Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Skype Billing Gone Haywire For Some Users

timothy posted more than 5 years ago | from the looks-fine-from-here dept.

Bug 154

Cousin Scuzzy writes "This morning I awoke to 26 e-mail messages from Skype and PayPal notifying me of multiple payments for my Skype account that had been charged to my credit card and subsequently refunded. At first I suspected that this was a new wave of spam that had slipped through my defenses, but it quickly became apparent that they were legitimate messages. I then began to worry that my Skype account had been compromised. The first message from Skype thanked me for setting up their "Auto-Recharge" service which automatically purchases Skype credit when the balance falls below a certain amount. This was very suspicious, as I had never requested this service. Based on posts to Skype's forum, it now appears that there have been serious billing problems at Skype relating to Auto-Recharge for over a month. Although I believe that all unauthorized charges to my credit card have been refunded, it is worrisome that Skype, or anyone, would charge my account erroneously. Skype, for their part, has not yet e-mailed me an explanation or posted one online. This problem reinforces my aversion to automatic bill payment services that give companies the authority to draw money from my bank account at their discretion." For all the Skype users out there, have you experienced this? For what it's worth, the company's own response on the linked forum thread says that the problem is now solved.

cancel ×

154 comments

Sorry! There are no comments related to the filter you selected.

Yet you did it. (-1, Troll)

John Hasler (414242) | more than 5 years ago | (#28011621)

"This problem reinforces my aversion to automatic bill payment services that give companies the authority to draw money from my bank account at their discretion."

But you created such an account anyway.

Re:Yet you did it. (5, Informative)

sqlrob (173498) | more than 5 years ago | (#28011691)

FTFS

The first message from Skype thanked me for setting up their "Auto-Recharge" service which automatically purchases Skype credit when the balance falls below a certain amount. This was very suspicious, as I had never requested this service.

Re:Yet you did it. (0, Redundant)

Hijacked Public (999535) | more than 5 years ago | (#28011745)

But it looks like he gave it to Paypal, then gave his Paypal info to Skype.

Re:Yet you did it. (2, Informative)

Spazztastic (814296) | more than 5 years ago | (#28011825)

But it looks like he gave it to Paypal, then gave his Paypal info to Skype.

And PayPal will automatically deduct money from your bank account when you set up a subscription unless if you configure it not to. I had then overdraft $100 from my account when I didn't kill off the auto renew.

Re:Yet you did it. (0, Flamebait)

goaliemn (19761) | more than 5 years ago | (#28012281)

so is it paypals fault you didn't turn off the auto renew? You need to make sure that you turn off auto renew or keep enough cash in your account to cover afew extra hundred bucks.

Re:Yet you did it. (4, Insightful)

Spazztastic (814296) | more than 5 years ago | (#28012495)

so is it paypals fault you didn't turn off the auto renew? You need to make sure that you turn off auto renew or keep enough cash in your account to cover afew extra hundred bucks.

This was a long time ago when I was unemployed and living in my parents basement digging through the couch for change to pay for gas money to go to job interviews. I never said it was paypals fault, as well.

Also, fuck you.

Re:Yet you did it. (1, Redundant)

Jurily (900488) | more than 5 years ago | (#28011907)

But it looks like he gave it to Paypal, then gave his Paypal info to Skype.

So now Skype can do whatever they want with his money?

Re:Yet you did it. (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#28012049)

The absolutely hilarious thing about paypal is that one of its co-founders fancies himself a libertarian [reason.com] who says of paypal: "The basic thought was if you could lessen the control of government over money and somehow shift the ability of people to control the money that was in their wallets, this would be a truly revolutionary shift." despite the fact that paypal is basically just an (expensive) escrow service with a frankly nasty reputation for incompetence, asshattery, and penny-ante fraud(Sorry, your account is locked, hope you didn't have any money in there).

Re:Yet you did it. (5, Insightful)

quanticle (843097) | more than 5 years ago | (#28012177)

That's one thing I find somewhat hypocritical of many libertarian thinkers. Its not okay when the government infringes on your privacy, but its perfectly okay when some corporation does so.

Re:Yet you did it. (3, Informative)

MadKeithV (102058) | more than 5 years ago | (#28012379)

It's okay. It's for profit.

Re:Yet you did it. (5, Insightful)

thebheffect (1409105) | more than 5 years ago | (#28012437)

The power rests in the ability of the individual to rectify this. He can stop using the corporation's services, remove personal information, etc.. You have no such ability in regards to the government.

Re:Yet you did it. (5, Insightful)

Anonymous Coward | more than 5 years ago | (#28012705)

The power rests in the ability of the individual to rectify this. He can stop using the corporation's services, remove personal information, etc.. You have no such ability in regards to the government.

That's the theory. In practice, lots of these companies act as complex monopoly-type webs and you are forced to deal with some of them no matter how much they suck (e.g. ISPs in some places). Just like dealing with the goverment, except that there's no way to get rid of them at all.
Virtually every company has some sort of unacceptable T's & C's - like including the clause that they can change the T's & C's at any time without notice. And they've already grabbed public goods (like easments) many years ago so you can't even set up in competition to them if you have the money.

Paypal doesn't quite fall into this category, although I have been completely unable to buy certain goods because I refuse to have an account.

Re:Yet you did it. (1)

Shoe Puppet (1557239) | more than 5 years ago | (#28013219)

But you cannot trust the corporation to actually delete personal information you remove. I'd personally be amazed if they did.

Re:Yet you did it. (1)

thebheffect (1409105) | more than 5 years ago | (#28013355)

Being a Libertarian, I would make the argument that the individual knew, or should have known, the risks prior to making the choice of using those services. Handing out critical personal information is a great risk that shouldn't be taken lightly.

