Abiword's PayPal Donation Fund Robbed 608
SabberFlapper writes "According to this Announcement to the developer list of Abiword the Abiword fund was robbed. Dom Lachowicz writes: 'I'm duty bound to let you all know that the AbiWord Fund/Tip Jar has
been robbed approximately three weeks ago. I'm telling you this now,
rather than sooner, since I believed that Paypal would do something
about my complaints during the interim, and that this would all be
resolved quietly. Today, 23 days later, this does not look like it will
happen. [..]
I do however, recommend doing several things:
1) Writing to Paypal, in letter, email, or fax form alerting them to
this travesty.
2) Calling Paypal on AbiWord's behalf.
3) Writing or calling your Congressman/woman, pointing out that Paypal
is acting like a bank, but not operating under formal banking laws.
4) Boycotting Paypal because of these reasons, and the fact that their
system is notoriously insecure, and encouraging others to do the same.'" Of all the groups to steal from -- AbiWord?
How was it done? (Score:4, Interesting)
What surprises me (Score:5, Interesting)
That's revolting... (Score:3, Interesting)
The question is, what other services are there in Internet space that does the same thing they do? Any banks trying to offer secure payment over the Internet?
Pro-bono lawyers might help here (Score:5, Interesting)
Any lawyers out there willing to help out AbiWord pro bono?
Robbed? (Score:2, Interesting)
Monopolies are a drag (Score:2, Interesting)
So, what are my choices (that's what we love to jump up and down about having)? Are there other online aucctions that even have a chance of being as large as eBay? Or other payment methods? I see the whole PayPal-as-part-of-Ebay, so much like the Microsoft having become the defacto desktop and then pushing it's web browser and subsequent internet policies on everyone.
Comment removed (Score:5, Interesting)
Re:How was it stolen? (Score:4, Interesting)
Of course, isn't the purpetrator's name tagged to the transaction? You have to have a valid bank account to move funds out of your PayPal account.. wouldn't it just make it that much harder to hide from the authorities if you broke in to someone's account and moved stuff over?
This reminds me of when lowendmac [lowendmac.com] got hit last month (earlier this month.. something like that). It's unfortunate PayPal has "critical mass" or whathaveyou. You'd think that someone big would care, but they can't even be bothered to work with all banks.
Re:Well... (Score:2, Interesting)
Suppose the weakness in the security here is that one of the Abi people used a weak password or left it out for someone else to see? Or that a vindictive former Abi team member decided to wreak havoc on his former colleagues? Suppose (against all hope) that it really isn't that PayPal has some latent insecurity in their system that was exploited. Then it's just tough cookies for the Abi people.
The Abi folks might be victims of a crime, but until someone makes clear that PayPal has broken a contractual agreement with the Abi people, I can't fault them.
Done and Done... (Score:5, Interesting)
Even if they do outsource their support to India, I'd bet they keep some sort of stats about emails and the issues covered...maybe if enough people complain and cancel their accounts someone will listen...unlikely but it's worth a hope.
-tcp
Re:What surprises me (Score:5, Interesting)
I call bullshit -- or at least misinformed.
Not only do you accrue interest on the cash balance in your PayPal "account", they also have a money market fund you can invest in.
If they aren't trying to be a bank but saying otherwise, I... never mind.
My point is that PayPal are whores with the ethics of a petty thief, and I sincerely hope eBay straightens them right out.
However, since I read about the debacle of eBay CSRs getting told off for shutting down questionable auctions because those auctions belonged to Power Sellers (eBay's most profitable customers), I'm now questioning eBay's ethics/morals as well.
*sigh*...
The guy didn't do anything wrong... (Score:2, Interesting)
I havent read the details yet, but I am a little curious as to how the money was stolen. If the password was "abiword", for example, I would not think less of PayPal if they laughed.
On the other hand, if a server was hacked or a rep socially engineered, PayPal should fire whoever didn't follow the security policy and give the money back no questions asked. Perhaps even slip in a little more money so that the robbed will keep quiet.
Like most people, I think governments should do something to keep PayPal in check (assuming this whole ordeal is their fault).
Re:What surprises me (Score:4, Interesting)
I quit using Amazon.com after I decided I needed to call them and discovered that their "Contact Us" page does not contain a phone number.
I encourage everyone to boycott companies that try to avoid spending money on a very necessary call center. Sprint ($5 if you want to make a credit card payment while talking to a live representative), Amazon.com (I dare you to find a phone number on the 'Contact Us' page), and any others.
