News1 min ago
Imagined Security
35 Answers
I have just demonstrated how one can take over a PayPal account.
Earlier today PayPal insisted (online) they wanted to phone me at home to check on my identity before I would be allowed to make a PayPal payment of £1.49. But I am not at home so my home landline number is of no help, there is no-one there to answer. So I phoned Paypal to sort this out.
A machine asked me for the number associated with my account - I quoted my landline/home number. After a while a staff member came on the line and asked me for my name and my e-mail address. He explained that if I would provide a mobile number, must be a UK mobile not any other country, he would send a text message which I should read out to him over the phone - this, he said (predictably), is for security. He did and I did. He refused to accept that using my e-mail address was just as secure for sending the code, "could be hacked into" he said. He had no sympathy for my protestations, his screen no doubt forbids that.
Now the mobile number I gave him (not mine, by the way - I don't have one) is associated with my PayPal account. I got what the banks call a one-time password on it and succeeded in completing the payment. PayPal does not have the imagination to allow one to have more than one number to provide/choose from and never anything outside the UK so I am stuck with someone else's mobile number until I "hack in" again and change it to something else - they cancelled my home number from the list.
Here's the point: I could be anyone who knows my name, home phone number and e-mail address and I could now, with the/my magic wand everyone now insists on, have taken over my PayPal account, although the stone age security feature of the password would in reality be the real security feature. The mobile phone and those who sell/serve them are in charge of when we sit or stand (pay up, you mug). Every time I have this sort of experience I detest the things more and am that much less likely to shackle myself exclusively to one.
This disease seems particularly rife in the financial world, hence this is in Business & Finance.
Earlier today PayPal insisted (online) they wanted to phone me at home to check on my identity before I would be allowed to make a PayPal payment of £1.49. But I am not at home so my home landline number is of no help, there is no-one there to answer. So I phoned Paypal to sort this out.
A machine asked me for the number associated with my account - I quoted my landline/home number. After a while a staff member came on the line and asked me for my name and my e-mail address. He explained that if I would provide a mobile number, must be a UK mobile not any other country, he would send a text message which I should read out to him over the phone - this, he said (predictably), is for security. He did and I did. He refused to accept that using my e-mail address was just as secure for sending the code, "could be hacked into" he said. He had no sympathy for my protestations, his screen no doubt forbids that.
Now the mobile number I gave him (not mine, by the way - I don't have one) is associated with my PayPal account. I got what the banks call a one-time password on it and succeeded in completing the payment. PayPal does not have the imagination to allow one to have more than one number to provide/choose from and never anything outside the UK so I am stuck with someone else's mobile number until I "hack in" again and change it to something else - they cancelled my home number from the list.
Here's the point: I could be anyone who knows my name, home phone number and e-mail address and I could now, with the/my magic wand everyone now insists on, have taken over my PayPal account, although the stone age security feature of the password would in reality be the real security feature. The mobile phone and those who sell/serve them are in charge of when we sit or stand (pay up, you mug). Every time I have this sort of experience I detest the things more and am that much less likely to shackle myself exclusively to one.
This disease seems particularly rife in the financial world, hence this is in Business & Finance.
Answers
Best Answer
No best answer has yet been selected by KARL. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.when you called paypal, they would have asked you some security questions, eg, home town, first pet etc that you set up originally. Then they would have asked you for a phone to send a OTP to. The fact that you gave a phone that was not yours means thatg you essentially broke security. No doubt it was a friend or something but that wont was if something goes wrong. There is no "imagined security", you sabotaged your own security because of some sort of ludism.
"The mobile phone and those who sell/serve them are in charge of when we sit or stand (pay up, you mug)" - you can buy a basic one for £10 one off, on a PAYG, never use it for a call never pay a penny, it will however receive texts so you can avoid giving others the keys to your kingdom.
People like you are beloved of ID stealers because you are not on the grid they can put you on the grid as themselves and make hay.
"The mobile phone and those who sell/serve them are in charge of when we sit or stand (pay up, you mug)" - you can buy a basic one for £10 one off, on a PAYG, never use it for a call never pay a penny, it will however receive texts so you can avoid giving others the keys to your kingdom.