Re:Yet you did it. (1)

Shoe Puppet (1557239) | more than 5 years ago | (#28013833)

That's right. However in some cases (Paypal may not be one of them)you just have to use a service: Living without electricity, for instance, is hardly an option for most people. Even if you can chose to which one, you effectively do have to give the information to one of the available providers.

Re:Yet you did it. (2, Insightful)

BrokenHalo (565198) | more than 5 years ago | (#28012631)

paypal is basically just an (expensive) escrow service with a frankly nasty reputation for incompetence, asshattery, and penny-ante fraud(Sorry, your account is locked, hope you didn't have any money in there).

I can't say I've ever had any problems with Paypal - but then I don't trust them very much either. Fortunately, it's pretty easy with my bank [stgeorge.com.au] to set up subsidiary accounts, and one of mine is a debit Visa card account to which I never credit more than the amount of any transaction I make. This is the one I have linked to Paypal, so there is a hard limit to how much they can attempt to withdraw.

Re:Yet you did it. (2, Insightful)

NormalVisual (565491) | more than 5 years ago | (#28012961)

They might not be able to withdraw any more than is in the account, but can they not still load you up with overdraft charges if they try?

Re:Yet you did it. (1)

nextekcarl (1402899) | more than 5 years ago | (#28013331)

That's what I was wondering. I just had a problem with a gym membership where they lost my cancellation form and billed me the following month. There wasn't enough money, so I got an overdraft fee. I went down to talk to them about it and they admitted their mistake (they were really nice about it and didn't even try to screw me) and they refunded the money plus the overdraft a few days later. I would have liked to be able to set up a different account number for them to draw from that didn't have an overdraft ability, but I don't think I can do that with my bank (off to check the website...)

Re:Yet you did it. (1)

BrokenHalo (565198) | more than 5 years ago | (#28013405)

They might not be able to withdraw any more than is in the account, but can they not still load you up with overdraft charges if they try?

No, because then it becomes a disputed transaction. Although it's a debit card, it has to follow Visa's rules, so if the transaction is disputed or fraudulent, it's the bank's problem to sort it out, not mine. I can just make sure I don't credit another cent to the account until the issue is straightened out.

So far, I haven't needed to implement this strategy with Paypal, but I like to be prepared rather than sorry.

Re:Yet you did it. (3, Insightful)

aaarrrgggh (9205) | more than 5 years ago | (#28011837)

Same thing happened to me; I had the automatically recharge unchecked, but the payment confirmation indicated thank you for using automatic recharge. Didn't worry too much about it, but Skype is definitely having some issues in the billing department...

Re:Yet you did it. (2, Insightful)

duguk (589689) | more than 5 years ago | (#28011705)

No he didn't - FTFS:

"The first message from Skype thanked me for setting up their "Auto-Recharge" service which automatically purchases Skype credit when the balance falls below a certain amount. This was very suspicious, as I had never requested this service."

Re:Yet you did it. (1)

Chyeld (713439) | more than 5 years ago | (#28011851)

How does Skype touch your bank account unless you give Skype the information concerning your bank account? OP was not referring to the auto-bill he was referring to the fact that the author grosses about how distrustful he is of auto-billing yet has already setup his account with his bank info stored on their side rather than doing the more 'cautious' method of not doing so and simply providing it each time.

In other words, he's calling out the minor hypocrisy in the author's statements.

Re:Yet you did it. (1)

Hijacked Public (999535) | more than 5 years ago | (#28011935)

I just RTFS but it looks like he gave his bank account info to Paypal, then gave his Paypal info to Skype. Technically, Skype charged his Paypal account not his bank.

Bad idea. Very bad idea (5, Informative)

blueZ3 (744446) | more than 5 years ago | (#28012197)

And this is why you NEVER, NEVER give your bank account information to anyone, let alone PayPal (PayPal motto: screwing buyers AND sellers since 2002)

If you must use PayPal--and I concede that it's barely imaginable that there's something you just have to buy that you can only get online and that is only sold by a site that only takes PayPal--you link your account to a credit card. Then if PayPal screws you, you contest the charge and they can take it up with American Express or whoever.

Under no circumstances does any online business get my checking/savings account info. If they don't take credit cards, I'll find somewhere else to shop. The inability to block charges from creating an overdraft and the lack of consumer protection that banks give account holders make this something that no one should ever do. Combine those faults with the dangers inherent in a recurring charge system and it's a no-brainer: don't give PayPal (or anyone else, especially anyone with as bad a customer service reputation as they have) your bank account info.

Re:Bad idea. Very bad idea (0)

Anonymous Coward | more than 5 years ago | (#28012499)

Note that is specific to your country and exact payment method. E.g. here in Germany direct debit is very popular.
While you should remember to regularly check your account for incorrect debits (though legally it doesn't matter, it only means it is almost certain you have to go to court to get your money back, you'll still get it back), if there is something wrong I just go to my bank, say "I didn't give permission for that" and it's immediately fixed, no questions asked.
With a credit card it is more trouble because I'd have to write a letter or whatever other way they can be contacted...

Re:Bad idea. Very bad idea (3, Informative)

Shikaku (1129753) | more than 5 years ago | (#28012755)

Except on accepting the terms with Paypal you waive your right to contest credit card charges against any charge made from Paypal.

http://www.paypalsucks.com/credit-card-waiver.shtml [paypalsucks.com]

Re:Bad idea. Very bad idea (1)

nacturation (646836) | more than 5 years ago | (#28013053)

PayPal's only recourse in that situation is to take someone who does a chargeback to civil court. My credit card issuer isn't going to care that PayPal claims I've waived something if they see dozens of duplicate charges on my card. They're going to refund the charges and block PayPal from any further ones.

