passwords too!


  • BINNED

    And this is why the card I have connected to PayPal never has more than $5ish on it unless I'm buying something at the time.



  • Is this from email notifications, or in paypal proper? I recently abandoned an email (as in, burned it down and went to gmail which supports proper filters and +name syntax) because of this, which has been ongoing for a few weeks now, and it's all phishing scams.





  • If that's from paypal proper, there is two options

    1. Someone stole your details and charged your account
    2. Some merchant passed your details to the Non sandbox site (paypal uses the same url format for sandbox and real url. Leave off the sandbox tag, but test with real customer info and you'll cause this) (and the rest test site probably wouldn't have a real store name if they are setting up a new shop)


  • @Onyx said:

    And this is why the card I have connected to PayPal never has more than $5ish on it unless I'm buying something at the time.

    Smart, but I'm too lazy for that crap.

    @Matches said:

    Is this from email notifications, or in paypal proper? I recently abandoned an email (as in, burned it down and went to gmail which supports proper filters and +name syntax) because of this, which has been ongoing for a few weeks now, and it's all phishing scams.

    Nope, real.



  • @Matches said:

    If that's from paypal proper, their is two options

    Someone stole your details and charged your account
    Some merchant passed your details to the Non sandbox site (paypal uses the same url format for sandbox and real url. Leave off the sandbox tag, but test with real customer info and you'll cause this)

    It seems no one messed with my account. Leaning towards second.

    Which means at some point I bought something from NorasStore. Except, I can't find anything in their godawful late 90-ies interface.



  • And now I can't disconnect my credit card. Great.



  • Chances are good it was an eBay or Amazon purchase if that's true, that's the majority of random shop purchases with paypal.

    And that's normal bank security, the fraud department will help you, be sure they know it is FRAUD not a DISPUTE @cartman82 do not miss this important differentiation



  • @cartman82 said:

    Smart, but I'm too lazy for that crap.

    Google Wallet Cards will only work if you have money in your Google Wallet, and it's easy to transfer money into and out of your Wallet. I think PayPal offers something similar, but I have not looked into it.



  • Why the holy fuck would someone in 2016 be using Paypal still? After all the horror stories, a dozen a year, about them fucking up and stealing people's money? Even from charities!

    Look, at this point, you deserve whatever you get. Dumbass.



  • @Matches said:

    And that's normal bank security, the fraud department will help you, be sure they know it is FRAUD not a DISPUTE @cartman82 do not miss this important differentiation

    I did this.

    That's the only link that was given to me, and sounds like it matches my situation.

    In the list of tickets, I now have this:

    I guess.... that was a claim dispute?


  • BINNED

    @blakeyrat said:

    Why the holy fuck would someone in 2016 be using Paypal still?

    Because some of us don't live in the US and some of online stores don't work with our banks directly, even when using a Visa for example? That's the reason I got a PayPal account years ago at least.

    And yes, it still happens at times. I know I had to use PayPal for League of Legends store last time I was buying shit for my sister there.



  • @blakeyrat said:

    Why the holy fuck would someone in 2016 be using Paypal still? After all the horror stories, a dozen a year, about them fucking up and stealing people's money? Even from charities!

    Look, at this point, you deserve whatever you get. Dumbass.

    Give me an alternative that's as widely available (including in places outside of your US gilded halls) and I'll switch. Dumbass.



  • Hard to tell, the status and design is different than what I see with a business account. Paypal phone support is actually pretty good (at least when I called)

    They may be asking for proof of claim, but that looks like the dispute process instead of fraud to me.

    (Edit clarification, proof of charge / sale from the vendor, not you)



  • @Matches said:

    They may be asking for proof of claim, but that looks like the dispute process instead of fraud to me.

    (Edit clarification, proof of charge / sale from the vendor, not you)

    Yeah, they need to prove they delivered my "Sample Buy Now Button" in mint condition.



  • Yeah, the only problem is that is the default code for their api example, they probably get a lot of those charges across the board for legitimate and sample purchases, or maybe you hired a freelancer to implement the button for you.

