Last week my eBay account was hacked and several hundred dollars stolen from my bank account via an unauthorized payment on PayPal. There’s never a good time for this to happen, but the fact I was overseas on a business trip when the first signs of this security breach presented themselves, made it all the more difficult to recognize and then resolve the problem.
Here’s how it happened and how PayPal resolved the issue:
I was just about to leave my hotel for an evening meal when I received an email from Facebook Advertising informing me that a payment from PayPal had just been declined. This confused me because there was more than enough funds in the account and, even if there wasn’t, my PayPal account is connected to my bank account and would have automatically withdrawn the required amount to cover the bill.
The hotel I was staying in wasn’t great (try booking a decent hotel room in Barcelona one week before the Mobile World Congress event hits town) and the wifi was patchy at best so I headed down La Rambla to a restaurant promising cheap tapas and better connectivity. It took several attempts to try and login to my PayPal account before I realized that I had been locked out.
PayPal told me that my account was locked due to suspicious activity. At the time, I didn’t worry about it because I presumed that this was because I was trying to access my account from Spain.
To re-gain access to my account I had to provide a scan of my passport to prove my identity. This was a job that could wait until I was back in the UK.
As an entrepreneur working across several businesses, I operate numerous email addresses. When I travel, I only monitor a couple of these address and as a result, I wasn’t aware that someone had gained access to my eBay account, changed my shipping address (to a completely bogus address) and ordered goods to the value of several hundred dollars.
I found the email confirmations on my return home several days later.
Now, I’m not sure what the point of sending a physical item (a GPS vehicle tracker) to a fictional address is (I’m certain it wouldn’t be delivered) – but the order was despatched and the money earmarked for removal directly from my bank account and not my PayPal balance. While the payment was to be taken from my bank account, it had not yet cleared and was therefore not visible on my online bank statement.
Thankfully, the resolution process was fairly simple. I logged into my PayPal account (with a brand new password), visited the Resolution Center and reported the unauthorised use. I then went to eBay (which I had also been locked out of), re–gained access, contacted the seller and explained that goods had been ordered illegally and if at all possible they should cancel the order.
I didn’t receive any communications back from the seller.
There was a slight delay in hearing back from PayPal – I am assuming this was due to the weather conditions in the UK at the time which had brought much of the country to a standstill. But within 24 hours they had told me that they were looking into the case and would get back to me.
A further 24 hours later, I was advised that while PayPal were investigating the claim they would return the disputed balance to my PayPal account and, if I so desired, I could spend or withdraw that amount.
As I was travelling with my family to London that weekend and didn’t want the surprise of the disputed funds suddenly disappearing from my back account – I promptly transferred the full amount to my bank account. I’m glad I did because several hours later the disputed amount was taken from my balance.
Around 48 hours later, I received an email from PayPal saying they agreed with my dispute and the seller would immediately refund the cash taken. This meant that the balance PayPal had sent me while looking into my complaint was withdrawn – leaving my PayPal account with a negative balance for approximately two days until the seller’s refund had cleared.
On the whole, I was very satisfied with the resolution process. It certainly seemed to be a lot smoother than a claim I had with my bank several years ago after my bankcard was cloned and several thousand dollars withdrawn in Australia (I’ve never been to Australia).
Whether the seller, who was also a victim of this fraud, will be so full of praise for the way PayPal handled this complaint remains to be seen.
Note: I’ve just logged into my eBay account and the item is still sitting there as an unpaid order.
So what have I learned from the process?
- Fraud can happen to anyone – even us savvy online marketing experts
- Change your passwords regularly.
- Wherever possible, employ Two Factor Authentication.
- Make sure your PayPal account points to a regularly monitored email address.
- Make sure your devices are all running the latest software versions and your anti-malware software is up-to date.
As a consumer, I would trust PayPal to resolve any issues much faster than I would my bank.
While I was lucky, that this fraud didn’t wipe out my bank account and it was resolved fairly quickly, it could have been problematic if I was short of funds and needed to pay a few bills or re-stock the food cupboards.