Re:Yet you did it. (3, Insightful)

LordLimecat (1103839) | more than 5 years ago | (#28011733)

Id think the point would be moot, since once they have your card number, they can charge you any time they want anyways. Either way, whether you set up such a payment system or not, once they have your credit card, they can start charging, and I dont think legally theres any difference between taking money illigitimately WITH a payment system or without one.

Re:Yet you did it. (2, Informative)

MasterOfMagic (151058) | more than 5 years ago | (#28011787)

I dont think legally theres any difference between taking money illigitimately WITH a payment system or without one.

Then you would be wrong. Taking money illegitimately without a payment system is intent to commit wire fraud and taking money illegitimately without a payment system could just be a billing error. Intent is important, especially when bringing criminal charges.

Re:Yet you did it. (1)

Achromatic1978 (916097) | more than 5 years ago | (#28012169)

And then there's the grey area in between. A while ago, in Australia, I'd gone out shopping. Used my debit mastercard to buy about $3,000 of furniture.

Went to use my card the next day. Declined. Checked online, I was at least $2,000 overdrawn. I noticed that the furniture chain had charged my card twice. Called the bank. She noticed who it was and said that "it definitely wasn't the first time [said chain] had had billing errors where they ran batches twice on Friday and reversed on Monday"...

I wonder how much interest they make on that...

She reversed the charge. Then a few days, the store reversed the charge. Then called me up to complain about why I'd had the charge reversed. Nice. Their claim (haha) was that I should have waited for them to fix their error. I laughed and said there was no way that would happen. Not for a credit card, and definitely not for a debit card that their incompetence/malice had managed to overdraw with their billing.

Re:Yet you did it. (1)

Enigma2175 (179646) | more than 5 years ago | (#28013323)

How was such a charge approved? After the first charge, your account balance should have been too low to get approval for the second charge. I don't know how the system works in Australia but in my neck of the woods if a debit card does not have the funds available the charge does not get approved.

Re:Yet you did it. (1)

Achromatic1978 (916097) | more than 5 years ago | (#28013463)

Two ways, either a floor limit, or batched offline transactions can be approved. When you already have the goods...

Now, should it be able to happen? No... but typically, if the merchant can't get an approval on your card, they can offline the transaction, and it'll typically go through, based on what their merchant 'type' is (a la the same thing AmEx etc use on your bills for the type of charge, i.e. 'flights', 'dining', 'goods', 'services', 'travel'). Some of these are able to get offline approvals in excess of available funds.

Re:Yet you did it. (1)

BrokenHalo (565198) | more than 5 years ago | (#28012955)

Taking money illegitimately without a payment system is intent to commit wire fraud and taking money illegitimately without a payment system could just be a billing error.

Ultimately, it doesn't make any difference for a lot of us. After all, how many of us (outside of the US) know a physical Paypal office address in their own country? I found a mention of an office in Richmond-Upon-Thames, but that's a long way away from Perth, Western Australia.

You have no redress through courts if Paypal isn't under your government's jurisdiction. Unless you are able to physically appear at their office and kindly offer to start breaking kneecaps, you have zero chance of getting satisfaction.

Your only recourse is to either not use Paypal or to limit Paypal's access to your funds.

There is a difference (4, Informative)

quanticle (843097) | more than 5 years ago | (#28012235)

If they take money from your credit card without you authorizing it, you can contact your credit card company and request a charge back. If you already have a payment plan, however, you have essentially pre-authorized payments, which makes getting the money back much more difficult.

Re:Yet you did it. (0)

Anonymous Coward | more than 5 years ago | (#28011755)

Per the original posting, his credit card is charged for Skype purchases, not his bank account.

Credit card = bank account (1)

nacturation (646836) | more than 5 years ago | (#28012981)

"This problem reinforces my aversion to automatic bill payment services that give companies the authority to draw money from my bank account at their discretion."

But you created such an account anyway.

I'm not sure why the parent was modded troll. I believe the point here is that the submitter claims that his credit card was charged, and also says that money was drawn from his bank account. There are credit cards which essentially work as debit cards, where every purchase you make is immediately deducted from your bank balance, and your balance is your limit.

This is a really stupid kind of credit card to get. With a regular credit card, any transactions made are done without touching your money. It's a virtual line item on a statement. Got a problem? Call your card issuer and dispute the charges. It's now Skype's problem to prove those charges were authorized and nothing touches your bank account. When your credit card is tied to your bank account, any problem charges are instant money out of your pocket. You're then fighting to get your money BACK. For those who don't have (much) savings that could mean you don't make the mortgage/rent payment, you can't buy food, and so on until it's resolved.

uh oh (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28011623)

Flying Spaghetti Monster strikes back!

No (2, Informative)

Smivs (1197859) | more than 5 years ago | (#28011699)

For all the Skype users out there, have you experienced this?

Nope!

Skype isn't known for being forthcoming... (2, Interesting)

mister_playboy (1474163) | more than 5 years ago | (#28011747)

I'm sure they will explain this situation right around the time they make a 64bit release for Linux... or release a version for Linux and Mac OS X that isn't horribly outdated in comparison to the Windows version.

I hate Skype in many ways, but the plain fact is that Ekiga on Windows is worse than Skype on Linux, and I never managed to get one successful call to my girlfriend or family via Ekiga.

If anyone knows of a cross-platform VOIP/webcam program that is better than Skype, I'd love to hear about it.

Re:Skype isn't known for being forthcoming... (1)

ProfMobius (1313701) | more than 5 years ago | (#28011865)

I second this. Does anyone knows a good crossplatform VOIP with webcam and open source if possible?

Re:Skype isn't known for being forthcoming... (0)

Anonymous Coward | more than 5 years ago | (#28011937)

Indeed. I too would like to know about a decent VOIP/webcam program for linux OS X calls.
At the moment Skype seems to be the only one.

