Two things have happened over the last couple of weeks that really got my attention.  The first was someone in Greece hacking into my PayPal account which caused $200 to be pulled out of my bank account.

I hadn’t really given much thought to having my bank account tied to Paypal. The incident got me concerned about the lack of consumer protections that you would normally have with a credit card.    I got quite a bit more concerned when PayPal refused to remove my bank account from being associated with my Paypal account.  We knew my account had been compromised, but there was nothing they would do other than tell me to wait for the dispute process to work.  I was told to wait for 10 days.

As it turned out, Paypal did credit back the $200 (about a week later) and restored my account.  They also sent me an “RSA like” token credit card, which I thought was pretty slick.

In my mind, that wasn’t enough, the support issues trying to protect my account scared the pants off of me. 

My only recourse was to remove my bank account from Paypal, change the passwords, and never use it again.  What a shame.  I have also instructed my bank to not authorize funding from PayPal.

Fast forward to today.  I just read a post about researchers that have been able to crack SSL technology.  The example that they used was hacking into Paypal. So we now have a situation where a great deal of ecommerce is based upon vulnerable technology with very little recourse for consumers to protect themselves against fraudulent attacks.