Thought Leadership
A security system failure at PayPal caused banks to halt direct debits worth billions. The company says the problem has now been resolved.
Security systems at US payment service provider PayPal that are designed to filter out fraudulent direct debits have failed. According to a report by the Süddeutsche Zeitung, banks subsequently stopped direct debits totaling in the double-digit billions. These involved direct debits where PayPal withdraws money from customers’ bank accounts after they have purchased goods online, for example.
The incident was confirmed by the German Savings Banks and Giro Association (DSGV). In recent days, there have been “incidents involving unauthorized direct debits from PayPal against various credit institutions,” the association said. “These incidents had significant impacts on payment transactions throughout Europe and particularly in Germany. This was also noticeable for customers of institutions in the Savings Bank Financial Group last Monday for several hours.”
The incident primarily affected merchants who received their money from legitimate direct debits with delays. Consumer advocates recommended that PayPal customers check their PayPal accounts for unauthorized charges.
Criminals forge direct debits
Criminals repeatedly attempt to trick banks and financial service providers like PayPal and steal money from their victims’ bank accounts using forged direct debits. According to information from the Süddeutsche Zeitung, PayPal’s security system, which is supposed to detect and filter out these fraud attempts, “apparently failed completely or largely” at the end of last week. As a result, PayPal apparently submitted all direct debits to banks without proper verification.
The DSGV statement continues that PayPal has acknowledged the operational disruptions and assured that the problem has since been resolved. “Payment transactions to and from PayPal have been running normally again on the Savings Bank Financial Group side since Tuesday morning, but remain under observation.”
PayPal: Problem has been fixed
A PayPal spokesperson confirmed to dpa that there had been problems, but these have now been resolved: “PayPal experienced a temporary service interruption that affected certain transactions of our banking partners and potentially their customers. We quickly identified the cause and are working closely with our banking partners to ensure all accounts have been updated.” PayPal’s help page now states: “Over the weekend, there was a temporary service interruption that caused transactions to be delayed for a small number of accounts. The problem has since been resolved.”
Regulatory authorities have also been informed about the incidents at PayPal, said a DSGV spokesperson. Since PayPal has its European headquarters in Luxembourg, the company is not under the jurisdiction of the German banking supervisor BaFin, but rather the Luxembourg authorities.
dpa