Re:Skype isn't known for being forthcoming... (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28012001)

videolan VLC has a point to point webcam mod

Re:Skype isn't known for being forthcoming... (0)

Anonymous Coward | more than 5 years ago | (#28012127)

What about Gizmo?

Re:Skype isn't known for being forthcoming... (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28012135)

Have you tried Gizmo5?
http://gizmo5.com

Re:Skype isn't known for being forthcoming... (1, Informative)

Anonymous Coward | more than 5 years ago | (#28013519)

Awesome you were modded "interesting"... except, you're not.

Gizmo5 only supports webcam on its windows client.
The OS X client is from 2008.
The linux client from 2007.
Neither support webcam. Awesome.

/. Genius Bar (2, Interesting)

mpapet (761907) | more than 5 years ago | (#28012373)

This should look *remarkably* familiar to some of you. http://www.counterpath.net/x-lite.html&active=4 [counterpath.net]

It's clear by the number of comments looking for a 'good' voip client you may not have a handle upstream issues. The only way to actually get a handle on it is to debug the UDP traffic.

1. NATing Most home networking devices have poor support for media NATing. (RTP/UDP The ones that have decent support are cursed with firmware supporting a single VOIP provider. This is where a device you can install a Linux distro on is helpful, but only the first step. http://www.iptel.org/sipalg/ [iptel.org] I've had problems on Cisco devices too, so don't think you can spend your way out of the problem.

2. ISP issues. I have seen ISP issues with VOIP media that does not originate from the ISP's VOIP service.

A simpler shot in the dark is to use an SIP proxy to handle the call. (STUN server) In some cases this works because the proxy goes to great effort to keep the connection alive at all times. Can you proxy a Skype call? Dunno if they support plain-vanilla SIP.

Welcome to VOIP!

Re:/. Genius Bar (1)

TheRaven64 (641858) | more than 5 years ago | (#28012693)

Is this really difficult? My phone supports SIP, and when I'm in my house it connects to my SIP provider and I can make and receive calls via SIP. The phone is just a basic Nokia thing, with the SIP client part of the standard features. I could use the same account with my SIP provider with a softphone on my laptop, but I haven't bothered yet. I didn't need to do anything with my NAT / firewall; the phone initiates the connection to the provider (sipgate, in my case) and the stateful tracking makes it work automatically. I can make VoIP or VoIP to/from POTS calls just as easily as I can make POTS calls, the only difference is that I need to be near a wireless access point to use VoIP.

Re:/. Genius Bar (2, Informative)

mpapet (761907) | more than 5 years ago | (#28013297)

Is this really difficult?
For some, yes it is.

the stateful tracking makes it work automatically
That's great that it works for you, but Nokia's 25 page troubleshooting guide suggests there are many problem users.

http://www.forum.nokia.com/info/sw.nokia.com/id/2e470bc4-236d-48e2-bc96-977784811af8/Nokia_S60_VoIP_Implementation_Troubleshooting_Guide.html [nokia.com]

Very nice guide for generalized VOIP problems!

Re:Skype isn't known for being forthcoming... (1)

zafo (654378) | more than 5 years ago | (#28012455)

Try Gizmo. It's a SIP-based alternative that works quite well.

Re:Skype isn't known for being forthcoming... (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28012481)

There's zoiper (http://www.zoiper.com/) which is known to work well with these guys - http://www.voipfone.co.uk/ [voipfone.co.uk]
Account sign up is free and calls to other users are free.

(I work for them now but used their service for years before getting my current job).

It begin (1, Funny)

Tachys (445363) | more than 5 years ago | (#28011805)

It begins the Rise of the Machines skynet has declared war on humanity...

Oh Skype? never mind then

going on for months/years (4, Interesting)

Anonymous Coward | more than 5 years ago | (#28011831)

This happened to a friend of mine about a month ago. He got logged out of skype and couldn't get back in. Then he starts getting emails from Paypal about charges from his skype account for phone calls to somewhere in eastern Europe.

He got his account and money back but his contacts had all been wiped.

There is either a hole in skype or a piece of malware out there harvesting skype credentials. Google "lost skype account" or something like that.

Re:going on for months/years (2, Interesting)

je ne sais quoi (987177) | more than 5 years ago | (#28012041)

Then he starts getting emails from Paypal about charges from his skype account for phone calls to somewhere in eastern Europe.

I had this happen to me as well about a year ago. It looks like somebody is running a big scam in Eastern Europe. The strange thing is that I don't have a skype account, nor did I think I had a paypal account. In the end, I found out that at one point I bought an ELER [geekz.co.uk] t-shirt where the guy required that I create a paypal account and then I forgot I had created that. It took a frustratingly long time to get my paypal account canceled, and skype is still bugging me about returning their e-mails about getting my "skype account" (which never existed) straightened out. The nice thing about this whole shenanigan was that my credit card company immediately contacted me and in short order created a different account number for me. I'll think twice before ever creating either a skype or a paypal account ever again though, that's for sure.

Re:going on for months/years (1)

Jaysyn (203771) | more than 5 years ago | (#28012621)

The lesson here is to never ever use PayPal for anything. Seriously.

Re:going on for months/years (4, Interesting)

Cousin Scuzzy (754180) | more than 5 years ago | (#28012367)

Looking into this further, it does appear that my Skype account was compromised last night. There were 428 international calls made with SkypeOut in a 13 minute period. And yes, Skype has my PayPal information, which in turn is linked to my credit card.

In retrospect I was responsible for leaving a trail of financial data that allowed this to happen. Skype deserves credit for stopping the illegal activity so quickly. However, I'd prefer that Skype send me an e-mail for confirmation whenever account changes such as signing up for Auto-Recharge are requested. And obviously if an e-mail account change is requested I should get notified at my old address as well.

