undefined | Better HN

0 pointsjotm12y ago0 comments

See, that "account should be locked" is what got people to hate Paypal in the first place - they used to be quick on the trigger, wrong IP = locked account; transfer to new account = locked account, etc. And it took 1-2 weeks to restore.

Now they laxed the security somewhat and people give them sheet for that... There's no winning for them, is there?

But really, the employees should not give away any user information, ever. It should be a one way street here. That would have stopped the attacker in this case, as well, I believe...

0 comments

mseebach12y ago

I didn't mean locked from transactions or logins using existing good credentials - I meant locked from front line customer service reps accessing its details.

If you loose your credentials and the token that you can use to recover your credentials with (credit card number), it's fine, even preferable, that it takes 1-2 weeks to recover them.

Also, people don't seem to be up in arms over PayPal freezing funds on suspicious activity for 1-2 weeks. They seem to be up in arms over funds being indefinitely frozen with no recourse for the unambiguously legitimate account owner.

jotmOP12y ago

They're never indefinitely frozen - you can transfer them to your bank account after 6 months, that was always the case.

People have a problem with sending their credit card scans, driver's license, birth certificate, marriage certificate and their first born in order to remove those dreaded limits that seem to be imposed for little reason :-).

I gotta say that's not the case anymore, at the very least they don't limit the account for paying too much on eBay or logging in from a different IP in my experience (and that's a good thing).

j / k navigate · click thread line to collapse