aMember/PayPal Serious Security hole??

SharynP · 09-26-2009, 09:26 PM

I just joined a membership as a 1$ trial. Read the rights that dissallowed me to include in my membership.

So.... I clicked on the "cancel membership" button.
I was taken straight in to my PayPal account to the subscription page to cancel.
I then logged out, clicked the button again and needed to log in.

I really dont know if this is a gap or not, but freaked me out a bit.

We dont log out after any transaction.

Any experts got an idea about this?

Shaz

cmaclean · 09-26-2009, 10:37 PM

In order to sign up for recurring billing membership when PayPal is the processor, the subscriber must actually have a PayPal account. If you select the credit card option when purchasing, the next page will ask you to choose a password and notify you that a PayPal account has been created.

You can cancel and manage your subscription to that site in your own account.

tecHead · 09-27-2009, 12:27 AM

Quote:

Originally Posted by SharynP

I just joined a membership as a 1$ trial. Read the rights that dissallowed me to include in my membership.

So.... I clicked on the "cancel membership" button.
I was taken straight in to my PayPal account to the subscription page to cancel.
I then logged out, clicked the button again and needed to log in.

I really dont know if this is a gap or not, but freaked me out a bit.

We dont log out after any transaction.

Any experts got an idea about this?

Shaz

Hi,

There's really nothing to worry about. PayPal sticks a time limited cookie on your system when you log in, (I think it lasts for like 15min maybe); its safe due to it being over a secure connection, (https://www.paypal.com).

You just clicked the unsubscribe button prior to the cookie timing out; yet you were sent back to PayPal over a secure connection, as well.

The only way this would have been a security risk is if you already had a Trojan, (or similar virus), infecting your machine before you had initiated the transaction.

That particular scenario wouldn't have been PayPal OR the vendor's fault, though.

Hope this helps...
PLP,
tecHead

09-26-2009, 09:26 PM	#1
SharynP Advanced Warrior War Room Member Join Date: Apr 2006 Location: , , Australia. Posts: 570 Thanks: 4 Thanked 10 Times in 10 Posts	aMember/PayPal Serious Security hole?? I just joined a membership as a 1$ trial. Read the rights that dissallowed me to include in my membership. So.... I clicked on the "cancel membership" button. I was taken straight in to my PayPal account to the subscription page to cancel. I then logged out, clicked the button again and needed to log in. I really dont know if this is a gap or not, but freaked me out a bit. We dont log out after any transaction. Any experts got an idea about this? Shaz
	Sign petition for life saving funding...One.Org Exclusive PLR Graphics Membership Exclusive Unrestricted PLR To Aid Wildlife Victoria (Lower on the page) Donate To Wildlife Victoria PLR Ebook $7- Original Content!

09-26-2009, 10:37 PM	#2
cmaclean Active Warrior War Room Member Join Date: May 2009 Location: Vancouver, British Columbia, Canada Posts: 95 Thanks: 7 Thanked 8 Times in 7 Posts Social Networking	Re: aMember/PayPal Serious Security hole?? In order to sign up for recurring billing membership when PayPal is the processor, the subscriber must actually have a PayPal account. If you select the credit card option when purchasing, the next page will ask you to choose a password and notify you that a PayPal account has been created. You can cancel and manage your subscription to that site in your own account.
	Get FREE Access to 30 Hours of High-End un-cut and uncensored Video from the most powerful marketing minds on the planet (presently!)!