This certainly showed me that I need to be more vigilant about protecting any account that is linked in any way to my bank and credit accounts. I had considered Skype to be a very low risk account, but that changed when I signed up for SkypeOut.

a good feature would be ... (2, Insightful)

jsnipy (913480) | more than 5 years ago | (#28011843)

Just as papal can give you a front number to hide your credit card, they should enact the ability to make that number approve payments on a time frame basis or time frame + payee basis.

Re:a good feature would be ... (3, Funny)

rrohbeck (944847) | more than 5 years ago | (#28012531)

What does the pope's can have to do with this?

Yes I have experienced it... (3, Interesting)

blahplusplus (757119) | more than 5 years ago | (#28011847)

.. In my opinion skype is being hacked enormously. If you have a skype client open it is also a gateway to your computer. I had never put my credit card # in skype's billing database, but I DID have it on my computer in a text file, my best guess is that Skype is being massively hacked and be weary of using the skype client on your computer if you value your security.

Re:Yes I have experienced it... (0)

Anonymous Coward | more than 5 years ago | (#28011993)

Mmm... wasn't Skype caught a couple of years ago sending back to its servers the passwd file of Linux client PCs? A good reason why I only use Skype on a Nokia N800 Internet tablet that has no named users, passwords or anything sensitive in it (no, not even navigation data to banking or other personal sites)

Re:Yes I have experienced it... (0)

Anonymous Coward | more than 5 years ago | (#28012149)

if you put your cc number in a text file on your computer, you're just asking for trouble.

Re:Yes I have experienced it... (0)

Anonymous Coward | more than 5 years ago | (#28012417)

Yeah seriously. It's 16 numbers, an expiration date and a 3-digit security code. Just memorize it.

Re:Yes I have experienced it... (4, Funny)

berashith (222128) | more than 5 years ago | (#28012999)

but the three digit code is there as proof that I am holding the actual card. If I memorize it I will have broken the entire security model.

Re:Yes I have experienced it... (4, Funny)

eln (21727) | more than 5 years ago | (#28012453)

but I DID have it on my computer in a text file

This is a problem, because anyone who got access to your computer would have access to your CC number.

To avoid this security hole, rather than keeping my CC number in my computer, I keep it on a small plastic card in my wallet.

Re:Yes I have experienced it... (1)

blahplusplus (757119) | more than 5 years ago | (#28012529)

No doubt but hence that is why I said that is my best guess, I'm not certain that is what occured. Hence my disclaimer that is 'my best guess', since it is one of the simplest explanations for why my CC was billed from another country and billed using skype (something I frequently had opened and used).

There are many ways to get credit card numbers now-a-days, it COULD have been skype, or it could be the criminals got a list of CC's from somewhere else.

Not only that you'd have to know what you were looking for, I didn't name the text file CC.txt

Re:Yes I have experienced it... (3, Insightful)

Allicorn (175921) | more than 5 years ago | (#28012739)

Fascinating. Can we see the evidence you base this opinion on? If Skype is indeed being "massively" hacked, there must surely be a massive mountain of readily available evidence?

A quick google finds me plenty of angry, barely coherent forum posts by folks warning all their school friends about trojan-hacker-virusses spreading via Skype calls. I also find a not-unsurprising crowd of unfortunate users who blame Skype for genuine problems on their unpatched, unfirewalled XP-Home box.

The most serious looking warnings I find are mostly of two types. (1) warnings to businesses about the dangers of letting your employees install a secure, encrypted, peer-to-peer, file-transfer system (Skype) on work computers and thereby leak company information. (2) a whole bunch of scam sites using the same cut'n'paste text to misleadingly label the W32.Warezov email trojan as some kind of Skype-based virus.

I don't find - at first glance - a whole lot of serious articles from trusted sources claiming that Skype is a wide-open gateway to malware hell.

Nonetheless - as a Skype user and general security-concerned geek - I'd always be interested to hear genuine evidence that Skype is a security hazard to users who would not accept random file-transfers of from unknown Skype contacts.

Lets not forget that FUD is FUD even when it's not directed against Linux.

Re:Yes I have experienced it... (1)

blahplusplus (757119) | more than 5 years ago | (#28012837)

"Fascinating. Can we see the evidence you base this opinion on?"

Consider the likely explanation:

Recently installed skype, have never used this particular CC online, the CC# suddenly starts getting billed *for* SKYPE, i.e. skype is getting paid by someone else using my CC for skype calls from another country.

The only conclusion one could possibly come to given the relationship between the two is that skype has been hacked and is being used to infiltrate other computers.

Try a little occam's razor, and I said it was my best guess given the evidence and the simplicity of the explanation.

Nothing to worry about... (1)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#28011853)

Just a friendly reminder of how tenuous your status as a 21st century "consumer" can be. Quick: How many people/organizations are one simple fuckup away from making a raft of cryptic charges to your credit card? Sure, you can fight them; but it'll be a big hassle and, depending on how cooperative various parties are feeling, you may be stuck with fees, paying bills until things are sorted out, years of harassment by collections people, and/or a credit rating hit. How many more people/organizations could(and possibly already are) tacking on little charges here and there, semilicitly? Not to mention, of course, the actual criminals.

Have a nice day.

Re:Nothing to worry about... (1)

John Hasler (414242) | more than 5 years ago | (#28012141)

> How many people/organizations are one simple fuckup away from making a raft of cryptic
> charges to your credit card?

Very few. If such a thing were to happen I would contact the bank and inform them that the charge was unauthorized and I refuse to pay it. In my admittedly limited experience the bank will then charge the amount back to the merchant and demand that he prove I authorized the charge.

> How many more people/organizations could(and possibly already are) tacking on little
> charges here and there, semilicitly?

None. You see, the bank sends me a thing called a "statement" each month. It lists all the charges and I check them all.

> Not to mention, of course, the actual criminals.