Re:What surprises me (Score:3, Interesting)
It isn't just the criminals; it is paypal too (Score:3, Interesting)
But when it comes time to pay, they have so many exclusionary principles [and I don't say exclusionary clauses: you don't see these until you try to collect] that they are effectively not insured.
Further, because of profit structure of their current system, they actually do not even stop the criminals when they could easily do so. A criminal who does $1500/mo. of business through their system is preferred over an honest person who does $50/month; and they help to effectively hide the criminal.
So effectively they provide a haven for criminals, and they also provide a safe-looking "waystation" where unsuspecting people can be waylaid.
That was the specific case of my own ~$500 loss to a criminal on the paypal system with the help of Paypal's structure. They could have easily stopped the payment, they chose not to. They could have easily submitted the fraud claim to the insurance [there were several levels of fraud, 3 of them provable, the fourth being that he shipped a Win98 User's manual instead of the licensed copy of Quark he sold]. However, since there was ONE instance of "unprovable" fraud (well, he shipped something) then they said "valid sale, no insurance."
Paypal needs to go. I don't mind them existing, I don't particularly need the government to get involved, but people need to stop using paypal on their own, not for a boycott, but for their own sake -- more reasons for which have been added here.
I, for one, will not pay by Paypal again.
They waylaid me. Not some criminal [who did take advantage]. No. PAYPAL waylaid me.
PayPal Security and what THEY think about it... (Score:2, Interesting)
Bill
Pay Pal is sleazy (Score:5, Interesting)
The delay was beyond any point of being able to pretend that they actually made any effort to resolve the situation. It was in fact more than 10 days after we first contacted them before they would even open what they call an "investigation". They claim that their procedures are set up to combat fraud, but it's just a way of establishing deniability. That is, they pretend that they have no intention whatever of stringing me along as long as they can, while they collect interest on my money. (And no, they never did offer any compensation for the lost interest, let alone the many hours we were forced to spend pursuing them, to get our money back.)
You think mine is an isolated case? It is by no means. Just do a web search for paypal+complaint. See all the distressed people. See the lawsuits.
It's a transparent scam: by locking up the money of only a certain percentage of their customers, and treating the rest reasonably well, the people who claim that Pay Pal engages in a pattern of sleazy misconduct will never be believed, because they will always be outnumbered by customers who have never had a problem.
That doesn't make it right.
Re:What surprises me (Score:5, Interesting)
Why did you just post 17 articles in defense of Pay Pal?
sign the petition RIGHT NOW (Score:1, Interesting)
sign the petition RIGHT NOW [petitiononline.com]
sign the petition RIGHT NOW [petitiononline.com]
sign the petition RIGHT NOW [petitiononline.com]
Re:What surprises me (Score:5, Interesting)
sprint on the other hand is a really disappointing company... i'm getting rid of sprint, though for entirely different reasons.
Re:No Recourse? (Score:3, Interesting)
Re:What surprises me (Score:4, Interesting)
It's Paypal's fault. Banking institutions take out indemnities against things like theft and fraud, as well as corporate liability insurance and the like. If Paypal don't, they shouldn't be allowed to trade.
Re:What surprises me (Score:2, Interesting)
I recently ordered some video tapes, and one was blank after the first five minutes. Initially I tried their email support, but spent a week receiving just form emails that didn't answer the question.
So I gave them a call (expecting to be on hold for ages) but got answered within a minute and had new tapes sent over next day.
Next time I have a problem of course, I'll call first rather than email - which won't do much for their bottom line.
If you get your money back the seller will lose! (Score:1, Interesting)
There was a dual failure here. Your account was compromised, either through PayPal hacking or your poor password (I suspect the password's at fault). The second failure is one by the seller. He probably accepted the transaction even though the ship-to address didn't match the "verified" address of the account owner.
My point here is that unless you can prove that your password was compromised even though it was secure, PayPal DOES have adequate security procedures in this instance.
If you indeed had a bad password or failed to protect it properly, you should accept blame for this and take the loss. Otherwise, the seller of this item will end up at the short end of this deal. True, he made a mistake by disregarding PayPal's non-verified address warning (and he was warned), but this was likely all your fault to begin with.
At least this is going to make me change MY password to be more secure...
