3 {{ upvoteCount | shortNum }}
3 {{ upvoteCount | shortNum }}

aMember/PayPal Serious Security hole??

by SharynP
2 replies
I just joined a membership as a 1$ trial. Read the rights that dissallowed me to include in my membership.

So.... I clicked on the "cancel membership" button.
I was taken straight in to my PayPal account to the subscription page to cancel.
I then logged out, clicked the button again and needed to log in.

I really dont know if this is a gap or not, but freaked me out a bit.

We dont log out after any transaction.

Any experts got an idea about this?

Shaz
#amember #amember or paypal #hole #security #serious
  • Profile picture of the author cmaclean
    In order to sign up for recurring billing membership when PayPal is the processor, the subscriber must actually have a PayPal account. If you select the credit card option when purchasing, the next page will ask you to choose a password and notify you that a PayPal account has been created.

    You can cancel and manage your subscription to that site in your own account.
    {{ DiscussionBoard.errors[1222583].message }}
  • Profile picture of the author tecHead
    Originally Posted by SharynP View Post

    I just joined a membership as a 1$ trial. Read the rights that dissallowed me to include in my membership.

    So.... I clicked on the "cancel membership" button.
    I was taken straight in to my PayPal account to the subscription page to cancel.
    I then logged out, clicked the button again and needed to log in.

    I really dont know if this is a gap or not, but freaked me out a bit.

    We dont log out after any transaction.

    Any experts got an idea about this?

    Shaz
    Hi,

    There's really nothing to worry about. PayPal sticks a time limited cookie on your system when you log in, (I think it lasts for like 15min maybe); its safe due to it being over a secure connection, (https://www.paypal.com).

    You just clicked the unsubscribe button prior to the cookie timing out; yet you were sent back to PayPal over a secure connection, as well.

    The only way this would have been a security risk is if you already had a Trojan, (or similar virus), infecting your machine before you had initiated the transaction.

    That particular scenario wouldn't have been PayPal OR the vendor's fault, though.

    Hope this helps...
    PLP,
    tecHead
    Signature
    Learn Everything You Need to Know About CryptoCurrencies
    Automation is the primary conduit to successful relaxation
    {{ DiscussionBoard.errors[1222750].message }}

Trending Topics