Those who "tack on little charges" that I did not authorize are criminals.

Re:Nothing to worry about... (1)

blincoln (592401) | more than 5 years ago | (#28013003)

Very few. If such a thing were to happen I would contact the bank and inform them that the charge was unauthorized and I refuse to pay it. In my admittedly limited experience the bank will then charge the amount back to the merchant and demand that he prove I authorized the charge.

In the US, that's generally true for a credit card. It's not necessarily true for a debit card. Both of the banks I've used have given "provisional" credit back when I've contested debit card charges, and the process for the investigation can take months.
So if, for example, you contested a $300 charge, and then six months later your bank reversed the provisional credit (without prior notice) because they lost the form you faxed them from one of their branches and claimed it never arrived, and you happened to have only $250 in your checking account at the time, you would incur an overdraft fee.
I make it a point to only use a credit card now. I feel badly for the merchants, because I know it costs them more, but the lack of protections for debit cards is too much of a hassle for me to deal with.

Re:Nothing to worry about... (1)

berashith (222128) | more than 5 years ago | (#28013173)

The very few times that I have been forced to give a CC number to an organization that I didnt trust who intended to debit without my approval (earthlink, I am looking at you), I have immediately called in my card stolen after the transaction was completed. This way, the auto-charges fail, and I get a paper bill that I can then pay. If they make noise and try to force me to allow them to autodebit again, same process. The CC company actually laughed the third time I called in a lost card in less than 6 months.

Re:Nothing to worry about... (2, Informative)

blueZ3 (744446) | more than 5 years ago | (#28012331)

I'm not sure I agree...

I've had problems with credit card charges in the past (three times in the last six or so years) and because of the consumer protection laws that CC companies are forced to comply with, it was essentially painless to fix--leaving aside the time for a single phone call and filling out the snail mail form they sent. They aren't allowed to require you to pay fees or disputed amounts. If they're trying to stick you with this, you need to let your state AG know.

I reconcile my credit card statement with my budget at the end of every month (yes, every charge or cash payment goes into a spreadsheet, which I compare to the CC statement at month's end) and I've never had any "little charges" tacked on, either.

Of course, I understand that my experience might not be universal, but if you're really having those kinds of problems with your CC company I think the problem is that you need to switch to a credit provider that has better customer service. From personal experience I can recommend American Express (they've been great) or a credit union.

Biling (5, Funny)

Anonymous Coward | more than 5 years ago | (#28011877)

I am with Skype/Paypal Customer Service Biling. Please submit your account and credit card info hear and well ensure all refunds will be examined. Thank you

Re:Biling (2, Funny)

dkleinsc (563838) | more than 5 years ago | (#28012077)

I'm sorry, that sort of attempt at biling fraud makes me puke.

Re:Biling (1)

Chyeld (713439) | more than 5 years ago | (#28012469)

Yes, they should have at least spelt it as here instead of hear and registered a official sounding name rather than 'anonymous coward'. Who the hell is going to trust their bank info to someone with that name?

Re:Biling (1)

dkleinsc (563838) | more than 5 years ago | (#28012505)

If it had been just once, I'd have let it go. Since Mr AC did it twice, I figured it was a worthy target of a pun, that's all.

Re:Billing (0)

Anonymous Coward | more than 5 years ago | (#28013037)

I am with Skype/Paypal Customer Service Billing. Please submit your account and credit card info hear and well ensure all refunds will be examined. Thank you

Re:Biling (0)

Anonymous Coward | more than 5 years ago | (#28012939)

I am with Skype/Paypal Customer Service Biling. Please submit your account and credit card info hear and well ensure all refunds will be examined. Thank you

Account: Ben Dover
CC: 5555-5555-5555-4444

Thanks for your assistance

Use multiple checking accounts (1)

macbeth66 (204889) | more than 5 years ago | (#28011963)


This problem reinforces my aversion to automatic bill payment services that give companies the authority to draw money from my bank account at their discretion.

There is really nothing wrong with automatic bill payment. I do it with a secondary checking account. To which I add money when bills are coming due. They can't withdraw more than there is and I have yet to be charged an overdraft fee.

A third checking account if for my pay check and only my pay check. Everything comes out on pay day.

I am very tempted to set up a fourth account just for PayPal.

Re:Use multiple checking accounts (1)

blueZ3 (744446) | more than 5 years ago | (#28012385)

It's better (IMO) to use a credit card with your PalPal account than to rely on the fact that you haven't had an overdraft yet. Credit card companies are forced to comply with a fairly consumer-friendly set of regulations (limitations of liability, not charging interest or attempting to collect disputed amounts) that your bank is not. Giving up banking details--to PayPal, epecially--seems fraught with risk.

transaction processing (3, Interesting)

Red Flayer (890720) | more than 5 years ago | (#28011981)

This is what happens when transactions are done based on results of database queries and/or spreadsheet analysis. One error is made, someone attempts to reverse the batch of transactions to correct the error, and makes another error. Then someone else steps in, and compounds the problem. In the end, the only way to get it back to some semblance of the correct state is to go back and run the transactions in opposite amounts from the top of the stack (LIFO).

This is what happens when you have technical people (especially not-so-competent technical people) handling financial transactions.

Workflow for payments and other financial transactions should come from your source document (it doesn't have to be a literal document, it can be an authorization entry, etc). The accuracy of the data capture at this point is essential. If you use a key value to grab most of the data needed, validation needs to be very strong.

Source --> Data Capture --> Validation --> Set-up of transactions --> Validation --> Execution --> Data capture of results --> Validation --> Update file --> Validation .

