Re: [LINK] PayPal security and account verification
Report the scam to ASIC? A security gap as large as that qualifies as a scam, I reckon. On 17/3/19 5:17 pm, Ivan Trundle wrote: Hi Linkers I’m seeking assistance in dealing with PayPal. In a nutshell, someone has signed up to PayPal using my email address (not this one), and I’ve asked PayPal to decouple the email address from the user’s account. The response I received was not satisfactory. Because one of my email addresses is ‘attractive’ to some people, they often use it to sign up to sites and services without that site or service verifying the entered credentials. I’m used to dealing with it, and have generally had the issue resolved easily enough, though there are times when I’ve had to sign up to the service with my email address (parking my credentials) just to prevent others from doing the same. Or receive spam forever... Dealing with PayPal demands communication through their web interface, and all messages are deleted after 90 days. I asked for a phone number to call, and spoke moments ago to one of their American representatives, who was belligerent and unapologetic overall. The response was typically condescending: that my email account may have been recycled, or that the user mistyped, etc. All well and good, but all I asked was that my email address be returned to me, by decoupling it from the other user account set up yesterday. They said not possible without contacting the user first, and even then they suggested that it might not happen. So in signing up to PayPal, it is possible to type in a fake email address, and a phone number, and continue using that account without verification of the email address. Poor form on PayPal’s part, but it gets worse. I received a welcome message from PayPal (in German, since the account was set up in Germany using a German phone number, apparently), seeking to verify my credentials. I ignored this, and expected the matter to die naturally. Then, moments later, I received another communication from PayPal with confirmation of the user’s German Bank account details, and a reference number for future activity. At this point I wrote to PayPal seeking assistance, and received bland responses. After my third communication from PayPal about my new account, I asked for a phone number to call, and was told that there was little that could be done, and that the representative didn’t want to rely on Google Translate to talk with their German counterparts(!), and that all they could do was ask the Germany PayPal arm to perhaps phone the user. No offer of a solution at all, and I was left thinking that a simple exploit of PayPal would be to write a script to sign up thousands of accounts to PayPal using addresses scraped from the internet, thus blocking real users from setting up an account. But this aside, the continual email trail from this user’s activities would allow me to, for example, make large donations from the user’s account to charities (as has happened when bank account details have been published), and to track his purchases (already happened). Not just annoying, but remarkable given what PayPal is all about. I’ve had better responses from American hotel chains and Russian department stores... I can’t call him directly, since I only have part of his phone number (though I could track his name down perhaps), and I can’t access his PayPal account (because I don’t have the password, and password resets are managed via a phone number). So my only recourse is through the indifferent and unapologetic PayPal representative. Is there more that I can or should do? Thanks in advance Ivan ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link -- Roger Clarkemailto:roger.cla...@xamax.com.au T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] PayPal security and account verification
On 17/03/2019 8:37 PM, Roger Clarke wrote: for Ivan (I didn't get Ivan's email - odd) But this aside, the continual email trail from this user’s activities would allow me to, for example, make large donations from the user’s account to charities (as has happened when bank account details have been published), and to track his purchases (already happened). Not just annoying, but remarkable given what PayPal is all about. I’ve had better responses from American hotel chains and Russian department stores... I can’t call him directly, since I only have part of his phone number (though I could track his name down perhaps), and I can’t access his PayPal account (because I don’t have the password, and password resets are managed via a phone number). how about contacting his bank? They may be interested in Paypal not providing accurate customer information for funds transfers. It wouldn't surprise me if German banks are more concerned about Identity theft matters than an American company. Jan -- Melbourne, Victoria, Australia jw...@janwhitaker.com Twitter: @JL_Whitaker Blog: www.janwhitaker.com Sooner or later, I hate to break it to you, you're gonna die, so how do you fill in the space between here and there? It's yours. Seize your space. ~Margaret Atwood, writer _ __ _ ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] PayPal security and account verification
On Mon, 2019-03-18 at 08:19 +1100, JLWhitaker wrote: > how about contacting his bank? They may be interested in Paypal not > providing accurate customer information for funds transfers. It > wouldn't surprise me if German banks are more concerned about > Identity theft matters than an American company. And don't worry about the "language problem" - most Germans can speak English, and most bank staff speak it very well indeed. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75 Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Tesla
On Sunday, 17 March 2019 17:24:36 AEDT Roger Clarke wrote: > So check Maschmedt & Searle (2018) at: >>https://www.kwm.com/en/au/knowledge/insights/driverless-vehicle-trial-legislation-nsw-vic-sa-20180227 Interesting... That paper indicates the only regulation in place in Australia relates to trials of autonomous vehicles. However anyone can buy a Tesla right now, so do they have the automated-driving functions disabled? If not, are we relying on drivers to stay in manual mode, and what do Tesla salespeople tell potential customers? The opening of s.4.2 of your paper at http://rogerclarke.com/EC/AIR.html#LS states: > In-place industrial robotics, in production-lines and warehouses, is > well-established. Various publications have discussed general questions of > robot regulation [...] Even such vital aspects as worker safety and employer > liability appear to depend not on technology-specific laws, but on generic > laws, which may or may not have been adapted to reflect the characteristics > of the new technologies. The ABC RN program "The Minefield" is a regular feature where Waleed Aly & Scott Stephens discuss ethical issues. Yesterday's edition was about robots, and it's well worth a listen - see https://www.abc.net.au/radionational/programs/theminefield/ Here's a scenario from the program. Some companies are developing realistic sex robots. Assuming these are purely mechanical in the sense they have no consciousness, emotions, moral compass, etc., would it be right to produce one which said "no" for use by those with rape fantasies? Would facilitating that desire with a robot increase the liklihood of rape of a human? It's not all just technology... Cheers, David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
