Short post about a potential misadventure I had this week. Hopefully everything is sorted out now, but it bothers me because it looks like a security bug in PayPal, which would be a huge confidence shaker. I use PayPal quite a bit these days for all sorts of online purchases, and if I have any doubts about its sanctity I shall drop it like a hot potato.
A few days ago I completed a routine purchase on eBay - large, reputable seller I've dealt with before. Paid via my PayPal account, and received all the usual confirmations and "order completed" mails from eBay. As ever, I filed them away in the "eBay" folder - just in case - you know how it is. As ever, I didn't really look at them. After I'd filed the order details, I suddenly realised that there had been something odd about some of the information on the last document. So retrieved it and - sure enough - the delivery address was someone in London who is not me. I've never heard of this person, or had any dealings with them. I checked my PayPal account, found the payment entry, clicked on the details, and there it was again - everything was correct except the delivery address.
I mailed the seller, who is a decent, helpful chap, and explained the situation - he has agreed to send the package to my correct address, so no further worries there. The wider implications are a bit scary, though.
It seems that, as part of a routine PayPal settlement for an eBay purchase - a situation which must occur zillions - possibly even brazilians - of times every day, PayPal has correctly made payment to the seller, but has supplied him with an incorrect delivery address. From someone else's account, it seems.
Some thoughts:
* what if I hadn't spotted it? - the parcel would have gone to a complete stranger, though the seller would have no cause to suspect that anything has gone wrong. As far as I am concerned, the parcel would simply never have reached me. Another mystery of the sea.
* more worryingly, if this is a glitch in the PayPal security system, what else could go wrong? How much does this shake my confidence in PayPal? How likely am I to use it again, for anything?
I've now changed my passwords for eBay and PayPal, as one does, and I've emailed PayPal to report the incident. It isn't a catastrophe, I've caught the problem before any damage was done, the amount of money involved was not large anyway - no need to dramatise. The big problem is that I really do not wish PayPal to have frailties, or make mistakes. I use PayPal because it is convenient, provides a level of confidentiality between me and the seller, and because it is not one of the Bastard Credit Card Companies. If my faith is compromised, I shall change my habits - that's for sure.
Of course, PayPal have not yet replied, and they may send me a perfectly reasonable explanation and appropriate reassurance, but at the moment I am hard pressed to think what they could possibly say that would make me feel comfortable.
Just saying. If you use PayPal to pay for an eBay purchase - or anything else for that matter - recommend that you check very carefully all the documentation that you receive, including details of where your package will be sent.
If anything further develops, I'll stick a little post up here.
***** Late Edit *****
OK - I received an email message from PayPal explaining how I may amend my postal address if it is incorrect. No help - not what I was looking for. On Tuesday, once the Easter weekend was over, I emailed them again and explained that they had missed the point of my previous message, or had possibly not looked for any point in it, and that I had serious concerns over security.
Very quick email reply from them asked me to phone them - the number was a free UK 0800 number, but I was speaking to people in the US. Heavy going - they were going to reverse the eBay transaction and do all sorts. We sorted that out - they understood that I had sorted out shipping details with the seller, and that primarily I was worried about how the PayPal address for someone else had been supplied to the seller for my purchase.
PayPal staff said they were confident that a default shipping address had been supplied from somewhere else, and it had suppressed the request for the address from my PayPal account, but that this must be due to a fault in eBay's completion software, or in some website application used within the seller's online shop. As we say in Scotland, it wusnae them, whatever. They also said they will raise it as a potential security issue, so that the software people may include it in future reviews.
They assured me that it won't happen again, but I can promise I will be checking very carefully the details of any PayPal transactions I take part in for a while. Really not very happy about all this.
Anyway - move on - let's find something else to worry about; however, the more they tell us that nothing can go wrong, the more disturbing it is when something does.
********************
That's rather worrying and a breach of data protection on their part.
ReplyDeleteSounds a strange one?
ReplyDeleteThanks for the warning , never had a problem (yet) with Paypal but I will be checking from now on .
ReplyDeleteThanks for the heads up Tony.
ReplyDeleteHave not seen this happen to me but I will be vigilant now that you have sent out a warning.
ReplyDeleteI find it odd that you clearly dislike CC companies but not PayPal, when the latter have even less regulation and are essentially double billing your eBay purchases (being owned by them since 2002).
ReplyDeleteYou find it odd? As a purchaser and an occasional transferer of funds to family and friends, I am not directly affected by the billing, double or otherwise, of the transactions - sellers who choose to accept PayPal as a payment method are presumably balancing the fees against the likelihood that their customers will be enabled (or encouraged) to spend a little more than they would otherwise. I have no direct experience of PayPal Credit, nor would I wish to, but as far as I know it isn't PayPal who have allowed personal indebtedness in the UK to rise to higher levels than before the fun years of 2008. I spent my working life in the UK finance industry - I still have friends who work for credit card companies. I know how they egg on their customers to run up unmanageable debts that they can't afford to service. I also know the extent of the hypocrisy when they claim that they advise their customers to watch their debt levels.
DeleteYou're right - I dislike CC companies every bit as much as I dislike retail banks - to the extent that they are separate, they appear to have escaped their fair share of the post-2008 allocation of blame.
I don't care much for PayPal either - they are just useful to me at present - if they can't manage their customer data, or if they are incompetent, or risky, then I shall stop dealing with them. I am fortunate, I guess, in that I don't need to spend money I don't have - there are a great many others who get sucked into running up debts that wreck their lives. The regulation doesn't seem to be directed at that particular problem.
Random case study. A few years ago, a friend of mine was about to pack his daughter off to university, and he was seriously concerned about being able to afford all the expense. His daughter was a lovely girl, she was 17, she had no money at all and about one teaspoonful of commonsense. One thing she would obviously need was a new bank account, so he took her along to his local branch of the retail bank he has used for years, and set her up with a nice new current account. The assistant manager explained that naturally she would need a credit card, and when my friend appeared dubious about this, it was implied that a new current account holder was sort of expected to have one of their own brand credit cards. But she has no money and no income, what sort of credit limit will they set? No problem - the bank has all details of all the family's financial comings and goings, and they will base it on that. There followed a major falling-out which resulted in my friend changing his bank - sadly, he doesn't like the new bank either.
DeleteLet's get everyone into debt - it boosts the phantom economy and it generates a lot of income for the right people. You've never had it so good.
Bollocks.
That's just one of many reasons why I detest credit card companies and banks.