Forgot your password?
typodupeerror

Abiword's PayPal Donation Fund Robbed 608

Posted by timothy
from the some-scum-can-walk dept.
SabberFlapper writes "According to this Announcement to the developer list of Abiword the Abiword fund was robbed. Dom Lachowicz writes: 'I'm duty bound to let you all know that the AbiWord Fund/Tip Jar has been robbed approximately three weeks ago. I'm telling you this now, rather than sooner, since I believed that Paypal would do something about my complaints during the interim, and that this would all be resolved quietly. Today, 23 days later, this does not look like it will happen. [..] I do however, recommend doing several things: 1) Writing to Paypal, in letter, email, or fax form alerting them to this travesty. 2) Calling Paypal on AbiWord's behalf. 3) Writing or calling your Congressman/woman, pointing out that Paypal is acting like a bank, but not operating under formal banking laws. 4) Boycotting Paypal because of these reasons, and the fact that their system is notoriously insecure, and encouraging others to do the same.'" Of all the groups to steal from -- AbiWord?
This discussion has been archived. No new comments can be posted.

Abiword's PayPal Donation Fund Robbed

Comments Filter:
  • by rob-fu (564277) on Sunday October 27, 2002 @01:46AM (#4540131)
    That's why I hide all of my money in a mattress.
  • How was it done? (Score:4, Interesting)

    by Anonymous Coward on Sunday October 27, 2002 @01:47AM (#4540136)
    Can somebody explain how this theft occurred. It's not clear to me from the post.
    • by Anonymous Coward
      It doesn't make sense to me how this could happen. Someone took money out of AbiWords account to buy a digital camera. That camera has to be delivered to the person who hacked into Abiwords account. Find out that adress, go over then and beat the crap out of the guy!
      • by Black Copter Control (464012) <samuel-local&bcgreen,com> on Sunday October 27, 2002 @06:18AM (#4540747) Homepage Journal
        Find out that adress, go over then and beat the crap out of the guy!

        My thoughts is more along the lines of: find out who it is, track them down, and have them charged with wire fraud.

        Chances are that the cost to paypal of dealing with the court order, etc. would be more than the cost of them dealing with this in a more sane manner... but what the hell!

        And I really do think that the cretin that did this deserves to get a criminal record for this anyways... Chances are that this isn't the only account that (s)he's robbed.

        • by Anonymous Coward
          Can you beat the crap out of the guy AND charge him with wire fraud ;) ?
          • Can you beat the crap out of the guy AND charge him with wire fraud ;) ?

            Depends on the mood of the cops that deal with him. I was once involved in the citizens arrest of a guy that was abusing his girlfriend on the street. I was on the bus, and when we saw this, the bus driver stopped, and a bunch of us got out to help the woman. As soon as he saw that help was comming, the guy just stopped, and didn't offer any resistance. When we asked him what was going on, he said "That's OK, she's just my ex". That's when I placed him under arrest.

            While we were waiting for the cops to show up (took maybe 2 minutes), another passenger got off the bus, called the guy a fu*king asshole and punched him in the face, giving him a bloody nose.

            When the cops showed up, they asked about the bloody nose, and I replied, "somebody hit him". They didn't blink and they didn't bother to ask any further.

            Although I'm generally anti-violence and waved off the guy that hit this bastard, I'm not completely sad about that outcome. I'm presuming that he plead guilty because I haven't heard any further from the cops about this incident.

      • Re:How was it done? (Score:3, Informative)

        by BitterOak (537666)
        As someone who has been the victim of credit card fraud myself, I can tell you that nine times out of ten, the address is a Mailbox's Etc. address, or a similar service that allows anonymous mail pickup.

    • by Rareul (537940) <[moc.rekcufrehto ... o] [ta] [luerar]> on Sunday October 27, 2002 @11:20AM (#4541350) Homepage
      After all, they bought them: Cnet [com.com]

      ?sp
    • Re:How was it done? (Score:3, Interesting)

      by alexburke (119254)
      Can somebody explain how this theft occurred. It's not clear to me from the post.

      How about this [paypalwarning.com]? Could Dom have been suckered by such a message? (More details here [paypalwarning.com].)
    • "Can somebody explain how this theft occurred. It's not clear to me from the post."

      Typically what happens with PayPal cases like these [paypalwarning.com] (they're extremely common) is that the account is "restricted" from some trivial reason like a cancelled payment or for no reason at all, and then it is impossible to withdraw money from the account. Then PayPal will start making unauthorised withdrawals from you bank account and credit card. They won't unrestrict the account until you fax them utility bills, social security card scans, drivers license scans, etc multiple times because they always claim they they didn't receive the information. Even then, it is rare to get the account un-restricted. Complaints and investigations by police, government, etc tend to get the account nuked. And of course you never get your money back.

      Hence, you have been 'robbed' by paypal.

  • by Kris_J (10111) on Sunday October 27, 2002 @01:48AM (#4540142) Journal
    This is why I don't give PayPal my banking details no matter how much they try to bluff them out of me. Just credit card -- that way if they let any of this crap through I can block the credit card payment.

    They actually tried to tell me that I couldn't accept a payment without bank details a couple of days ago. When I pressed the only button that didn't cancel the payment I was *then* given the option to accept without adding bank details.

    PayPal is like the stock market -- don't put anything in that you can't afford to lose.

