[German] some German (and Russian) Paypal users suffer from unauthorized debits for purchases at US branches of Starbucks and Target. This morning it looked as if dispute cases of affected parties are rejected. Now I have an answer from the German PayPal press department – they fixed the issue and will refund all affected customers.
Advertising
Some Background
In the last few days, German PayPal customers were probably victims of unauthorized debits for fake orders via Google Pay. The victims suddenly found charges on their PayPal account in high three, sometimes four-digit amounts for alleged purchases at US branches of Starbucks and Target.
Common to all cases is that the people were never in the USA. and common to the cases is also that there was a link with Google Pay to the respective PayPal accounts. The details I had prepared in the blog post Fraud: Unauthorized Google Pay debits at Paypal.
Rejected refunds, a mistake by PayPal
In the case of unauthorised charges, PayPal has a dispute procedure where those affected can complain. In a private Facebook group on the subject this morning, there were users who had their complaint rejected by the PayPal team with a demand for a chargeback. Here is such information, which was provided to me by an affected person.
It says that Paypal inspected the case, but rejected a refund, because the transaction has been authorized. In a 2nd message hours later, there was then the statement that one will report back in 9 days in the case of an unauthorized payment.
Advertising
So the PayPal team obviously realized that not everything is flat in this case. The affected person contacted me shortly before noon and told me that PayPal will refund the contribution after all.
I've posted it here in the blog, because there were some people affected who had a similar experience – my thanks to J.S. for providing me with the information for publication. If someone of you is also affected and has not yet received a refund confirmation, please contact PayPal again and refer to this blog post if necessary.
Feedback from the PayPal press department
After I had read the above dispute cases this morning and the colleagues from Bleeping Computer and ZDNet.com had picked up my tip and published also articles about the case, I reached out to the German PayPal press relations department in parallel. In the meantime I have received their statement.
We are aware of the trust people place in us by entrusting us with their money. We take this responsibility very seriously. In the areas of fraud prevention and risk management, PayPal relies on modern technology to protect its customers and enable secure payments.
We have taken immediate action to address this issue. A very small number of PayPal customers using Google Pay were affected. The problem has since been resolved.
No personal or financial information was stolen from PayPal customers. Also, no third parties have had access to PayPal accounts at any time.
In accordance with our usage policy, we will refund any unauthorized payments to affected customers.
This is the relevant information for affected customers. If you are affected by the Google Pay-Target abuse and the dispute case has been dismissed, please contact the team again. Unfortunately, the press team has not communicated what went wrong – which remains unsatisfactory. ZDNet.com and German site heise have published articles with suspicions what has happened with the virtual credit card data, some details about a possible vulnerability, which I already mentioned in the yesterday article.
