eBay

ay656 · ‎03-03-2016

eBay has changed the checkout process. Now, instead of being transferred to PayPal where I could be securely authenticated, they request that I supply PayPal password to eBay - without leaving eBay site. In my opinion this is absolutely not secure and discloses (or has a potential to disclose) my password to eBay. I decided that I am not going to shop on eBay until this is fixed.

dmil8030 · ‎03-03-2016

Hello 'ay656',

You're right, they changed that yet again. When you go to the check-out, up in the right hand corner it invites you

to "Tell us what you think". Did you click on it and tell them what you think? I sure did.

ay656 · ‎03-03-2016

I did leave my feedback. Perhaps other people will too.

femmefan1946 · ‎03-04-2016

I just made a purchase on dotCOM, and there was a direct link to PP as usual.

Perhaps this is only on dotCA?

Are you sure the request was from eBay and not a counterfeit from elsewhere?

That being said, it is still possible to pay directly from the PP site.

ypdc_dennis · ‎03-04-2016

@ay656 wrote:
eBay has changed the checkout process. Now, instead of being transferred to PayPal where I could be securely authenticated, they request that I supply PayPal password to eBay - without leaving eBay site. In my opinion this is absolutely not secure and discloses (or has a potential to disclose) my password to eBay. ...

I'm pretty sure that's the way it now works when using paypal for non-related companies (which eBay has become).

The last few times (on non-eBay sites) that I've used paypal I did not sign into the paypal site, but did the payment via a pop-up box on the sellers website.

-.-

momcqueen · ‎03-04-2016

When I am promoted to do that, I'll usually follow instructions and then double-check immediately that I'm logged into paypal from another tab in my browser. I do wish companies would warn users in advance that they are making changes to the flow. People are right to be suspicious.

ay656 · ‎03-04-2016

@mjwl2006 wrote:
When I am promoted to do that, I'll usually follow instructions and then double-check immediately that I'm logged into paypal from another tab in my browser. I do wish companies would warn users in advance that they are making changes to the flow. People are right to be suspicious.

That is the classical way how phishing works. They ask you for password. You enter it, they log you in. Everything looks cozy, but now they have your password and can drain your PayPal account at any time. If you linked to bank account or credit card - these get drained too. Even though a company such as eBay probably will not drain your PayPal account, but there are employees, hackers etc. It's only a matter of time until this happens.

I made a purchase on BetsBay day before yesterday, and this is not how it was done there.

It's the same on dorCOM today. I figured I can pay with credit card. Less convenient, but anyway.