    • by whereiswaldo (459052) on Sunday October 27, 2002 @01:57AM (#4540184) Journal
      That's great advice - wish I'd heard it earlier. I got screwed just this way. I purchased something using PayPal and when the seller screwed me, I tried to get my money back through the bank. Too bad PayPal didn't use the VISA option on my debit card, but the debit account. So, my purchase wasn't automatically insured as it would have been had the payment went through VISA. PayPal is comprised of a bunch of blood sucking leeches. That goes for EBay, too. By the way, try and contact somebody at either establishment. Have fun.
    • by mbogosian (537034) <matt@arenaunli[ ]ed.com ['mit' in gap]> on Sunday October 27, 2002 @02:46PM (#4542346) Homepage
      This is why I don't give PayPal my banking details no matter how much they try to bluff them out of me.

      Schwab [schwab.com] has deposit-only account/routing numbers for all their accounts (they're the ones given out for direct deposit, currently under Account -> Transfers & Payments -> Direct Deposit). If money is attempted to be removed using the same numbers, an "account not found" error is given (saving the fees from both ends associated with the "account overdrawn" error). This works with PayPal, because they verify your account by depositing small amounts of money into it (which will work).

      Granted, you have to have quite a bit of dough [schwab.com] for it to make sense to use Schwab for checking, but it would be interesting to know if any other banks provide this kind of service. Of course, it would be more useful if one could pressure all banks to provide this. Then again, I guess the ultimate solution would be to have the same consumer protections that apply to credit cards also apply to one's account/routing numbers.
  • What surprises me (Score:5, Interesting)

    by einhverfr (238914) <chris@travers.gmail@com> on Sunday October 27, 2002 @01:48AM (#4540143) Homepage Journal
    is that any business which faces any regulatory liability would not stand by their customers, esp. under a threat of letter writing campagns to congressmen who have the potential to do some real damage via congressional inquiries....
    • Re:What surprises me (Score:5, Interesting)

      by danheskett (178529) <danheskett AT gmail DOT com> on Sunday October 27, 2002 @02:05AM (#4540225)
      PayPal could never simply absorb these costs, dont you get it?

      On one hand, PayPal faces a small but vocal crowd of dissenters. On the other hand PayPal faces bankruptcy because of fraud.

      When a criminal act is comitted, someone has to be screwed. Its easy to say Paypal should incurr the costs. But was this their fault? Whose fault is this?

      Someone was a criminal, and acted criminally. He stole money. That money was thieved. Why should it be covered by them because - it seems this way - someone didnt secure their account properly (I am assuming this was run of the mill password guessing - it doesnt appear that the site was hacked/engineered).

      PayPal isn't a bank. They don't claim to be a bank. They are not insured like a bank. So why should they have to act like one? They are a payment clearinghouse.

      Use strong passwords.
      • by shepd (155729) <[moc.liamg] [ta] [gro.todhsals]> on Sunday October 27, 2002 @02:19AM (#4540273) Homepage Journal
        Maybe if paypal acted good-hearted, and at least put up some easy contact info so you could get some help tracking down the scammers they wouldn't have such a hard time.
        This is like putting your stuff in public storage, having the garage broken into, all your stuff stolen, only to find out they've replaced the attendant with an automated box and have chosen to leave you no way to contact a person.
        It's despicable, and it stinks of fraud.
      • Re:What surprises me (Score:5, Interesting)

        by alexburke (119254) <(ac.ekrubxela) (ta) (liamtodhsals)> on Sunday October 27, 2002 @02:31AM (#4540308)
        PayPal isn't a bank. They don't claim to be a bank. They are not insured like a bank. So why should they have to act like one? They are a payment clearinghouse.

        I call bullshit -- or at least misinformed.

        Not only do you accrue interest on the cash balance in your PayPal "account", they also have a money market fund you can invest in.

        If they aren't trying to be a bank but saying otherwise, I... never mind.

        My point is that PayPal are whores with the ethics of a petty thief, and I sincerely hope eBay straightens them right out.

        However, since I read about the debacle of eBay CSRs getting told off for shutting down questionable auctions because those auctions belonged to Power Sellers (eBay's most profitable customers), I'm now questioning eBay's ethics/morals as well.

        *sigh*...
        • Re:What surprises me (Score:3, Informative)

          by alexburke (119254)
          To clarify:

          (1) The first line should have been italicised, since I was quoting the parent comment.

          (2) The eBay CSRs were being told off by their supervisors, not by the Power Sellers.
        • by danheskett (178529)
          Not only do you accrue interest on the cash balance in your PayPal "account", they also have a money market fund you can invest in.

          You accrue minimal interest. It is not substantial. Money markets are not exclusive to banks. I could open one up tomorrow.

          PayPal has never claimed to be a bank. They never claimed to offer protection against this.

          There is no fraud on their part. Dont like their business practices? TAKE YOUR BUSINESS ELSEWHERE.
      • Re:What surprises me (Score:3, Interesting)

        by edwolb (526769)
        Bullshit. If you're going to provide a service such as accepting credit card payments, you have to have a secure way of handling them. It's absurd that you could legally provide a service such as money collection and not guarantee that you were given every penny you were promised. Shame on paypal...
      • Re:What surprises me (Score:5, Informative)

        by sql*kitten (1359) on Sunday October 27, 2002 @03:48AM (#4540488)
        PayPal isn't a bank. They don't claim to be a bank. They are not insured like a bank. So why should they have to act like one? They are a payment clearinghouse.

        They take deposits and pay interest [paypal.com], and are covered by FDIC [paypal.com]. That legally makes them a bank, whatever they may claim.
      • Paypal claims to offer insurance against fraud, robbery, and such.

        But when it comes time to pay, they have so many exclusionary principles [and I don't say exclusionary clauses: you don't see these until you try to collect] that they are effectively not insured.

