"Network Solutions, the domain registration and hosting service company, suffered a massive security breach that lasted three months and exposed tens of thousands of credit card numbers of its customers and of the businesses that use its hosting and online payment processing service. The company is just beginning the victim notification process. 'There is no information on how the code was planted on the sites. While examination of the code shows that it had the ability to ship data off to a third party, and Network Solutions believes that it did just that, the exact code is not available for public review. There is also no public information as to where the data believed to be stolen was sent.'" http://it.slashdot.org/story/09/07/2...ve-Data-Breach
Someone needs to explain to me exactly why/how PayPal is "more secure". Assuming that you have your bank account attached to it, you're basically offering an invitation to anybody who manages to compromise your account (the one you enter the full password for each time you think you're on their website - make it easy for keyloggers and the large number of phishing attacks!).
Yes, you will probably get the money back, but it can take months. With decent credit cards fraud issues are dealt with quickly and you will (in most cases) not have to pay out anything against that fraudulent balance.
Some people use two-factor authentication to mitigate these kind of attacks; however that really isn't the issue here.
Sorry I know it's slightly off-topic, but I believe relevant enough since the implication suggested in this thread is that consumers are safer with PayPal; I know that's what PayPal claim, but the reality is somewhat different.
AFAIK PayPal doesn't support any sort of two-factor auth.? I know some banks do, but that's kind of my point (PayPal can often mean access to your bank account funds without any of the safeguards your bank deploys); I'm personally aware of a number of people who have had money extracted from their bank accounts this way and it has taken months to recover it.
Yes the Network Solutions data breach is a big deal, but at least for the average consumer their credit cards should provide a good level of protection against fraudulent use. Assuming that they'd used PayPal they could suffer a similar loss and be genuinely out of pocket for at least a few months whilst the matter is resolved - that could be a huge problem if you can't pay your bills in the meantime!
Verisign VIP is supported on the PayPal website, which requires that you enter a code from your authenticated VIP device before being allowed into your account, after you have successfully entered your password.
I agree that credit cards are easier to get your money back on; however for those folks who used a debit card at the company, then they will have a very different experience getting their money back.
If PayPal's servers were hacked, it would be no different to any other company getting their servers hacked; however there would be a hell of a lot more confidential data and a lot more in it for the hacker. PayPal's primary function is to process transactions, if they lose customer data then they're out of business; so they try to ensure they don't. NetworkSolution's job is to sell stuff, and payment processing is just a part of that - they can continue to operate even if they leak credit card information whereas PayPal would have a harder time and so they spend much more on their security than NetSol does.
In regards to having your account hacked at PayPal, yes that is a real possibility. That's why, having made the change to two-factor authentication, I would never go back. We're trying to ensure that all our systems are changed to two-factor whereever appropriate but it's not always possible.
If you lose your PayPal balance, then you're pretty much out of luck whatever happens. If you're card is charged, then the banks can reverse it like any other transaction. I am not entirely sure about bank transfers; though I know there is a small window to reverse a transfer if it is fraudulent.
Visa/MC should start holding the companies who leak this data more responsible for fraudulent charges, instead of just billing the entire thing back to the merchant.
I suggest reading about PCI compliance. There are rather large expenses involved for companies who loose cardholder data that far exceed the cost of protecting it. They are in the range of $500k per card brand and can be much higher. It costs the company 20-40 per card lost to cover the re-issue of cards plus credit monitoring for the users. So in this case, it will most likely cost Network Solutions several million $$ in fines.
ZZ Servers - Business Hosting, HIPAA and PCI Compliant Hosting Solutions - http://www.zzservers.com
Xen Virtual Private Servers | Dedicated Servers | Shared Hosting
Custom configurations, firewall, VPN, load balancers, private networks and more.