PayPal accounts integrated with Google Pay are hacked

Earlier this year users of PayPal accounts that have been linked to Google Pay have reported unauthorised transactions on their PayPal accounts.

According to a number of victims, the illegal transactions have taken place at shops in the US with purchases particularly prolific at Target stores in New York.

Most of the victims appear to be from Germany and the costs of the transactions run as high as €1,000 in some cases.

PayPal has created a virtual payment card with a number, expiration date, and CVC number. When a Google Pay user makes a payment using PayPal funds, the transaction is done via the virtual card.

Researchers believe hackers could have found a way to discover the details of the virtual cards, though this is by no means certain.

PayPal said it has now resolved the issue without giving further details.

PayPal flaw

Two security researchers said last year they discovered a flaw in PayPal that allowed hackers to read the card details of a virtual credit card from a mobile phone if the mobile device is enabled.

This could likely happen via a near field communications (NFC) reader app. NFC is used when you tap your card on a payment device. For security purposes, the signal range is meant to be no more than about 20 centimetres. However, if a mobile device is being used to make a payment it has been proven that attackers can read the signal from up to 10 meters away with special equipment.

Given that only users from Germany, some of whom have never even visited the US, are affected suggest that their virtual card details are being picked up at contactless payment facilities in Germany and then brute-forced to reveal the full payment numbers.

For instance, in Germany the first eight digits of the virtual card are always the same, leaving 7 digits left to guess. The researchers who first discovered the flaw said attackers would only need 170 guesses to establish a valid credit card number and card expiry date.

With automated software, this could be discovered in seconds and online accounts could be filled up with funds from hacked PayPal accounts within minutes.

What to do?

  • Google has reportedly said that fraudulent payments need to be cancelled through PayPal.
  • PayPal advises reporting fraudulent transactions immediately so they can be cancelled.
  • PayPal users can also avoid using contactless features and remove Google Pay from their PayPal accounts.

Be vigilant everyone.

The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.

The Gavel Drops On Internet Auction Sites

gavelYou either love them or you hate them, but online auctions sites are here to stay.

eBay is the one that most people recognise, but there are numerous other auction websites out there. In fact, The Sunday Times produced a list of their Ten Best Auction Websites.

If you have access to a computer, the chances are you’ve dabbled at some point, either buying or selling. They can be a treasure trove of cheap or hard to find items, but, unlike a real-life auction house, you can’t physically see what you’re buying.

So how do you know you’re not going to be ripped off?

Robert Jackson (Gudgeons Prentice Solicitors) explained the process in September’s edition of In Touch with Stowmarket.

How auction sites work

As with all auctions, you bid against others and the highest bidder wins (unless it’s an eBay ‘Buy Now’ item).

But when you buy an item, you are buying direct from the seller and not from the auction site itself.

Therefore, if you have a problem, you’ll have no recourse from the auction website. You must contact the seller.

The beauty of eBay and other such sites, from a sellers point of view, is that it is available for private sellers as well as businesses.

For the buyer, that can cause a problem because private sellers don’t have to meet the same rules and regulations as businesses.

A business must provide goods of a satisfactory quality and be fit for purpose, but private sellers don’t. So, if you have an issue with a private seller, you’ll have to take it up with them directly.

If you buy from an individual, you are ultimately reliant on the feedback ratings system, which will give you an indication of their reputation. It would also pay you to shop around when researching prices – just because the item is listed on an auction site, doesn’t mean it will be at the best possible price.

Buying from an auction website can be a gamble, but if you take time to research the seller (especially if they are an individual), read the feedback left by other people, and compare the price to other online retailers, you should be safe.

It can also be great fun and can lead to some amazing bargains. Why not have a go?

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Staying Safe Online–Shop Safely

shoppingThere’s nothing better than a spot of retail therapy.

Of course, with the internet, you don’t even have to get wet doing it! Now if the weather’s a bit pants but you need to do a spot of shopping all you have to do is go online.

But things aren’t always as they seem.

How many websites have you come across offering a free trial offer? You probably can’t believe your luck, sign up and think nothing of the screen that asks for your credit card details – just to cover p&p you understand.

But 9 times out of 10, you’ll start receiving and be billed for other products that you probably don’t even want. Once you head back to the website to find out what’s going on you spot the teeny tiny print that informs you should you wish to cancel at any time, please call our customer services department who will be happy to help. Yeah right – they’d be happy to help if you could actually get through to them.

This type of distance selling is governed by rules but only in the UK. So if the site you visited is based overseas you’re unlikely to get your cash back.

Be vigilant and stay safe

The internet is a safe place to buy provided you follow a few simple rules and use a bit of common sense.

  • If it looks too good to be true, it probably is.
  • Use sites you know, so if you’re just dabbling with internet shopping stick with the big national stores.
  • Research what you’re buying to get the best deal. But if you find a site that’s selling the product vastly cheaper than anyone else, listen to the alarm bells that should be ringing in your head very loudly.
  • For security use your credit card or, even better, a Paypal account – that way the buyer never gets to see your credit card details. Only use your debit card if you trust the site.
  • Never, ever give your bank account details – even if they don’t take credit cards or Paypal and you really, really want the item.
  • Only buy from sites that use a secure service and display either https:// or the padlock symbol.
  • Anyone can fall foul of hackers so always check your statement when you receive it and report anything unusual no matter how small an amount or even if it’s refunded later on. If you don’t recognise it, check it out.

Buying online is convenient, fast and can often get you a better deal than you’ll find on the High Street.

Just remember to be vigilant and take a few simple steps to stay safe.

Author: MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.