        Further, because of profit structure of their current system, they actually do not even stop the criminals when they could easily do so. A criminal who does $1500/mo. of business through their system is preferred over an honest person who does $50/month; and they help to effectively hide the criminal.

        So effectively they provide a haven for criminals, and they also provide a safe-looking "waystation" where unsuspecting people can be waylaid.

        That was the specific case of my own ~$500 loss to a criminal on the paypal system with the help of Paypal's structure. They could have easily stopped the payment, they chose not to. They could have easily submitted the fraud claim to the insurance [there were several levels of fraud, 3 of them provable, the fourth being that he shipped a Win98 User's manual instead of the licensed copy of Quark he sold]. However, since there was ONE instance of "unprovable" fraud (well, he shipped something) then they said "valid sale, no insurance."

        Paypal needs to go. I don't mind them existing, I don't particularly need the government to get involved, but people need to stop using paypal on their own, not for a boycott, but for their own sake -- more reasons for which have been added here.

        I, for one, will not pay by Paypal again.

        They waylaid me. Not some criminal [who did take advantage]. No. PAYPAL waylaid me.

      • Re:What surprises me (Score:4, Interesting)

        by Mithy (30439) on Sunday October 27, 2002 @09:37AM (#4541033) Homepage
        When a criminal act is comitted, someone has to be screwed. Its easy to say Paypal should incurr the costs. But was this their fault? Whose fault is this?

        It's Paypal's fault. Banking institutions take out indemnities against things like theft and fraud, as well as corporate liability insurance and the like. If Paypal don't, they shouldn't be allowed to trade.
  • by Slayer_X (141736) on Sunday October 27, 2002 @01:49AM (#4540146) Homepage
    tell me about another alternatives please
    • by mosch (204) on Sunday October 27, 2002 @01:55AM (#4540179) Homepage
      c2it [c2it.com] is run by citibank, and it's run professionally, like a real bank. Not to mention the fact that the most common US transactions are fee-free.
      • by Ron Bennett (14590) on Sunday October 27, 2002 @03:41AM (#4540473) Homepage
        From what I've read on c2it website, they don't offer many features that PayPal does.

        For U.S. citizens that primarily send/receive money to other U.S. citizens, c2it appears to be a far superior and safer option of doing it.

        However, for businesses that accept PayPal for transactions, c2it appears limited - especially for foreign transactions.

        In short, c2it looks to be more of an extension of a bank, then a payment solution for business.

        Some of my businesses use PayPal - loss of the money is always a risk and thus we regularily transfer funds out of it and closely monitor the account.

        From my understanding our maximum liability for loss, if reported timely, is limited to the funds in the PayPal account and $50 (if even that) for the credit card and $50-$500 for ACH. My business can afford these losses if they were to ever occur and is built-in to our cost of doing business using PayPal.

        With that said, there needs to be more legal protections put in place for PayPal users since many businesses and individuals aren't aware of the risks nor more importantly can't afford to lose any money.
    • by Jucius Maximus (229128) <zyrbmf5j4x&snkmail,com> on Sunday October 27, 2002 @02:01AM (#4540210) Homepage Journal
      "tell me about another alternatives please "

      C2IT [c2it.com] is run by a real bank. (Citibank) Try finding their contact information and then see how fast you can find paypal's info.

      Btw, some other paypal info:

      Paypal's tech support is outsourced to India.

      Someone already tried to sue paypal and force bank regulations on them but it failed [com.com]

      Stories like this one are very, VERY common [paypalwarning.com]

      The Abiword people should be joining the Class Action Suit [paypalwarning.com] against Paypal

      There are many Paypal alternatives [paypalwarning.com] including the aforementioned C2IT.

      If you are still using paypal for money that you can't afford to lose, you are on very thin ice.

  • That's revolting... (Score:3, Interesting)

    by Archie Steel (539670) on Sunday October 27, 2002 @01:50AM (#4540150)
    For my part, I will personally write Paypal and tell them that I no longer feel that their service is secure enough for me and that their treatment of victims robbed through their service is rotten.

    The question is, what other services are there in Internet space that does the same thing they do? Any banks trying to offer secure payment over the Internet?
    • Western Union currently has a similar service, BidPay [bidpay.com], which is a rather reasonable way to pay online auction sellers and the like. The site automates the process of making and sending a money order, complete with e-mail notification of not only when the order was processed but also shipped out via snail mail. I know it's not purely digital, but it better than nothing!

      Mr. Fusion

  • by motox (312416) on Sunday October 27, 2002 @01:50AM (#4540153) Homepage
    Frankly, I suspended my PayPal account months ago. This episode just confirms my doubts about their service. It's like your bank gets robbed and tells you sorry, your account is zero now... I think everyone who owns a Paypal account should write and eventually cancel their own account. It happened to Abiword but it could happen, and i -bet- it's happening, to anyone. They just targeted a substantial account, this time.. Ofcoures it's internet, its point and click, its insecure, bla bla bla but it's real money. People has to realize it's real money. It shouldnt make a difference if they rob my PayPal account or if they rob my house, but alas, it does. Internet has reached a critical mass of people years ago, but still when you do business there you feel like you are not in 21th century, but back in the far west...
  • by Anonymous Coward on Sunday October 27, 2002 @01:50AM (#4540154)
    I had a paypal account. As soon as I saw the site http://www.paypalwarning.com I deleted it. This was out of simple self preservation, everyone gets bad press, but that much, and to that degree?? I have shown everyone I know that uses paypal that site - I feel duty bound to do so. Veteran Netizens certainly have seen or heard of this site, yet AbiWord decided to use it as their merchant account. Well, you knew the risks didn't you...

    Yes, it sucks. It is pretty terrible that donations where robbed. But common sence could have avoided it. You call for a boycott now - well hundreds have been saying this for some time and it was ignored... People have been attempting to get PayPal to have to live up to the same standards of a bank for a long time now. I am sure it is a shock when it is you that gets ripped off but it shouldn't shock you that much that PayPal is being less than helpful.

    NR
  • by no_such_user (196771) <jd-slashdot-20071008@@@dreamallday...com> on Sunday October 27, 2002 @01:53AM (#4540170)
    I hate to jump to "lawsuit!", but this is an instance where a sternly-worded letter from a lawyer might at the very least get their attention. Unfortunately, you'll end up spending more than the stolen funds to pay said lawyer.

    Any lawyers out there willing to help out AbiWord pro bono?
  • Ever wanted a good reason to not use paypal? There are tons at: PayPalSucks.com [paypalsucks.com]. Now I guess they have to add this AbiWord travesty to their list.

    I, for one, cannot understand how paypal is allowed to get away with all this. People even suggested that things might change once eBay took them over, but apparently that hasn't happened yet. What a shame, I remember when PayPal was actually quite a helpful service. Now it just appears to be too much trouble, especially if something goes wrong.

  • Anyone notice that the failed credit card deduction is almost the same as the stolen amount(x2)? Maybe the thief wanted to get 2 of these camera/PDA devices, and couldn't get them both when the credit card was denied, so he just took the max from the cash value purchase price of one of them, $581.00.

    This truly sucks. As a maintainer of a few open source packages myself, who currently is using PayPal to keep the project websites, cvs, et al. bandwidth paid for, I'm at a loss to find any alternatives. Anyone else?

  • Robbed? (Score:2, Interesting)

    by empee (219598)
    Due to the lack of details given about the fund being 'robbed', I'm going to guess that the password was compromised, as opposed to some sort of hack on paypal's servers. So... isn't it this guy's fault (at least as opposed to paypal's)? Paypal didn't do anything wrong.. sure maybe they could be a bit more helpful in trying to track down who did it, but they certainly aren't obligated to do so.
  • No Recourse? (Score:3, Insightful)

    by phriedom (561200) on Sunday October 27, 2002 @01:54AM (#4540176)
    Isn't there an address that the camera seller has? If this is inter-state fraud doesn't that bring the FBI into the picture? Why rely on PayPal to give you justice?

    Now of course, PayPal SHOULD have to be a bank to do what they do and should be responsible for the money entrusted to them that they allowed to be stolen, but just because they aren't I don't see how that is the end of it.
    • Re:No Recourse? (Score:3, Interesting)

      by joshki (152061)
      The FBI doesn't care unless there's over something like 25k involved. 600 dollars in a donation fund isn't even going to get them to bat an eye, unfortunately.
  • Well... (Score:5, Informative)

    by jvmatthe (116058) on Sunday October 27, 2002 @01:57AM (#4540185) Homepage
    Boycotting Paypal because of these reasons, and the fact that their system is notoriously insecure, and encouraging others to do the same.

    One has to wonder if the Abi folks knew about PayPal's failings ahead of time. If so, then had they looked into other ways of obtaining donations? That is to say, if the Abi folks are saying "Look, we knew that PayPal sucked and was insecure, but we used them anyway, so please write them to tell them how much they suck" then it's a little harder to take their complaint seriously.

    I've used PayPal for auction stuff. I was fortunate enough to get payments mostly through PayPal from a large USENET auction I held a while ago. But once that big chuck of money was in there (we're talking less than $1k) I had them cut me a check and send it to me so I could put the money somewhere I trusted...a real bank! Even now, I never keep more in the account than I could bear to lose, should something go wrong.

    That the Abi folks weren't taking better care of their money hardly seems like PayPal's fault. Many people know PayPal has been difficult to deal with...it's no big secret and it's even been talked about on /. lots of times. Many people are wary of the fact that PayPal wants all of the benefits of being a bank without the responsibility...again it's no big secret. And the ability to use PayPal to get contributions while still holding onto your money (by asking them to cut you a check every month, say) isn't hard to do.

    I don't want to defend PayPal too much here. They're clearly sleazy sometimes (if not all the time). But that doesn't absolve the Abi folks from being more careful with their benefactors' cash.
    • Re:Well... (Score:3, Informative)

      by whereiswaldo (459052)
      That is to say, if the Abi folks are saying "Look, we knew that PayPal sucked and was insecure, but we used them anyway, so please write them to tell them how much they suck" then it's a little harder to take their complaint seriously.

      What the AbiWord folks think of PayPal should have absolutely no bearing on PayPal's liability in this theft. PayPal is bound to provide a certain service, and should be responsible enough to remedy this situation, if only because required by law.
  • I remember viewing the eBay purchase of PayPal with some trepidation. Thinking, this just can't be in my (the consumer's) best interest. And while I'm sure there were problems before, the sort of heightened injustice in the light of a move that was supposed to benefit the defacto public online auction place, just fries me.

    So, what are my choices (that's what we love to jump up and down about having)? Are there other online aucctions that even have a chance of being as large as eBay? Or other payment methods? I see the whole PayPal-as-part-of-Ebay, so much like the Microsoft having become the defacto desktop and then pushing it's web browser and subsequent internet policies on everyone.
  • How was it stolen? (Score:5, Insightful)

    by Call Me Black Cloud (616282) on Sunday October 27, 2002 @01:59AM (#4540199)
    He says, "...their system is notoriously insecure."

