Paypal merchant took 1100 payments out my account over night

rcx132 · May 6, 2017

Thought I'd share this so people are warned...

I have an alarm with a SIM card to send texts if there's a break in. The SIM is set on auto-top-up, when the balance drops below £2 it auto tops up £12. Yesterday morning I woke up to see almost 1'100 notification emails from Paypal saying that £12 has been debitted from my account. That's 1100 x £12 is a lot of money.

It turns out it was a fault with the telecoms company system, it just went mad and started taking payments over and over. But what was shocking was that neither the merchant, nor Paypal, nor my bank, nor my credit card company had any mechanism to stop this. They just allowed repeat debits to be taken every few seconds all through the night. They all later justified it saying "if you approved the supplier then we let them take it". Every two seconds, all night I asked? YEP they do.

Paypal is scary, when they had depleted the funds from my bank they just moved over to the credit cards that they had on file, what they call "secondary sources". Imagine if you have two bank accounts set up on Paypal, personal one and your joint account, and maybe more than one credit card, I have my personal card and business card. That means if things go wrong Paypal will go through all those cards and bank accounts and deplete them.

It gets scarier. One of the credit card companies warned me about "Continuous payment authorities". Basically it means that if you pay someone a subscription by card, then they can take the money, or even reactivate the subscription years later, even if your card has been cancelled, the payments just get taken from new cards. There's an article about it, link below. The article says that many banks aren't even aware of this, and they were right. Barclays knew, they checked all my accounts and cancelled the authorities. Nationwide did not, and the girl on the other end of the phone started getting upset at me for suggesting it. The article below says that under EU protection, just informing the bank to cancel the authorities makes the bank responsible, so even if the bank operator denies their existence, you are protected.

http://www.moneysavingexpert.com/banking/recurring-payments

I think I'm in the all clear though. I quickly cancelled the direct debit and cards and most of the payments didn't get to hit my accounts.

I have to say that Paypal have been good at fixing the problem so far. They immediately put me through to a senior operative who immediately said the payments will be refunded no matter what. The telecoms company was also good, the MD himself phoned me up from his holiday.

Shox Dr · May 6, 2017

I setup a current account just for PP, there's a debit card linked to it, but it cant take any more than I have in the acc.
So I just make sure there's only enough in to cover what I want to buy.
If there's nowt in it they cant take it

slim_boy_fat · May 6, 2017

I use PayPal but with a separate credit card with for pretty much all the online purchases, they don't have my bank account details. If there's insufficient credit available on the card then the transaction doesn't go through until I do something about it.

I then clear the card in full monthly, once I check all PayPal debits.

WorkshopChris · May 6, 2017

Thanks for the warning, i might change to a system similar slim boy fat. I am struggling that none of the organisations involved picked up the pattern of repeat small transactions. I have a feeling that during the day this problem might of flagged up for a real person to look at, but at night it just carries on without intervention.

Robotstar5 · May 6, 2017

Shox Dr said:
I setup a current account just for PP, there's a debit card linked to it, but it cant take any more than I have in the acc.
So I just make sure there's only enough in to cover what I want to buy.
If there's nowt in it they cant take it

I like the sound of that and will look into doing something similar :thumbup:

I currently have a separate credit card with a deliberately low limit for paypal, online shopping etc. which completely failed when the card was cloned and the CC company allowed it to go nearly £500 over the limit before blocking it :mad:

(I did get it all refunded)

rtbcomp · May 6, 2017

I have a basic bank account with no overdraft and my debit card is linked to that. No credit card so no problems there. If I have any money left over at the end of the month it goes into an offline savings account.

It shouldn't be too difficult for the banks to have a method whereby you can set up a direct debit with a minimum period between debits, so if the supplier's system threw a wobbly the bank's system would stop the extra payments.

bricol · May 6, 2017

Don't get too confident a debit card will stop debiting once the account is emptied - I've had two occasions when it went well beyond. All sorted, but rather worrying.

Had a phone on contract stop working - checked and was told the bill was 900 quid (been working in the US - get charged for incoming calls as well as outgoing) and had exceeded the limit. I didn't know there was a limit - what was the limit?

£300 was the answer - I congratulated them on quickly spotting the problem . . . ;-)

Maker · May 6, 2017

Shox Dr said:
I setup a current account just for PP, there's a debit card linked to it, but it cant take any more than I have in the acc.
So I just make sure there's only enough in to cover what I want to buy.
If there's nowt in it they cant take it

I have an easier system...

I don't have any money :whistle:

.

Kayos · May 6, 2017

Due to many such stories I didn't choose PayPal for my card machine, now looking online some customers won't put their card into a PayPal branded card reader

Wedg1e · May 6, 2017

rcx132 said:
The telecoms company was also good, the MD himself phoned me up from his holiday.

... the holiday you'd paid for, presumably?

roofman · May 6, 2017

To the guys on this forum i have bought stuff off...you may of thought it strange of me when ive PM,d you saying "i need to deposit money into my pay-pal feeder account before i can pay you". I dont think i need to say anything else

rcx132 · May 6, 2017

My bank allowed direct debits to overdrawn my balance and then fined me for it! So I'm thinking of using a pre-paid credit card or find an account that doesn't allow over drawing.

In fairness Paypal are a lot better than they used to be, 15 years ago they were incredibly bad.

Kayos · May 7, 2017

mrfuzzy said:
izettle is another name, I didn't look into it as I figured customers wouldn't know the name..

That's what I use, customers just see it as a card reader, very pro looking bit of kit and no monthly fee. Does contactless, chip and pin and even swipe, only use c&p tho

normspanners · May 7, 2017

rcx132 said:
The telecoms company was also good, the MD himself phoned me up from his holiday.

phoned to say THANKS as he had paid for it ,from your account :thumbup:

Paypal merchant took 1100 payments out my account over night

rcx132

Philip

Shox Dr

Chief Engineer to Carlos Fandango

slim_boy_fat

Member

WorkshopChris

Member

Robotstar5

Casanunda

rtbcomp

Moderator

bricol

Member

Maker

Most folk just call me; Orange Joe

Kayos

Gone......

Wedg1e

They call me Mr. Bodge-angles

roofman

Purveyor of fine English buckets and mops

rcx132

Philip

Kayos

Gone......

normspanners

Member