--- I dont pay for a merchant account so I can still be screwed over by Paypal. ---

That was actualy my first thought, but wouldn't there be a just a plain MASTERARD TRANSACTION? If not, i would also want to know how to block these.

Blend27

I assume you are talking about vanilla PayPal (not Payments Pro). In that case the only real fraud prevention method at your disposal is to cancel payments from Unverified PayPal accounts.

But with both Unverified and Verified accounts you are entirely at the mercy of PayPal. Verified accounts are routinely hijacked, and you have no protection from chargebacks which ripple through the system if that happens.

Blend, it looks to me like it will look exactly like a plain Mastercard transaction.

The problem is that it will actually be a Paypal one and it will leave you exposed to frauds on Paypal accounts.

The only way to not accept these might be not to accept Mastercard at all: a bit drastic to say the least. If you have a merchant account and you do not like it, contact your bank and say so and ask what you can do.

I would also worry that that piece of software will be a target for hackers: it may not store the data, but it can get access to it. I would not use it myself.

Okay, now the initial post has floated back down from going straight over my head, I see that 'PayPal Secure Card' is basically their 'Virtual' MasterCard product with a Toolbar and autofill.

This means that PayPal users are given a 'safe' one-time use per merchant MasterCard number to use on any site that accepts MasterCard.

Uh, oh.

Chargeback disputes are done in the usual fashion with a dispute form, although PayPal don't make it super super easy to find:

You print the form from [paypal.com...] , sign it and send it back to PayPal by postal mail.

mikedee, if we want to block this the only way we might be able to is based on BIN number (that's the first 6 digits of the Virtual MasterCard) if it is unique to PayPal's Virtual Cards.

If not it might indeed be time to block MasterCard entirely if you have a merchant account. Doesn't matter where that merchant account comes from, be it PayPal Payments Pro, First Data, RBS/NatWest Streamline, or whomever.

Verified PayPal accounts are hacked. Let's see if we can find out how many online merchants are already victims of this fraud, given that about 3 million PayPal users already have had this feature for the past year...

[edited by: Bjorn_Iceland at 6:27 pm (utc) on Nov. 20, 2007]

[edited by: minnapple at 1:11 am (utc) on Nov. 21, 2007]
[edit reason] No non-authority links please [/edit]

Stupid me. I did not think of BIN numbers. Is there anyway they can avoid the BIN being identifiable?

I wonder if we preauthorise the charge, then cancel it, then authorise it again if it will bounce the second time? If so that could be an easy automated method of stopping all single-use cards. We might need two merchant accounts though - try to preauthorise from both accounts, if they both preauthorise, cancel the additional one and then bill on the remaining one.

vincevincevince, that is an interesting thought!

vincevincevince wrote:

I wonder if we preauthorise the charge, then cancel it, then authorise it again if it will bounce the second time? If so that could be an easy automated method of stopping all single-use cards. We might need two merchant accounts though - try to preauthorise from both accounts, if they both preauthorise, cancel the additional one and then bill on the remaining one.

Good lateral thinking there. I think though that these cards will work with the same merchant up to the limit on the card, so it might not work in all cases. (Virtual cards generally work that way.)

Time for some testing?

The 'PayPal Secure Card' does not seem to be rolled out where I am yet (I have an 'Icelandic' PayPal account).

Does anyone have one already used or one of the earlier ones i.e. their 'Virtual' MasterCard product?

If you do, please can you PM me the first six-digits (which is the BIN number)... Then I'll do some research and report back.

[edited by: Bjorn_Iceland at 4:11 pm (utc) on Nov. 27, 2007]

I'm still unable to buy the PayPal 'Secure Card'. Has anyone managed to get one recently?

And still... no PayPal 'Secure Card' can be bought by me.

Has it gone the way of the Dodo?

Has anyone managed to get one recently? If you show the BIN we can find out what can be done.