Comment removed (Score:3, Interesting)
Re:How was it done? (Score:3, Interesting)
How about this [paypalwarning.com]? Could Dom have been suckered by such a message? (More details here [paypalwarning.com].)
paypall tries to overbill (Score:2, Interesting)
-----Original Message-----
From: Setup@PayPal.com [mailto:Setup@paypal.com]
Sent: Wednesday, October 16, 2002 5:25 PM
Subject: Important message from PayPal
Dear Merchant,
We would like to update you on new Visa & MasterCard regulations that affect the way Internet Payment Service Providers (IPSPs) such as PayPal conduct business. Both Visa & MasterCard require high-risk merchants to complete a registration form, pay an initial registration fee, and pay renewal fees on an annual basis (details below).
We value our Merchants and are dedicated to providing you with the high quality service to which you are accustomed. Please note that these fees are imposed by Visa and MasterCard, not by PayPal. In keeping with PayPal's core policy of not charging set-up costs and/or annual fees to our Merchants, PayPal (in contrast with many IPSPs) will not add any additional or hidden costs to these Visa & MasterCard fees.
PayPal, like all other IPSPs, must comply with the regulations. In order to assure your continued access to PayPal's transaction platform, we need you to provide the requested information by November 1st. If we do not hear from you by the close of business on November 1st, PayPal will be unable to process your transactions until all such information has been submitted.
While some IPSPs have announced that they will cease processing for non-US merchants, that is not the case with PayPal. PayPal will continue to process transactions for high-risk merchants in the United States, Canada and Europe through our existing banking arrangements in these areas. In addition, we will continue working to expand our banking relationships worldwide.
Below is a summary of the requirements for both Visa and MasterCard:
VISA:
* Visa will require an initial registration fee of $500
* Visa will require an annual renewal fee of $250
* Paypal must provide Visa with monthly sales, chargebacks and refund information on each Adult merchant.
MasterCard:
* MasterCard will require an initial registration fee of $1,000
* MasterCard will require an annual renewal fee of $500
We will be sending another email out shortly requesting the specific information we will need to bring your business into compliance with the new regulations. We will also provide instructions on fee collection.
Should you have any questions, please send an email to setup@paypal.com. We will endeavor to respond in a timely manner.
Very truly yours,
The PayPal Team
Re:Easy (Score:3, Interesting)
Way to make everyone else's case with your own analogy.
In the case of banking, this "insurance" is mandated by the federal government. So yes, if your bank account gets robbed they do owe you something.
Similarly, credit card companies are bound by federal law [findlaw.com] to hold you liable for no more than $50 of charges if your card is stolen. There is such a thing as consumer fraud protection in this world.
The legal issue is simply if PayPal should be held to a bank's level of responsibility or not.
The issue is NOT "life is risky, screw you if you get screwed." God that mentality makes me puke.
My Email To PayPay: (Score:2, Interesting)
I was going to sign up for a PayPal account, but have just been informed that AbiWord has had their donation PayPal account robbed, highlighting the lack of security and customer protection within your service. The coercion to give bank account information upon payment receipt is unacceptable, and your use of debit functions rather than credit on cards that support both shows great disregard for your customers' protection offered by VISA and other credit services. Until you rethink your service with the thought of protecting your customers' transactions, and working for them to make PayPal as convenient, customer-friendly and
secure as possible, I will keep using my credit card and checks through snailmail for all online transactions.
Re:Don't give them bank details (Score:4, Interesting)
Schwab [schwab.com] has deposit-only account/routing numbers for all their accounts (they're the ones given out for direct deposit, currently under Account -> Transfers & Payments -> Direct Deposit). If money is attempted to be removed using the same numbers, an "account not found" error is given (saving the fees from both ends associated with the "account overdrawn" error). This works with PayPal, because they verify your account by depositing small amounts of money into it (which will work).
Granted, you have to have quite a bit of dough [schwab.com] for it to make sense to use Schwab for checking, but it would be interesting to know if any other banks provide this kind of service. Of course, it would be more useful if one could pressure all banks to provide this. Then again, I guess the ultimate solution would be to have the same consumer protections that apply to credit cards also apply to one's account/routing numbers.
Re:How was it done? (Score:3, Interesting)
Typically what happens with PayPal cases like these [paypalwarning.com] (they're extremely common) is that the account is "restricted" from some trivial reason like a cancelled payment or for no reason at all, and then it is impossible to withdraw money from the account. Then PayPal will start making unauthorised withdrawals from you bank account and credit card. They won't unrestrict the account until you fax them utility bills, social security card scans, drivers license scans, etc multiple times because they always claim they they didn't receive the information. Even then, it is rare to get the account un-restricted. Complaints and investigations by police, government, etc tend to get the account nuked. And of course you never get your money back.
Hence, you have been 'robbed' by paypal.