SoylentNews is people
SoylentNews
from the Email-confirmation-just-slows-us-down dept.
Recently, I received an email from PayPal asking to confirm my email address for a new account. Since I do not use PayPal, I figured it was a phishing scam and ignored it. However, I started getting other emails, which included updated address information and a sales transaction. The name for the account was not mine (but the first name was the same), and the address was in a different state.
Looking at the raw email headers, it appeared to be legitimate emails from PayPal. What confused me was that I never responded to the email confirmation message, so why would PayPal allow a person to perform a transaction without confirmation? Since the email in question is a Gmail account, I have had since Gmail beta, I wondered if my account had been compromised, but there is nothing to indicate that. Another idea was someone could be intercepting/listening to my email, but that is a lot of effort to do for a simple paypal transaction.
The likely scenario is PayPal failed to check the account email and suspend any further actions until the address is confirmed. PayPal sends an email to confirm the address, but does not bother to wait for the confirmation.
I called PayPal support, and after some time and educating the support person on how technology works, the person put in a support ticket. Not sure if the problem will ever get resolved or if PayPal will admit they have a problem. As of now, I have not received any more emails. I will have to decide if it is worth my time to call support again and get the disposition of the ticket.
(Score: 4, Informative) by cubancigar11 on Wednesday April 19 2017, @03:13AM (2 children)
As someone who used to work at PayPal I think I can bring some background to this. PayPal is not considered a bank in USA. I don't know why, but the government allows it and PayPal wants it that way to avoid a myriad of regulations. Because of this distinction, PayPal is regulated in a different way - if a transaction happens on PayPal via a stolen card, it will be held legally held responsible unless they refund the whole amount to the buyer. There are many other factors and many other regulations that come because PayPal operates in multiple countries and handles forex etc.
Because of this, they have developed an internal engine called 'Risk' that gives flags every transaction with 'go ahead' and 'stop'. The whole company relies on this engine, which means two things: A) Help won't come easy if the Risk engine has stopped something to happen. B) The engine itself is slow moving, i.e., it is not easy to tweak it for the current season.
Now, when I used to work, this engine would flag close to 30%-40% of all transaction as a no-go. There is always a talk to lower the risk engine, but management has decided that anything below this has is too... risky (sorry for the pun :P)
While this gets them a constant stream of user with bad experience, they think any competitor won't be able to challenge them by taking more risks.
I personally don't use PayPal unless paying to my domain reseller... and that's it I suppose.
(Score: 2) by cubancigar11 on Wednesday April 19 2017, @03:21AM
Damn, going to get a coffee.
(Score: 0) by Anonymous Coward on Wednesday April 19 2017, @04:28AM
Very interesting, thanks for this story on the Risk engine. A recent transaction of mine was made "pending" and then I received an email asking for an explanation of who I was paying and why. Once I explained, it went through, so no long term trouble. As best I could tell, the reason it was questioned was that the message I sent was a 4 letter acronym that was quite close to "ISIS" ... but not quite, had one letter different--was actually the initials of a small university.