A PayPal policy loophole, which can be exploited to fraudulently double money, became common knowledge when a convicted former NASA hacker reported it to the bug bounty team at PayPal.
Former Hacker Razvan Cernaianu said fraudsters can double their money by funneling cash into a mule account before filing for a transaction refund, according to the Register.
The recipe to double money at PayPal’s expense requires three PayPal accounts: one of a legitimate buyer, one of a disposable seller, and one of a mule user with virtual credit cards linked to it.
“You transfer the money to the second account with the pretext of buying a phone. From the second account you again transfer the money to the third account as a gift,” Cernaianu explained. “After 24 hours, you use the chargeback function from the first account to get the money back with the excuse that the phone did not arrive on time.”
“As the second account is only a virtual one, it will not have real money from which Paypal can extract,” he said. “Therefore, you are left with $500 restored by PayPal, and $500 in your third account.”
In response to Cernaianu’s report, PayPal reportedly said, “While the abuse described here is possible in our system, repeated abusive behavior by the same and/or linked account(s) is addressed.”
“What’s Hot” is aggregated content. PYMNTS.com claims no responsibility for the accuracy of the content published by the original source.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More