    It seems to me that if the system is that insecure, the perps could have found something more lucrative to rob than the Abiword tip jar. I'm sure there are power sellers on ebay that do more business in a week than the tip jar sees in a year.

    Perhaps his fund password was something like "abiword" or he responded to a scam e-mail...

    Reading the complete post, I see "...Their silence implies to me that they are treating this matter as if I got mugged on the street, rather than as if someone walked into their bank and withdrew my money without my consent."

    So it sounds as if it was not a hole but rather an error on Dom's part. I look forward to reading more about this to find out just how this happened.
    • by murgee (615127) on Sunday October 27, 2002 @02:12AM (#4540255) Homepage
      This is, of course, assuming that everyone trying to get into PayPal is after big bucks anyway (doing it professionally).. when it's quite likely they could have been targeted by someone who's just experimenting and hit something small to lessen their chances of getting caught (or, at least, trying not to get into too much trouble.. you might suspect that if the person raided a several thousand/tenthousand dollar account they'd be up against a lot more, punishment-wise).

      Of course, isn't the purpetrator's name tagged to the transaction? You have to have a valid bank account to move funds out of your PayPal account.. wouldn't it just make it that much harder to hide from the authorities if you broke in to someone's account and moved stuff over?

      This reminds me of when lowendmac [lowendmac.com] got hit last month (earlier this month.. something like that). It's unfortunate PayPal has "critical mass" or whathaveyou. You'd think that someone big would care, but they can't even be bothered to work with all banks.

  • by MrP- (45616) <rob@@@elitemrp...net> on Sunday October 27, 2002 @02:01AM (#4540209) Homepage
    You have successfully closed your account.

    Ahh, I feel better now, don't you?

    Now to write them a letter to let them know why I closed my account, I suggest everyone else do the same.
  • Done and Done... (Score:5, Interesting)

    by Incongruity (70416) on Sunday October 27, 2002 @02:18AM (#4540270)
    After reading about all the trouble with paypal, I have cancelled my account. I will now also be sending their customer service folks an email explaining why I cancelled my account.

    Even if they do outsource their support to India, I'd bet they keep some sort of stats about emails and the issues covered...maybe if enough people complain and cancel their accounts someone will listen...unlikely but it's worth a hope.

    -tcp

  • by davmoo (63521) on Sunday October 27, 2002 @02:35AM (#4540324)
    ...just as soon as someone explains how the theft occured and why it is PayPal's fault. If the theft occured by someone hacking PayPal, then it is indeed their fault and I will cancel. But if the theft occured because Abiword had a simple to guess password, 47 people knew the password, or some other idiocy like that, then I have no sympathy...and I will continue to be a happy PayPal customer who has conducted thousands of dollars worth of transactions (both directions) and had no problems what so ever.

    I do notice that the referenced note is long on inuendo and short on facts, and that in itself makes me suspicious.

  • by prostoalex (308614) on Sunday October 27, 2002 @02:41AM (#4540344) Homepage Journal
    As much as I detest stealing, it's hard to ignore the fact that stuff like that has been going on for a while [paypalwarning.com].

    I saw previous posters say they closed their accounts after they found out about AbiWord theft, I closed my account as soon as I've read through posts on the site above.

  • by Babbster (107076) <aaronbabb AT gmail DOT com> on Sunday October 27, 2002 @02:42AM (#4540345) Homepage
    I'm not going to write a long screed about Paypal since I haven't done business with them (frankly, I'm wary of anybody who gives away money like I saw Paypal advertising at one point). However, I am wondering something:

    How much money should someone be allowing to accumulate in a Paypal "donation" account? I ask because I think that anyone who lets the account grow too much (like beyond $100 or one transaction, whichever is greater) is begging for trouble. I know that there are transaction fees when you take money out of the account, so were the Abiword people being cheap by not withdrawing earlier?

    For example, if there is a 2.9%+$0.30 charge to receive $100 from the account (see Paypal [paypal.com] for details), that would be a charge of $3.20 leaving $96.80 in the check I assume they would send out. Even at $50, you're looking at $2.25 with $47.75 of actual money coming at you.

    Clearly, were I running the deal I wouldn't be leaving money in this "fund" and I think that Mr. Lachowicz was a damned fool to do so, whether Paypal is generally believed to be a security risk or not.

    Frankly, I have more sympathy for someone who loses $30 or $40 from their Paypal account because of this kind of fraud than I do in this case. Someone who loses such a small amount of money could have had some valid reason to have the money in their. Someone who leaves $800 sitting around, doing nothing (savings account interest rates are small, but Paypal interest rates, well, are nonexistant), probably needs a lesson taught to them.

    Blaming Paypal alone would be a mistake.

  • by R-2-RO (766) on Sunday October 27, 2002 @02:45AM (#4540353) Homepage Journal
    Paypal is quite convienient, but should something like this happen that requires Paypal to step in, you're SCREWED!

    Paypals complaint resolution works like this:

    File complaint

    Paypal emails other party on your behalf

    Paypal receives no response for other party after X number of days(duh)

    Paypal deems your money unrecoverable (sorry)

    Filed fraud w/ my CC company

    CC company investigates (and when they finally stop laughing) remove charge from my CC (thank you!)

    Recieve nastygram from PayPal for not initiating the charge back through Paypal for the 10 dollar fee instead of the free service my CC provides.. (dick heads!)

