| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jun 2011 00:55:49 +0300 From: nix@...roxylists.com To: "Aaron Turner" <synfinatic@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: NiX API > On Thu, Jun 9, 2011 at 2:20 PM, <nix@...roxylists.com> wrote: > >> >> Yes. That's the flipside of the coin. However though, any merchant that >> accepts purchases from user's behind proxies or other anonymizer's is >> taking a siginificant risk. According to my knowledge and experience, if >> this proxy happends to be in PayPal's database or this IP-address >> differs >> too much from your regular login history, their automation will revert >> the >> payment usually some hours after or during the next day. >> >> Guess what will happend to that merchant? They are frustrated while >> answering unauthorized paypal claims. If this purchase was done using a >> stolen credit card, PayPal will charge this merchant for outrageous fees >> !! >> >> If this purchase was made using illegally someone's paypal account, they >> will still charge this merchant for their revenue percentage!! So in >> other >> hand, it's you merchant who will suffer and get all horshit for that >> fraudulent purchase. Paypal will always win and earn profits from this >> purchase! >> >> This happened to us about 50 times in 2.5 months period. Needless to >> say, >> im still mad as hell. We lost several hundreds of bucks to those paypal >> 'reversal fees' + wasted significant amount of our precious times while >> answering to those disputes. >> >> The API resolved all issues. There has been few legit customers who >> wondered why they could not login using the proxy, I said, remove the >> proxy and try again and then do purchase. They did. A fraudulent user >> never bother for this, they will leave your site alone. > > > Sounds like your real problem is that PayPal sucks... shocking! If > only there was a website dedicated to the problems with paypal. You > know, something with a catchy name that clearly spells out the fact > that PayPal sucks. Hmmm... I know! I'm going to register > paypalsucks.com right now! Oh, wait... > > Still unclear why you started this thread on F-D. > I started this thread because the API service is free of charge if you take it in use and put a backlink on your site. This is a security related mailing list as well, the API improves your web site's overal security as well. Im quite confident also that our recent discussion of online fraud has revealed many interesting facts how paypal earns every day tens of thousands of dollars by charging innocent merchants for reversal fees although they were victims of online fraud. > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & > Windows > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > "carpe diem quam minimum credula postero" > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists