[SBE] SBE Digest, Vol 204, Issue 1

[Christopher Tarr]

Phil,

Can you provide a link with more information about this?  I have not heard
of this particular attack vector, nor have I been exposed to it.

On the other hand, it is possible to put safeguards in place if we know what
we're dealing with.

As for security, I believe this public forum is exactly the type of place to
discuss it, especially when you bring up "the
Board carefully consider the potential liabilities of having facilitated
same."

I believe that in this case, transparency is very important.

On Thu, Jul 23, 2009 at 12:45 PM, <dynotherm at earthlink.net> wrote:


> I don't believe a public forum is the proper place for a security

> discussion,

> but I will say that I believe that adding PayPal as a payment option will

> subject members whose e-mail addresses are harvested from the "wild"

> (eg. HERE and other places) to a particular sort of phishing spam well

> known to Ebay users - and I'll leave it at that, except to suggest that the

>

> Board carefully consider the potential liabilities of having facilitated

> same.

>

> It matters not if a member has used PayPal, only that National OFFERS

> it and members addys are exposed. If those conditions are met, the

> phishing spam will follow.

>

> Phil Alexander, CSRE, AMD

>

>

> -----Original Message-----

> From: Christopher Tarr

> Sent: Jul 23, 2009 1:02 PM

> To: sbe member discussion mail list

> Subject: Re: [SBE] SBE Digest, Vol 204, Issue 1

>

> I think what you're missing is that it allows those who do not have a

> credit card to pay directly from their bank account via PayPal.  As has been

> mentioned before, nobody will be forced to use PayPal if they don't want

> to.  They can continue to pay the way they always have.  It's just another

> option.

>

> On Thu, Jul 23, 2009 at 11:59 AM, <dynotherm at earthlink.net> wrote:

>

>> Perhaps I'm missing something, but if we already have a merchant

>> account(s)

>> allowing payment via VISA/MC/AMEX what is the point of PayPal which

>> is intended for use as a payment mechanism for credit cards by those

>> (often

>> Ebay sellers) who do not desire or cannot qualify for a merchant account?

>>

>> It simply opens the door to a lot of spammers fraudulent PayPal messages

>> about nonexistent transactions designed to elicit banking information from

>> PayPal users. Why open that door when it appears to offer no advantages

>> compared with merchant account transactions?

>>

>> Phil Alexander, CSRE, AMD

>>

>>

>> -----Original Message-----

>> >From: John Poray <jporay at sbe.org>

>> >Sent: Jul 23, 2009 12:36 PM

>> >To: sbe at sbe.org

>> >Subject: Re: [SBE] SBE Digest, Vol 204, Issue 1

>> >

>> >We have had an automated new SBE member application on the SBE website

>> for

>> >over a year now. Payment is accepted using VISA, MasterCard and American

>> >Express.   You can find it under the "Join SBE" button on the blue and

>> white

>> >horizontal tool bar near the top of the page. Click on that and you'll

>> see

>> >several options. The URL is:

>> >https://www.sbe.org/cgi-bin/sbe_member_app.pl?goto=form

>> >

>> >Regarding PayPal, we will be using it on a limited basis soon as a sort

>> of

>> >test run. If it goes well, we'll expand its use.

>>

>

>

> _______________________________________________

> The SBE Roundtable, SBE at sbe.org

> To unsubscribe, go to http://seven.pairlist.net/mailman/options/sbe

>

> http://seven.pairlist.net/mailman/listinfo/sbe

>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://seven.pairlist.net/pipermail/sbe/attachments/20090723/eb09090b/attachment.htm>