    Luckily my CC company came through with no problem. But I was scammed on a PS2 system on Ebay (long story) the sad part is that there were about 20 of us that lost out on the ebay thing. A couple of them used paypal and got nothing! and since they didn't use a CC (which paypal would rather u use a straight bank transfer) they got screwed. Got nothing back. Sad.

  • by forged (206127) <soltesz.gmail@com> on Sunday October 27, 2002 @02:45AM (#4540356) Homepage Journal
    So was the early subscriptions system a lure to get as many Slashdot fellow readers as possible into using PayPal ?
  • by BrianWCarver (569070) on Sunday October 27, 2002 @02:55AM (#4540382) Homepage
    To close your paypal account [paypal.com] follow that link. I just closed mine.

    Then send them an e-mail [paypal.com] explaining why. I'm going to now.

    P.S. It seems to me the seller of the camera/PDA must have mailed the thing somewhere. Get that address. Contact local police. Contact EBay's fraud division. ETC. I'd be surprised if this money cannot be recovered. In the meantime, I hope Abiword is busy setting up a C2it [c2it.com] account.
  • by Dr. Awktagon (233360) on Sunday October 27, 2002 @02:56AM (#4540388) Homepage
    That really stinks. I wish Dom the best of luck getting his money back.

    But, I'm not going to cancel my PayPal account over this just yet. I've had the account since the service began (remember when it was for Palm Pilots?). Never had a problem. I treat PayPal with kid gloves because they are not regulated the same way banks are (and they shouldn't be: they are a payment service, not a full-service bank), and they are a huge hacker's target.

    Here what I do with my PayPal account (I use it quite a bit on eBay for buying and selling):

    1) Set up a separate bank account for PayPal. I have a money market fund whose sole purpose in life is to transfer money between paypal and my regular savings account. I transfer the money out at least once a month or so.

    2) never give PayPal any more information than they need. Give them one credit card (preferably exclusive to PayPal with a PO box billing address). Don't sign up for the piss-ant Money Market fund that requires giving them your Social Security Number. No extra emails, phone numbers, or mailing addresses. Change password often.

    3) NEVER UNDER ANY CIRCUMSTANCES leave a balance in your PayPal account. Because it's PayPal's money, not yours, until you take it out (remember, it's not a bank). Withdraw immediately. Even if you need to pay for an auction later, use your bank/credit card to pay for it. (I use a Citibank card that gives a cash back bonus, so I actually get a small benefit from doing this.)

    4) If they send you a free Debit card, cancel it. Don't sign up for the credit card either.

    You have to keep in mind also, PayPal can freeze your money at any time. All that has to happen is someone file a complaint against you. They can lock your account. They can do various silly things.

    I don't want to "blame the victim", but if your money is not in the PayPal account, it can't be stolen. And if there's a fraudulent charge on your credit card, it can be taken care of with a signed affidavit, or maybe just a letter, like any problem with your card. Your card has consumer protection laws associated with it, your PayPal account doesn't.

    I did have one of my other cards stolen once and used on PayPal (had nothing to do with my paypal account, the perp opened his own). I wrote them and received a response and an affidavit to fill out, the next day. In fact, all my PayPal customer service mails have been answered the next day. (I have a "premier" / "merchant rate" account, which gets better treatment, ymmv).

    By this point, with all the horror stories out there, I'm surprised anyone would keep a balance in their PayPal account.
  • by Chester K (145560) on Sunday October 27, 2002 @02:59AM (#4540395) Homepage
    "...system is notoriously insecure"

    Bullshit. How about "I had an insecure password", or "I responded to one of those emails from a scammer that claimed to be PayPal", or "Another system I use was compromised and I stupidly use the same password everywhere" instead?

    I'm gonna guess one of those scenarios is more likely than any security failing on PayPal's part. Certainly if there was a security hole in PayPal itself, there are much bigger fish to go after -- any of eBay's Power Sellers, for instance, probably have much more than $500 or so in their accounts at any given moment.
    • by dominator (61418) on Sunday October 27, 2002 @12:04PM (#4541578) Homepage
      Actually, I never respond to emails from scammers who claim to be paypal, my passwords are quite long and not the same everywhere, I change my PayPal password once every 2 weeks, etc...

      I don't really blame PayPal for my fund being robbed. I do blame PayPal for not responding to my customer support emails. This is the crux of my complaint.

      All I asked for was an address of my grievance. I'd be pleased if they acknowledged my existence as a member of this planet. But they don't, and in my opinion, it would be the least that they could do to keep a customer happy, nevermind their legal obligations.

      Paypal proclaims to be a trusted third party, collecting, holding, and disbursing your money as only you see fit. My money was disbursed from their coffers without my permission. This is robbery. No, Paypal did not rob me, someone else did. But Paypal as a trusted third party is responsible for providing certain safeguards to make sure that they're not duped too easily. And if someone tells them that they've been duped, they have an obligation to at least investigate my charge. Or at least they should.

      Paypal is a company that manages and holds others property on behalf of them. As such, they are duty-bound to protect those properties. There are laws for companies that do this, and names for businesses that do this. Namely, they're called banks. As such, my money should be protected under laws and statutues similar to FDIC. It is not. Am I stupid for using PayPal? Maybe. Shame on me.

      Now, if PayPal had merely responded saying "We're investigating this charge" *EVEN* if they came back saying that my charge had no merit, I would not have sent this email. I refer you to these quotes from paypal's own site:

      "PayPal will investigate your complaint and attempt to recover any funds you are owed. You will be entitled to the return of any funds PayPal is able to collect on your behalf. However, fund recovery is not guaranteed."

