Miop - 9:41 am on Jul 10, 2008 (gmt 0)

Jecasc - yes I have suggested that the customers (who have been wholly sympathetic to us rather than annoyed that someone has nicked their money) do that though I'm not sure if they will as they don't necessarily seem to understand what happened - most of them do not have Paypal accounts and just used it to make the payment, so they have no idea about the resolution process and will have to open an account presumably to do so. They have got their goods, so maybe the hurdles may well put them off. That's why I telephoned Paypal straight away as soon as I discovered it - so that Paypal would at least look into it and consider freezing the funds so that the money could not be passed into the fraudster's bank account.
It was like talking to a bot - she just kept repeating some mantra about Paypal being committed to security and preventing fraud.
I'm afraid they need to put action where there mouth is because I just don't believe them.

The long and the short of it is that all you need to send money to someone is their email address (this was a googlemail one and I know that many people who accept payments have hotmail addresses...) so if you can find a way to alter someone else's gateway to Paypal to your Paypal email address, you can steal money very easily.
My Protx account gateway requires a long security key as well as username...