    The product unfortunately doesn't change the procedure to mark it fraudulent, but you can expidite things by calling support and talking to a human instead of an automated machine process.



  • I still don't understand how they would even make the purchase without my password.

    And if they did have the password, they could have sucked out much more. Is there something magical about this ~$50 amount, that will help them avoid chargeback?

    Very strange.



  • @Onyx said:

    Because some of us don't live in the US

    Sucks to be you.

    @Onyx said:

    I know I had to use PayPal for League of Legends store last time I was buying shit for my sister there.

    So you put all of your money at risk with scumbags and scammers to buy virtual items for a video game. Smart.

    @cartman82 said:

    Give me an alternative that's as widely available (including in places outside of your US gilded halls) and I'll switch.

    Here's my philosophy: if the only way to pay is PayPal, don't buy it.



  • That particular api is a vendor flow, if they have your account number (ie dev data example) or fat fingered it (less likely) it's possible.

    Example,
    https://www.paypal.com/cgi-bin/webscr?cmd=_dcc_hub-outside

    Sending previous customer data to non sandbox api is a good way to lose your api access to paypal. Small comfort if it's a legitimate business, still sucks if it isn't because now you have shell companies dinging your account.

    One possibility is they got your account number from hacking another store, getting a check, etc.


  • BINNED

    @blakeyrat said:

    Sucks to be you.

    What, no eurobashing? I am disappointed.

    @blakeyrat said:

    So you put all of your money at risk with scumbags and scammers to buy virtual items for a video game. Smart.

    That's just an example of last place where I had to use it because nothing else worked. eBay didn't use to work. Nor did Amazon. Nor did hundreds of other stores you would probably consider worthy of your business.

    And again, I don't keep cash around on that card anyway.

    @blakeyrat said:

    Here's my philosophy: if the only way to pay is PayPal, don't buy it.

    It's nice when the rest of the world panders to you when you want to buy something. Some of us have to make compromises from time to time.



  • Just ignore him, blakey is a dumbass.

    @cartman82

    If you haven't already, be sure to have two factor auth enabled on your account, and that alerts are enabled to send you an email any time a transaction of over $1 is made. This will give you early alerts to respond to issues before they finalize, and give you a papertrail of your transactions.



  • @Matches said:

    If you haven't already, be sure to have two factor auth enabled on your account, and that alerts are enabled to send you an email any time a transaction of over $1 is made. This will give you early alerts to respond to issues before they finalize, and give you a papertrail of your transactions.

    Yeah, I have all those. That's how I caught it immediately.



  • You can pretty safely rule out someone having your login credentials then. This is specifically someone with direct billing capabilities, and using the api endpoints. (Malicious or incompetence, dunno)

    If incompetence, there's probably a batch of people impacted.


  • BINNED

    @Matches said:

    Just ignore him, blakey is a dumbass.

    Hey! Stop ruining my fun!



  • @Onyx said:

    It's nice when the rest of the world panders to you when you want to buy something. Some of us have to make compromises from time to time.

    Then get someone in your shitty useless country to found a competitor. You're basically saying PayPal is raking in tons of money despite being utterly shitty because nobody in your country is competent enough to complete with them? How come your banks and businesses are so fucking useless that they ALL have to use an American company for web payments?

    How's that for eurobashing?

    Seriously, though, it's pathetic.



  • PayPals' security is still simply horrible. I was having major issues trying to update my account, even to the point that I had to get support on the phone to help. Turns out one of the major issues I was having is that my password was too long (about 20 characters). They seemed to have a limit of about 12. That is dumb as a box of frogs, and not documented anywhere (the support person on the phone didn't even seem to know about this one either)


  • Discourse touched me in a no-no place

    @cartman82 said:

    And now I can't disconnect my credit card. Great.

    You can cancel the card by calling your bank. I realize you might not want to.



  • @FrostCat said:

    You can cancel the card by calling your bank. I realize you might not want to.