      Please read:

      https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ te rms#insurance
      and
      https://www.paypal.com/cgi-bin /webscr?cmd=p/gen/te rms#consumer_protection

      This inaction when dealing with my funds pisses this one customer off. And, IMO, rightly so.

      Dom
  • by stubear (130454) on Sunday October 27, 2002 @03:05AM (#4540405)
    ...under US federal banking laws and this article [com.com] from CNET explains why better than I could.
  • Pay Pal is sleazy (Score:5, Interesting)

    by SurfsUp (11523) on Sunday October 27, 2002 @04:46AM (#4540589)
    My wife opened a Paypal account for me, and one for herself, then transferred $6,000 from my account to hers. We didn't see that money again for three months, as they pretended to be "investigating" the transaction for possible fraud. Never mind that we talked to them many times on the telephone, and send proof of our ownership of the accounts several times, and pleaded with them to resolve this, as we needed the money.

    The delay was beyond any point of being able to pretend that they actually made any effort to resolve the situation. It was in fact more than 10 days after we first contacted them before they would even open what they call an "investigation". They claim that their procedures are set up to combat fraud, but it's just a way of establishing deniability. That is, they pretend that they have no intention whatever of stringing me along as long as they can, while they collect interest on my money. (And no, they never did offer any compensation for the lost interest, let alone the many hours we were forced to spend pursuing them, to get our money back.)

    You think mine is an isolated case? It is by no means. Just do a web search for paypal+complaint. See all the distressed people. See the lawsuits.

    It's a transparent scam: by locking up the money of only a certain percentage of their customers, and treating the rest reasonably well, the people who claim that Pay Pal engages in a pattern of sleazy misconduct will never be believed, because they will always be outnumbered by customers who have never had a problem.

    That doesn't make it right.
  • by NeuroManson (214835) on Sunday October 27, 2002 @05:02AM (#4540607) Homepage
    I'm not sure what others' experiences have been with this company, but I'm looking into getting it myself... A new company, called NetSpend (www.netspend.com) is offering reloadable MasterCards which you can either put money onto at any store or check cashing location that allows it, or get money deposited to via online transaction... The bonus, of course, is that you can access your money directly (while paying the average $1-$2 fee for ATM usage), and a paltry $20 per year charge to maintain your account...

    The only apparent drawback of the program is that you can only transfer funds from one NetSpend account to another, so of course, your buyers/contributers need to have a card themselves... Considering that the fee is extremely low, and the fact that NetSpend is on the BBB, they seem a bit more straightforward than PayPal... Also, they don't need to pass any credit application procedures, or open a bank account (unlike secured credit cards), it can be extremely simple to obtain.

    Another added bonus is that the credit card acts as a secondary form of ID...
  • by wdr1 (31310) <wdr1 AT pobox DOT com> on Sunday October 27, 2002 @05:45AM (#4540688) Homepage Journal
    ... since there have been enough paypal bashing for one day, how about folks kicking in a buck or two to raise some more funds for abiword [abisource.com]?

    Heck, if some nimwit in NYC can raise 20k to help pay off their credit card bill from donations, surely at least $600 can be raised to help abiword? Hell, maybe we can get some of that infamous Slashdot effect directed towards kicking a buck to their back account.

    -Bill
    • since there have been enough paypal bashing for one day, how about folks kicking in a buck or two to raise some more funds for abiword

      Ummm, because that would require me to setup a PayPal account?

      I think I'll wait until they get a better donation service provider. What about c2it [c2it.com], which is run by CitiBANK (I stress the bank part).
  • by StarHeart (27290) on Sunday October 27, 2002 @06:03AM (#4540714)
    Paypal does have phone support, but you only get it with their business/premier accounts. If you have a business account it trivial to find a 1-888 number for them. Now I have read it has been outsourced to India which doesn't sound great, but at least you can talk to someone if they are actually making money off you. They shave 2.2-3.9% + 30 cents off each of my incoming money. 2.2% + 30 cents is for Merchant accounts which have qualification requirements. 3.2% + 30 cents is merchant receiving money from someone outside the country. 2.9% + 30 cents is standard business caaounts receiving money and 3.9% + 30 cents is standard receiving money from outside the country.
    The prices are like a form of sales tax, but at least they are better than c2it, western union, or bank wire. Checks would be cheaper in the US, but also less convientent. Not sure checks from out of the country would work.

    Overall I am just going to require payments be charge + paypal sales tax. It makes me wonder if the government is going to get especially upset with ebay/paypal now they they have found a way to virtually collect a sales tax on the internet.

    I am definitely use the methods mentioned above to protect myself and look for something better. So far I haven't found anything as cheap online.
  • by weave (48069) on Sunday October 27, 2002 @06:38AM (#4540778) Journal
    She made a typo when making a payment, instead of entering something like 60.09 she slipped and entered it without a period, 6009.

    Sure enough Paypal processed the payment to some individual for $6,009. Wife freaks. Writes to paypal, they tell her tough shit, they can't do a thing about it, please ensure she has money in her accounts to fund the transaction.

    So the wife cancels her credit card, talks to bank to make sure they will bounce the draft, etc...

    Sure enough, next day, a draft for over six grand bounces, first $29 bank bounce charge fee. Pay pal autowrites her a nastygram saying to fund the account, that she MUST fund the account due to her paypal user agreement and they will try again in two days. Wife writes back, DON'T TRY AGAIN. Again, they say there is nothing they can do about it.

    Again, another bounce, another $29 fee from bank. Finally, paypal gives up.

    Some tips for all that she uses that saved her....

