July 13th, 2010

Goodbye, Paypal.

So Paypal e-mails me with some nonsense about my account being accessed fraudulently. I say nonsense because I logged in and there's no transactions in there I didn't initiate. There isn't even any logins to the account in the last week, in fact since I last used it to send money a few weeks ago.

But do they ask me to validate the account? Oh no. Instead, they put me through a juggernaut of forced security changes. Sweet. I hope this new, written down password I had to create and store by the computer here is more secure that the good, high-security password I could remember. Thanks, guys.

And what's better than security questions I can't remember the answer to, because they won't let me choose the same questions I had last time?

Oh, and yes. Make me enter and re-enter my credit card and banking information. I'm quite sure that this will help.

Now I've gone and done exactly what hacker sites would love for me to do. This is great, when supposed security companies act just like phishers. Let's breed incompetence. Thankfully, I am geek and so I checked both the IP I was going to and the SSL certificate that I was presented, and compared to results from a 3rd party site I control, so I'm sure I was actually at Paypal. There's probably less than 1,000 people on this planet who could do those same tests.

And finally, force me to accept a late-night phone call from you and enter a PIN. And then after confirming the PIN, tell me you can't accept the result because my phone number doesn't match information you got from a public database (with no reference). What, you couldn't check this first?

So I can't use my Paypal account because you are technically incompetent. And I lost an hour of time dancing through your juggernaut of security incompetence to figure this out. Not that I had anything better to do.

So let's rephrase this a bit. Paypal will no longer have access to Jo Rhett's financial transactions, because Paypal has proved that they haven't the vaguest clue what security really is, nor how to manage it.

Goodbye, Paypal.