    To point of these cards and paying services is to make things more convenient. Not to have to speak on phone, physically go places, wait in line in front of a teller and god knows what else would be involved with cancelling.



  • @Ashley_Sheridan said:

    PayPals' security is still simply horrible. I was having major issues trying to update my account, even to the point that I had to get support on the phone to help. Turns out one of the major issues I was having is that my password was too long (about 20 characters). They seemed to have a limit of about 12. That is dumb as a box of frogs, and not documented anywhere (the support person on the phone didn't even seem to know about this one either)

    S/paypal/bank

    Most banks have fucking awful security, from chase and bank of America (which doesn't support 2fa to login, only transferring money out wire style) to credit unions which don't support 2fa and have mostly shitty alert options.

    Because of how the gov insures the money, there's little risk to the bank in losing it all, so they have no real incentives to go above minimum requirements. It's cheaper to chargeback than to do proper security to prevent the issue in the first place. (Their logic, not mine.)

    Also, those example banks enforce short passwords and ansi number and three or so special characters. They aren't conducive to password generators.


  • BINNED

    @blakeyrat said:

    Then get someone in your shitty useless country to found a competitor.

    Sir yes sir, on it! Let me call a few people, we should have it sorted by the end of the week.

    @blakeyrat said:

    You're basically saying PayPal is raking in tons of money despite being utterly shitty because nobody in your country is competent enough to complete with them?

    Tons of money? Wait, can't type, laughing...

    Ok, done now. Dude, PayPal probably makes more money in a year than mine and @cartman82's countries budgets combined. Yes, we're prime market, right here.

    @blakeyrat said:

    How come your banks and businesses are so fucking useless that they ALL have to use an American company for web payments?

    Because American businesses are probably also useless and a pain to get cooperating? Like every country's banks and businesses?

    @blakeyrat said:

    How's that for eurobashing?

    4/10, no "eurotrash" nor references to sheep fucking.

    @blakeyrat said:

    Seriously, though, it's pathetic.

    I am now wounded :(



  • @Onyx said:

    Because American businesses are probably also useless and a pain to get cooperating? Like every country's banks and businesses?

    Right; good reason not to try: it's slightly difficult.

    Look, I hate to break this to you, but everything worth doing is difficult. That's what makes it worth doing.



  • @cartman82 said:

    You can cancel the card by calling your bank. I realize you might not want to.

    Ok, I just remembered I have a second unconnected account that I rarely use.

    So I just dumped most of the money from my PayPal account into that one. Problem (half) solved.

    Bonus WTF: When I was creating this second account, I wanted another VISA debit card. No can do. You can only have one VISA account per birth certificate. That's how the system is designed and there's nothing they can do. Had to take a crappy MasterCard that doesn't work anywhere.

    Blessing in disguise though, as it turned out.


  • BINNED

    And most of the bigger stores work. Now. They didn't used to. So, something was done.

    I still have PayPal as a backup in case nothing else works. I still have to use workarounds from time to time. Google Wallet doesn't work, for example. Can't verify my account, they say. Not that I really need it, I used other means, but shit happens, still. Probably will for years to come. So, backup option.

    Also, some American companies refuse to ship stuff here even though they will take my payment gladly, so I have to use proxies to get stuff shipped. Whose fault is that?



  • @Onyx said:

    I still have PayPal as a backup in case nothing else works.

    Yeah, I use "don't buy it" as that backup.

    @Onyx said:

    Also, some American companies refuse to ship stuff here even though they will take my payment gladly, so I have to use proxies to get stuff shipped. Whose fault is that?

    I don't care. What does it have to do with Paypal?

    If your country spends all its time kissing the US' backside, maybe just petition to be the 51st State. At the rate things are going, you'll still beat Puerto Rico.



  • I do not recommend canceling your card while an outstanding claim exists. Talk to your bank before doing that. It will cause problems for reclaiming the money, and you don't want to double fraud claim on two banks, because that can result in a double credit and be considered fraud from you



  • @cartman82 said:

    MasterCard that doesn't work anywhere

    How's that? I use a MasterCard and I can't recall anywhere it wasn't accepted..