    1. Separate checking account at a separate bank with a low balance. Remember, banks can rape other accounts you have with them to satisfy your debts to them in worse case scenarios (default, etc).
    2. Credit card with a low (~$500) line of credit. However, this isn't security enough since some banks will still pay charges that go over your credit limit. It's really up to them.

    Like another posted said earlier, Paypal is like playing the stock market, don't put in what you can't afford to lose. Just in her case, it looked like she was going to lose much more than that for a while there.

  • by Skapare (16644) on Sunday October 27, 2002 @06:44AM (#4540785) Homepage

    The money belongs to PAYPAL! So the theft was from PAYPAL, not ABIWORD. So it's PAYPAL that should be calling up the FBI. Why haven't they? Because maybe they'd end up being investigated for their shoddy business practices.

  • by Hott of the World (537284) on Sunday October 27, 2002 @08:48AM (#4540933) Homepage Journal
    It seems paypal equates to a warehouse with lots of lockboxes full of money. Money comes in or moves from lockbox to lockbox, and then goes out. However, there's no attendant, so the only thing between your money and a thief is just a key (bare with me on the bank info part, it just makes things more complicated) and a lockbox number. When a thief breaks into a lockbox, in a warehouse, normally we would call the police. But this warehouse is electronic, the lockboxes are electronic, the money, well, you get the idea.

    Hell, I would probably feel safer giving my money to a backwoods county fair carney. Least I can try to kick his ass if he loses it, and would have some knowlege of who stole it from him, if he were robbed.

  • by brunes69 (86786) <slashdot@nOsPAm.keirstead.org> on Sunday October 27, 2002 @10:05AM (#4541084) Homepage

    Don't even bother with Paypal customer service, they have been stonewalling everyone for years. Try talking to Ebay customer service,... and try to talkyou way up to amore senior Manager or someone else who has the authority to call up the Paypal losers and demand "whats going on here?" Hopefully Ebay doesn't want to risk its reputation going gown the tubes as quickly as Paypal's did a few years back.

  • by fname (199759) on Sunday October 27, 2002 @11:36AM (#4541427) Journal
    So this Jun character bought the camera with stolen money. What I don't get is this. As soon as that transaction went through, abiword should have contacted all parties involved in the transaction and told them to stop. In other words, don't ship the camera, by explaining to the seller that it is being paid for fraudulently. This shifts the burden.

    Then, was this money left in the Paypal account, or was paypal just used as a conduit to rip off the bank?

    I have to agree with a lot of others, who say to not leave much money in the account. There's just no upside, unless they were saving up to pay a seller who wouldn't take credit card payments.

    Finally, to further protect yourself if you need to se Paypal: 1) sweep your account daily, 2) contact your bank and tell them to not allow transfers to Paypal, or 3) attach a bank account to Paypal that has a low balance.

    Paypal is not a bank, they don't claim to be. And you can sue Paypal, as a judge ruled their arbitration process was unreasonable [com.com], more or less.

    Good luck recovering those funds. Go after the transaction endusers, as they have some liability here for receiving stolen goods/ property.
  • Whom do you serve? (Score:5, Insightful)

    by verbatim (18390) on Sunday October 27, 2002 @01:28PM (#4541998) Homepage
    It's the same question that affects the banks: who pays who?

    The bank offers the service of holding your money in a safe location so that you don't have to worry about losing it. The bank also provides money services that require a certain amount of trust - chequing, lines of credit, etc. You pay the bank for these services.

    On the other hand, you are providing the bank a service too. You allow them to use your money (for many reasons) and, in exchange, the bank pays you for this service in interest (although, not very well).

    A bank requires trust not only from those who bank with them but also with those third parties who interact with customers of the bank. A cheque (and credit cards, too) only works if everyone trusts that the bank system works (sure, you can overdraft on a cheque, but the bank will report that).

    PayPal _is_ a bank by definition. They can skirt around the issue as much as they want to, but they are a bank. More importantly, they are a (or should be a) trust. That is, everyone _trusts_ that PayPal is honest to the core - that you can trust them to hold your money and provide the services that they offer in a legitatmite and honest way.

    They are not a savings bank, however, and should not be required to fall under the same laws as a savings bank. They are not (should not) be required to provide insurance on deposits and they should be allowed to verify all transfers and 'money movement' at their discretion.

    The abiword theft doesn't make sense - did this person steal a password or something? Did (s)he compromise the PayPal system in some way? If the former is true, PayPal would not, necessarily, be liable - the person who stole the password would be. If, however, there was a security compromise, then PayPal should be accountable for the money - they should put the money back and sue the thief.

    --

    I want to touch on something that I've read alot on sites like paypalsucks - the issue of PayPal "double-dipping" and taking funds without permission to settle accounts.

    IF YOU ARE STUPID ENOUGH TO AUTHORIZE ANY COMPANY TO DIRECTLY WITHDRAWL / DEBIT MONEY FROM ANY OF YOUR ACCOUNTS THEN YOU GET WHAT YOU DESERVE.

    Don't be so fucking stupid and ignorant as to give _ANY_ company the keys to your accounts. So what if you have to enter your credit card # on each transaction? Or send a cheque instead of allowing them to directly withdrawl from any bank account. Don't get me wrong, if PayPal takes your money without authorization then it's still wrong on their part - you just helped it along. By not authorizing them to save your information you catch them in a much tighter corner.

    In the end, it's all about trust. If enough people stop trusting them then they will either fold up or mandate themselves under the same laws that control the banks.

Center meeting at 4pm in 2C-543.

Working...