lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 9 Jun 2011 14:26:07 -0700
From: Aaron Turner <synfinatic@...il.com>
To: nix@...roxylists.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NiX API

On Thu, Jun 9, 2011 at 2:20 PM,  <nix@...roxylists.com> wrote:

>
> Yes. That's the flipside of the coin. However though, any merchant that
> accepts purchases from user's behind proxies or other anonymizer's is
> taking a siginificant risk. According to my knowledge and experience, if
> this proxy happends to be in PayPal's database or this IP-address differs
> too much from your regular login history, their automation will revert the
> payment usually some hours after or during the next day.
>
> Guess what will happend to that merchant? They are frustrated while
> answering unauthorized paypal claims. If this purchase was done using a
> stolen credit card, PayPal will charge this merchant for outrageous fees
> !!
>
> If this purchase was made using illegally someone's paypal account, they
> will still charge this merchant for their revenue percentage!! So in other
> hand, it's you merchant who will suffer and get all horshit for that
> fraudulent purchase. Paypal will always win and earn profits from this
> purchase!
>
> This happened to us about 50 times in 2.5 months period. Needless to say,
> im still mad as hell. We lost several hundreds of bucks to those paypal
> 'reversal fees' + wasted significant amount of our precious times while
> answering to those disputes.
>
> The API resolved all issues. There has been few legit customers who
> wondered why they could not login using the proxy, I said, remove the
> proxy and try again and then do purchase. They did. A fraudulent user
> never bother for this, they will leave your site alone.


Sounds like your real problem is that PayPal sucks... shocking!  If
only there was a website dedicated to the problems with paypal.  You
know, something with a catchy name that clearly spells out the fact
that PayPal sucks. Hmmm... I know!  I'm going to register
paypalsucks.com right now!  Oh, wait...

Still unclear why you started this thread on F-D.

-- 
Aaron Turner
http://synfin.net/         Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