I sold a bracelet to someone that had the exact same street address as I did. She got it, emailed me, and left good feedback on ebay. That was a while back. October 6-7. Paypal was flakey when I was both looking at the transaction AND when I tried to put in the shipping number. It crashed, zrrrrrrrrrrrrp and was down for a week. It made national news. Updates they said. Made the system unavailable. Woa - it did more than that! Nov. 16, I got a chargeback. I went to my account to see what it was, and it was a pugster charm I'd never sold. I got scared my eBay account was compromised, but when I checked ebay, I saw that it was not me that was the seller in th eauction. Looking closer, I realized I had someone else's transaction data merged with my own. I freaked worse. Called paypal. The first 4 people I talked to said "your account is weird." Then I got to Nebraska where the security and fraud folks are. I was told a hacker accessed my buyers account - she had fraudulent funds. Then someone told me that a hacker messed with my buyers address. I kept saying what about this pugster charm? Finally one person told me that my account got 'hosed' during the updates. Well, that is simply not acceptable. A financial institution - even though Paypal is not a bank, they do offer money market accounts and dividends, would normally NEVER let this happen. What caused this? One thing that was interesting is that my buyer and I had the same address. She and I both had an item in our account that we did not have anything to do with. I called her - she had not filed the chargeback against me but against the seller of the pugster charm. There was a scam alert about vulnerabilities in credit card address processing that came out about this time. Were these part of the updaetes? I don't know, it all makes me go hmmmm. Some folks think they were hacked. If they were hacked, then I suspect someone had fun in the database...but wait...wouldn't their internal controls lock records of transactions and prevent multiple postings to different accounts? If it was 'bad code' this is not acceptable. Financial institutions have databses with intergrity out the wazoo. They have to - Look at the SOX act. Failure to have proper controls is just not something they'd allow. Surely? |