People like you are beloved of ID stealers because you are not on the grid they can put you on the grid as themselves and make hay.
TTT, no other questions were asked other than those I described. You cannot just buy a SIM and expect never to spend on it because all mobile companies require a minimum spend over time, you must use it or they close it down (and irretrievably pocket any remaining balance) - it's called daylight robbery by consumer campaigners. In the end, mobile and all, it is the good old password that provides the ultimate security barrier.
I bet you'd have loved the late 19th century, this new gimmick, electricity, will never catch on! Is your objection to mobile devices purely monetary? Any that was moot question really as life will be ever more difficult without at least the minimum mobile device. You pay for a land line, scrap that get a mobile, then you have the same facility plus much more and it's err... mobile. I haven't had a land line for years I have 2 mobiles with no limit data etc for approx £22 per month, that's cheaper than my land line ever was.
Karl - mobiles do NOT need a minimum spend over time; all they require is that you use it every 3? months and that is because they are required by law to return unused numbers to the pool to avoid us running out of numbers. Receiving a text is classed as usage; I haven't put any money on my PAYG mobile for several years but it still works as Screwfix etc send me texts to say my goods are ready for collection.
Am in agreement with karl to the extent that some of the so-called security is illusery, its more of a hindrance to your average honest user but something fraudsters can easily get round. Am getting fed up with having to find a spot where a mobile signal can be recieved just so a can read then enter a complex code in the form 13Hb$G3453TH3 onto my online account on my laptop- and that's just to check my ballance. Even logging onto paypal on my laptop now seems to require this mobile verification code
To avoid this pallava its much easier to download the app and use my phone for paypal ect now as that requires only a simple short login (my bank just needs a 5 digit code ) and no further verification code. Off course its easy for anyone who gets hold of my phone to access my account but there security systems overlook that.
Karl, my advice would be to get a basic android phone and download apps from paypal and your bank.
To avoid this pallava its much easier to download the app and use my phone for paypal ect now as that requires only a simple short login (my bank just needs a 5 digit code ) and no further verification code. Off course its easy for anyone who gets hold of my phone to access my account but there security systems overlook that.
Karl, my advice would be to get a basic android phone and download apps from paypal and your bank.
KARL .. you are away from home, you have no mobile phone. How on earth do you do you have any communication with anyone, anywhere, unless they are standing in front of you? Surely you dont borrow someone elses phone .. do you ?
Perhaps a Paypal a/c is not what you need if you spend time away from home .. you can't exactly pop into the Paypal Bank on the High Street when you have a problem .. just like you are having ?
No excuses whatsoever for not having a phone ..
https:/ /tinyur l.com/y 6jcfwgk
Perhaps a Paypal a/c is not what you need if you spend time away from home .. you can't exactly pop into the Paypal Bank on the High Street when you have a problem .. just like you are having ?
No excuses whatsoever for not having a phone ..
https:/
Like I said .. No Excuses ..
https:/ /www.1p mobile. com/ind ex.taf?
https:/
alavahalf, I have access to a landline, don't need a mobile anywhere.
bhg, every time I have enquired I have been told that receiving a call or text does not count, you have to within 3 months (usually) make/spend on either a call or a text. This is the first that I have heard that the operators are required by law to close down numbers unless they are used within 3 months and I doubt that it is so but will look into it.
bhg, every time I have enquired I have been told that receiving a call or text does not count, you have to within 3 months (usually) make/spend on either a call or a text. This is the first that I have heard that the operators are required by law to close down numbers unless they are used within 3 months and I doubt that it is so but will look into it.
Karl, it is true that inactive mobile numbers have to surrendered so they can be reused.
Sending one text every 4 months isn't going to break the bank. Asda Mobile charges 4p per text which you will have to send every 270 days (or every 180 days if you want to continue to make outgoing calls) , minimum top up is £1. Top up credit never expires.
Sending one text every 4 months isn't going to break the bank. Asda Mobile charges 4p per text which you will have to send every 270 days (or every 180 days if you want to continue to make outgoing calls) , minimum top up is £1. Top up credit never expires.