  • BINNED

    @blakeyrat said:

    If your country spends all its time kissing the US' backside, maybe just petition to be the 51st State.

    That might be pretty ok, actually.

    Do we get the right to consider the rest of the world inferior immediately or is there a grace period before we do?

    Also, do we have to send both of our MiGs to help shoot people, or can we keep one at home, just in case?



  • @Matches said:

    I do not recommend canceling your card while an outstanding claim exists. Talk to your bank before doing that. It will cause problems for reclaiming the money, and you don't want to double fraud claim on two banks, because that can result in a double credit and be considered fraud from you

    Yeah, I just extracted the bulk of my money from that account. In case there are any more "mistakes".

    @hungrier said:

    How's that? I use a MasterCard and I can't recall anywhere it wasn't accepted..

    Hmmm.... I think it was Steam that accepted my VISA, but not this Master thing.

    Of course, they are both debit cards with mutated names, not real credit cards (Visa Vutron and Maestro Card, I think). So there's that.


  • Garbage Person

    @Onyx said:

    Also, do we have to send both of our MiGs to help shoot people, or can we keep one at home, just in case?

    They'll both be sold to a warlord who promises to fight ISIS and will eventually be dictator over a Sandy hellhole of a country that spouts hate at the US.

    You will be issued a detachment of battered old F-15s. Assuming you aren't in fighter coverage range of Ramstein anyway. If you are, we'll close the base.


  • Discourse touched me in a no-no place

    @cartman82 said:

    To point of these cards and paying services is to make things more convenient. Not to have to speak on phone, physically go places, wait in line in front of a teller and god knows what else would be involved with cancelling.

    Yeah, I understand all that. The point of cancelling the card is that at least nobody else can steal your money.


  • Notification Spam Recipient

    @blakeyrat said:

    Why the holy fuck would someone in 2016 be using Paypal still? After all the horror stories, a dozen a year, about them fucking up and stealing people's money? Even from charities!

    Look, at this point, you deserve whatever you get. Dumbass.

    I always thought that visa and mastercard missed a trick here by not having a similar service. They probably could of killed paypal a decade ago.



  • Assuming they used the card number, instead of direct ACH information (routing+account number)



  • @cartman82 said:

    Bonus WTF: When I was creating this second account, I wanted another VISA debit card. No can do. You can only have one VISA account per birth certificate. That's how the system is designed and there's nothing they can do.

    Huuuuuuuuuu? I have three: two Visa credit cards and a Visa debit card. Two cards with FIRST M LAST and one with just FIRST LAST.


  • Notification Spam Recipient

    @cartman82 said:

    Maestro Card
    Christ I thought they were long dead. My Irish bank threw a shit fit one year and discontinued them forcing everyone on VISA Debit.

    *edit I was never in a band



  • @anotherusername said:

    Huuuuuuuuuu? I have three: two Visa credit cards and a Visa debit card. Two cards with FIRST M LAST and one with just FIRST LAST.

    Probably depends on a country. Or bank.

    Someone made a boo boo, that's for sure.



  • @cartman82 said:

    I think it was Steam that accepted my VISA, but not this Master thing.

    E_NO_REPRO



  • @Matches said:

    They aren't conducive to password generators.

    No repro. My account with one of the specific banks you mention has a 20+ character random password. Unfortunately, 2fa is problematic for me (text messages may take an arbitrarily long time to arrive on my cheap dumb phone, and mobile solutions only work if I'm somewhere my old, hand-me-down, non-phone device can connect to WiFi), but I think the bank supports it.



  • Use any high ansi characters?

    The banks I mentioned don't support 2fa logins, they only support 2fa on transfers out of the bank (which is better than nothing, except it doesn't impact payments or ACH debits so people can still draft new payments out of your account without verifications. It's specifically the transfer feature.)


Log in to reply