Crooks swipe PayPal chief Marcus's card data for shopping spree

Crooks swipe PayPal chief Marcus's card data for shopping spree

PayPal president David Marcus has fallen foul of crooks who swiped the details of his EMV card and used the information to go on a shopping spree.

Ever the company man, Marcus took to Twitter to share his misfortune and tell the world that such a thing would never have happened if PayPal were accepted on the high street:


With the debate over EMV raging in the US thanks to the Target data breach, Marcus's decision to highlight the fact that his card had a chip drew complaints on Twitter, prompting a clarification:

Comments: (8)

Martin Cox
Martin Cox - Rambus - Rotterdam 11 February, 2014, 10:49Be the first to give this comment the thumbs up 0 likes

What Marcus could have said was "wouldn't have happenned if EMV was mandated everywhere".

His mag stripe got skimmed and the fraudster was able to make a mag stripe transaction because (I assume) his card was issued in the U.S. and merchants around the world accept that U.S. = mag stripe.

I had the same issue in reverse. My UK EMV card was skimmed and the mag stripe data used in the U.S.

CNP fraud may still exist post EMV but the common theme here is: Mag stripe in the U.S. facilitates fraud at the terminal.

A Finextra member
A Finextra member 11 February, 2014, 11:27Be the first to give this comment the thumbs up 0 likes

alternative headline "PayPal chief admits that paypal acceptance is incredibly poor and has to resort to using a much more widely accepted instead"

A Finextra member
A Finextra member 11 February, 2014, 11:33Be the first to give this comment the thumbs up 0 likes

A couple of important things to note here:

PayPal is a huge magnet for fraud - the LAST place I'd want to see it widely adopted is on the high street.

Furthermore, EMV does not eliminate the fraud issue - as an earlier poster quite rightly stated, it simply shifts most of the fraud to CNP transactions.

Fraud will only be eliminated when merchants adopt technologies whereby the personal and payment details of the consumer need not be transferred to the merchant in order to execute the transaction.  

Peter Robinson
Peter Robinson - Liberti Consulting - Northampton 11 February, 2014, 12:38Be the first to give this comment the thumbs up 0 likes

"Ton of fraudulent transactions"? Assuming his card was used at a UK retail PoS terminal, the merchant would have invariably gone 'on-line' for auth. The Card Issuier would have seen previous transactions being undertaken with EMV verification which would have then stopped. Given that the auth message from the merchant to the card issuer would have made it clear it was a 'fallback' transaction, one would have thought that something was awry and triggered an alert of some sort. I wonder how many transactions equate to a 'Ton' before they noticed?

If true, it does beg the question as to (a) why bother going on-line for auth in the first place and (b) why bother flagging a transaction as fallback from EMV to mag Stripe if the card issuers not going to do anything about it....

A Finextra member
A Finextra member 11 February, 2014, 12:44Be the first to give this comment the thumbs up 0 likes

if the card is (mis)used in the USA the transasction doesn't "fall back" as the majority of terminals only supports magstripe. What should have happened is that his UK/US transaction should have triggered an alert if the timing wasn't right.

I would image that either the bank in question doesn't want to stop its high net worth customers from being declined so just pays away and accetps the risk or its fraud system flags the problem after the payment and they rely on the relationship manager contacting the customer.

Either way, the issue really isn't EMV, but magstripe and its continued use.

A Finextra member
A Finextra member 11 February, 2014, 14:30Be the first to give this comment the thumbs up 0 likes

 

This type of comment just displays the size of the task facing right minded payments professionals who just want to make the USA understand that whilst EMV is not perfect,  and is not a short term solution due to the cost of migration, .. Long term - its the only way to go....  US MBP's and share prices cater for escalating  fraud YOY  - they probably cant cater for long term investment (sadly) as the analysts would not understand.

Does Paypal publish its fraud figures from phished or hacked accounts?

A Finextra member
A Finextra member 11 February, 2014, 14:58Be the first to give this comment the thumbs up 0 likes

Hmmm.  I'm thinking "Terminal Capabilities" field - showing EMV Capable Device but a Technical Fallback to Magstripe for an ICC Card (Service Code 2xx) - surely his Issuers system would raise an eyebrow to that one.

Seems like a PR stunt to me...

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 12 February, 2014, 17:181 like 1 like

Going by this article written by Zilvinas Bareisis of Celent (http://bankingblog.celent.com/2014/02/the-challenge-of-making-mobile-payments-work-at-the-pos/), Mr. David Marcus would have had a tough time putting through a single in-store transaction with PayPal. No transaction, no fraud. Ergo, Marcus is absolutely right, just not for the reason he'd have us believe. 

Visit www.ncr.com
Visit info.nice.com

Trending Stories