Monday, July 17, 2006

Major Paypal Security Flaw

technorati tags: , , , , , , ,

I've been offblog for a lot of the weekend due to Blogger maintenance and a project I had due this morning.

What better way to make a re-enterance than to bitch about something:

Yesterday my wife was using my laptop to shop on eBay. She opened firefox and logged into eBay with her account. After she found what she wanted (buy now!) she went to pay, and decided to use her paypal account. So, quite logically, she selected "Pay with Paypal". She didn't have to log in to paypal, and the transaction went through no problem.

A few minutes later, I got an email receipt from my company's Paypal account for the purchase. My wife Ciara has no access to this account - she's not a user on the account, she doesn't know the password.

It's been at least four days since I logged into my paypal account. Last time I used it, I must not have logged out, and simply shut the window. Here are my issues with what happened:

1) the fact that my paypal account did not logout automatically when I shut the window, or more appropriately, after 15-20 minutes of non-use, is completely unacceptable. That's a bank account. There is no excuse for paypal not to follow what have become standard practices in the online banking industry. Imagine if I had logged in at a library computer!

2) Logout issues aside, the last time I logged into my account was to manage it, not to make a purchase. The fact that I could make a purchase from a third party vendor without entering my password info is ridiculous. I realize that eBay is not technically a third party vendor, but since they don't cross reference the eBay account and the Paypal account, they might as well be.

3) My wife was able to complete the transaction without ever being made aware that she was using my account. She didn't want to buy her pens with my money, in fact she had no idea. There's got to be more transparency in the process.

I appreciate that eBay is trying to make paying with your paypal account easy and convenient. This is not convenient - it's identity theft waiting to happen. How about making the eBay and paypal log in simultaneous? How about allowing you to add paypal accounts to your ebay account like credit cards? That would be convenient.

Take care of my money!


Post a Comment


Create a Link

<< Home