I personally have seen many failures because of errors in validation, and the ensuing mess as well-meaning people try to correct the error. Nothing like 36 db entries and half a wasted day just to correct a single error that a user offshore made overnight, then compounded with the "helpful" input of his team members... and then the ensuing clusterfuck of explaining to the client what had happened, what we'd done to ensure it wouldn't happen again, and many, many apologies.

electronic access to your accounts is crazy (2, Insightful)

cats-paw (34890) | more than 5 years ago | (#28012005)

I know it can be convenient, but I think it's just crazy to let anyone directly charge your CC or worse yet, your bank account.

The era of buggy software which can make enormous mistakes quickly, hacked software which is out to get you, and corporate overlords who look at their customers as the enemy, makes it far to risky to grant them such access.

I won't do it.

Even if it's a CC and you can get it fixed, it's going to be a hassle.

Re:electronic access to your accounts is crazy (1)

blueZ3 (744446) | more than 5 years ago | (#28012479)

I've had three mistaken CC charges in the last six years and it's never been a hassle to get them reversed. In each case a single phone call and the return of a snail-mail letter (in a postage-paid envelope) sufficed. This of course depends on having an account with a reputable credit card company, not Joe's All-you-can-charge-bank. The consumer protection laws seem to work pretty well to protect credit card customers, though that's just my personal experience.

On the other hand, I would never, NEVER give my bank account info to anyone. Let alone the incompetent fools at PayPal--assuming here that I shouldn't attribute to malice what can be adequately explained by stupidity.

Re:electronic access to your accounts is crazy (1)

BrokenHalo (565198) | more than 5 years ago | (#28013245)

but I think it's just crazy to let anyone directly charge your CC or worse yet, your bank account.

The only time I've had a problem with this is one that I traced to an occasion when I had no alternative to making an internet transaction on someone's Windows box while I was on holiday. Either the antivirus software didn't do its job or the machine was compromised in some other way, but shortly afterwards my c/c account was slugged for a bit over $800 by clickandbuy.com, with whom I have never had any dealings.

The first I heard about it was when I tried to make a normal transaction shortly afterwards, only to find that the bank had picked it up and frozen my account. I lost a few dollars via foreign exchange on the eventual refund, but it could all have been a lot worse.

The moral of the story that I took away was to set up my own mobile internet connection, and to take my own laptop with me on trips. In other words, trust no-one.

Dreamhost (2, Informative)

horatio (127595) | more than 5 years ago | (#28012021)

Dreamhost had an issue last year where they incorrectly billed customers to the tune of millions of dollars [dreamhost.com] . They seemed to be quite up front about what happened, apologized, returned the money [dreamhost.com] as quickly as possible and really tried to figure out how to not have it happen again.

Re:Dreamhost (1)

Ambiguous Coward (205751) | more than 5 years ago | (#28012201)

really tried to figure out how to not have it happen again.

What, getting caught?

It can't mean that! Can it? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28012119)

I am afraid to have to say that the Belgian police agree with me that the situation can only mean one thing, that my password was obtained by thieves from Skype: I hold a post which means that security is a day-to-day habit, and passwords are not written down anywhere as a result at my end. My usage pattern is such that it is very clear both the fraudulent attempts to extract funds from my account and the fraudulent use of my phone subscription were not of my doing, that the data could not possibly have been extracted by any means as it has not been input in years, and that it is just not credible to put this down to a software fault as a result: telephones don't suddenly start calling the other side of the world at the same instant money takes itself into its own head to start paying itself to both PayPal and VISA. Similarly, the many other similar complainants indicate that this is not the users' fault, but Skype's. As a result, a dossier has been opened for theft and you should be hearing from the Belgian Police and Luxemberg Banking Regulators in the near future.

Actually, it can mean more than one thing. It can mean that Ebay/Skype do not employ any sort of heuristics to watch the treasure trove of unlimited VoIP minutes available to those who can hack the database of user/passwords. It can mean that the PayPal/Skype agreement is triggered by the "need" to refill each account as it is depleted of funds. Therefore, though all accounts have not been effected yet, this may be true only because there are a limited number of minutes that the hackers can use at any given time. I can mean that Skype accounts are being traded online through hacker networks. And it can mean that "automatic" payment accounts should require confirmation as a matter of reasonable security. It can also mean that a man-in-the-middle attack was used to collect passwords. (It must be a nightmare to investigate that from Luxemborg.)

Who knows, it might also mean that the NSA's telecommunications budget was skipped over in the last round of appropriations....

No. That last bit is completely out of the question.

Skype Fails... (0)

Anonymous Coward | more than 5 years ago | (#28012217)

I've had issues with this as well, and its been a costly battle because it charged my debit card attached to my pay pal, and it was so many times that its over drafted my bank account to the tune of about 500 dollars. :/

Not skype, but bank (1)

slyrat (1143997) | more than 5 years ago | (#28012275)

I had something similar happen with one of my bank accounts. I had set up a new loan for a car with the same company that I had my other loan through. The only change was that I had set up this second account to auto-bill a different bank account. I then discover that they had decided to auto-bill the first account at the same time as the first. This led to a significant negative balance (because it normally had just enough at the beginning of each month to pay said bill). It took several hours and calls to both the bank and the loan company before things were fixed. It is very difficult to get money back when the people involved say that nothing is wrong.

Your conclusion doesn't follow.. (2, Insightful)

cortesoft (1150075) | more than 5 years ago | (#28012307)

I don't understand why this occurrence would make you want to avoid automatic payment systems... You didn't sign up for the automatic payment system in this case, and you still had a problem.

Clearly the not using the automatic payment system doesn't help you avoid this problem. In reality, there is no way to NOT give a company permission to charge your account repeatedly whenever you pay for something online... (unless you use one of those one time credit card numbers). I don't think it is practical to advise never paying for anything online, so you always run the risk of accidentally being charged the wrong amount. The only prudent action is to always monitor your accounts to make sure all the charges are legit.

