Tuesday, November 19, 2013

eBay and Paypal process order with unconfirmed email address



I never would have imagined that someone could use my email address to open an eBay and Paypal account and order something.  It happened to me and my adventure with eBay and Paypal security phone support was rather disappointing. 

I get email welcoming me to eBay.  Kinda strange since I have had an eBay account for over 10 years already.  I just assumed the email was a phishing type and did not take too much notice to it.  Then a few minutes later I get a receipt email from Paypal.  Ohhh boy now the few hairs I have left on my head are standing straight up.

I look over the eBay email by hovering the mouse cursor over all links and each link was a valid eBay link.  So the email was not phishing.  It also had my real name on the welcome header.  Next I verify the links in the Paypal receipt email and they are also valid.  Now I am worried.  I sign on to my Paypal account and it shows no activity.  I go back to the eBay email and notice that the user id is not mine. 

I immediately got on the phone with eBay and after a few minutes I am talking to a live person.  She was not too swift, but it was not like I was talking to someone in India either, she was listening.  I explained the emails and she is verifying the item number and my email address. They needed to confirm that I actually controlled my email address.  After a long chat she decides that I need to take this up with Paypal and she can’t explain the issue.  So on to Paypal and this time it sounds like an American.  I go through the whole process and they verified my credit card was not used.  They told me it was a Visa card.  So we verified using the last 4 digits on all of my credit and debit cards that none of them were used.  Paypal decided that I need to check with a credit bureau that no new accounts were opened in my name.  They can’t tell me who actually did the order, but I already know that from the shipping address on my Paypal email receipt!  Paypal refused to close/suspend the account that is using my email address.  

So I decided to Google the shipping address in the Paypal email.  Bingo I find the guy with a phone number.  I call the number, I spoke to his daughter who gives me his work number.  I call the work number and he’s not too convinced he used the wrong email address.  But after I told him what he bought he’s listening now.  Sure enough he verifies he spelled the email address wrong!

Now how did eBay and Paypal allow a non-verified email address to place an order?  That’s just crazy piss poor security.  I am just relieved that it was not fraud, it was just a simple letter being left off an email address. 

No comments:

Post a Comment