Not just auto billing but also direct deposit (1)

RJFerret (1279530) | more than 5 years ago | (#28012311)

I avoid anyone dipping their fingers into my accounts and mucking things up.

Back when direct deposit was starting to become more common, a former girlfriend was paid that way and found her checking account overdrawn when they made an adjustment. (And no, they wouldn't cover the overdraft fees.)

Now sure, she shouldn't have relied on her balance statement alone, and nowadays some of us create separate accounts for those things, but it's much more of a hassle to try to track and keep accurate records and shift funds between all those accounts.

I can remember only needed a savings and checking account. Now I have those, a paypal account, another checking account to manage the paypal account, I had another account back when you could profit from poker online...(and the funds needed in each of those accounts not earning interest like they would in savings).

NEVER EVER EVER (3, Insightful)

just fiddling around (636818) | more than 5 years ago | (#28012409)

Give ANYONE direct witdrawing access to any of your bank accounts, or they will one day use it as their personal piggy bank.

Even if you only deposit what you owe them in the accound, you will face overdraft fees.

Anyway, that is an ugly hack in the age of internet bill paying. All my bills are paid (a) on a credit card if it cannot be avoided OR (b) registered in my bank portal so I can send a payment at my leisure. The two options give me full control of who gets how much, and when.

And in the event of a dispute about the amount owed, I can still pay the rent because I only have one call to make to initiate a chargeback. I know people who got their main account emptied by Bell after an "error". If Bell cannot be trusted, who can?

There is a way out.. (1)

ulmo3 (830282) | more than 5 years ago | (#28012723)

I use Citibanks virtual numbers which lets me give a virtual number and then fix the amount to that number and time limit. I usually choose the exact amount as the limit and time limit of 2 months. This way no merchant can force me to use automatic payments. I have noticed that in Skype it automatically selects automatic payments for you and you need to be careful to make sure it does not get selected. If you go to the next screen and then come back it gets selected again. So you have to be careful

Skypenet (1)

murpium (1310525) | more than 5 years ago | (#28012809)

It's just Skype becoming sentient.

Skype supposidly has security loopholes (1)

jrhawk42 (1028964) | more than 5 years ago | (#28012867)

I've read several articles that tend to ramble about Skype's security. Most of it's speculation though since Skype uses proprietary software. Obviously no program is 100% secure, but I think w/ the millions of accounts, and it's history of running w/ a nefarious crowd if there was a huge security link the shit would of hit the fan by now. Still it's not a bad idea to close skype when you're not using it, and watch your account closely.

Free access to billing (1)

gordguide (307383) | more than 5 years ago | (#28012979)

It's not often a good idea to grant a company automated billing, but then again, some tech operations depend on it, and consumers are all about the convenience.

But, once a company ... ANY company, abuses it, you should cut them off and insist they bill you and wait, like everyone else has to, for payment.

It's an abuse of trust, and that should never be tolerated or rewarded. If the offending firm complains that to revert to old fashioned billing would be too expensive, tell them you don't believe them, since actually running an automated billing system seemed too expensive to them as well. Otherwise it would have been given the necessary resources to insure it would NEVER be broken in the first place.

Everybody makes mistakes... (2, Insightful)

feepness (543479) | more than 5 years ago | (#28012991)

Although I believe that all unauthorized charges to my credit card have been refunded, it is worrisome that Skype, or anyone, would charge my account erroneously.

Companies make errors all the time. I suggest you spend a few moments reviewing your statements when they come in. It is pretty obvious when mistakes are made, and they seem to happen most often with cellphones.

This is one reason I like to stick to paper statements. It reminds me to look at them when the bill comes in.

Billing issues are common with Skype (0)

Anonymous Coward | more than 5 years ago | (#28013273)

Billing issues are common with Skype.
Read their forums and see. It has been a complete nightnare for years.

Agree-to-this! (3, Informative)

revjtanton (1179893) | more than 5 years ago | (#28013809)

A little over a year ago I moved from FL to MD and I had DirecTv. I moved for a job with short notice so my fiancee and I had to move in with her mother for a month until we found a place. The DirecTv followed us to MD for free, but when we moved to our condo there was a problem.

DirecTV doesn't state it online but when you move using their "Movers Connection" you've agreed to extend your service by 6 months, and you've agreed not to move again for those same 6 months. If you do move or cancel within those 6 months they charge you the full cost of your original move plus fees...and they charge your card automatically!

Like I said there was no notice online of such a stipulation, nor did the agent who set up my original move inform me of that criteria. My card was charged $600 4 days before my wedding putting me overdrawn and causing my rent to bounce...putting me down an additional $1500...and I had to pay for some things for the wedding. When I questioned DirecTV about the agreement they said there is no place to view it online, they dont have a document to send, but they assured me that I did, in fact, agree to some silly agreement by moving in the first place.

This story is relevant to the posting because of the automatic withdraw. If they billed me that is one thing, I could call them and work it out, but instead they automatically took money off of my default method of payment simply because it was there. How is this OK with people?! Eventually I got all of my money refunded and a full apology from DirecTV for the hassle...needless to say Im with Verizon FiOS now.

This whole thing burns me up. I think Penny Arcade summed up our collective frustration nicely here [penny-arcade.com] . I have been working on creating a wiki to translate user agreements to plain English so we can all get an easier glimpse at the crap we're agreeing to, and the "rights" we forfeit to our utilities etc. Furthermore the site will branch off into areas where those who are commonly disadvantaged can come together to take legal action against companies who blatantly violate their privacy (like Skype did in the post) or their right to know what they agreed to (like my DirecTV situation). Government is supposed to enforce what we the people deem morally just, yet it seems that whatever the government deems legal we all assume is moral...that doesn't make sense to me. Its about time we started revisiting how we're conducting ourselves in my opinion.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?