Educause Security Discussion mailing list archives
FW: Paypal/Ebay
From: "Mclaughlin, Kevin L (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Thu, 11 Jan 2007 13:51:19 -0500
Kevin L. McLaughlin CISM, CISSP, PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) 513-558-ISEC (department) <mailto:mclaugkl () ucmail uc edu> CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential, intended solely for the addressee, and may be legally privileged. Access to this message and its content by any individual or entity other than those identified in this message is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of this e-mail may be unlawful. Any action taken or omitted due to the content of this message is prohibited and may be unlawful. Hi Everyone: My lead investigator asked me to forward this to the Educause Security Group. He basically wants to know if anyone has a security contact for Paypal/Ebay. Thanks, -Kevin ________________________________ From: Shamblin, Quinn (shamblqn) Sent: Thursday, January 11, 2007 10:57 AM To: Mclaughlin, Kevin L (mclaugkl) Subject: Paypal/Ebay --------------------------------- Hello Everyone, During a recent investigation, we had need to contact Paypal. The paypal/ebay fraud line is 408.967.9919, which is a voice message that describes the information that is available from paypal in response to various types of requests. The message states that a transcript is available if you fax them a request, but be warned that they will not actually fax the transcript to you unless your request is on Police letterhead. In fact we could get no cooperation or response from them on any subject until we turned the case (which had been being investigated internally) over to our local police dept. Just a word of warning for those internal investigation teams out there if it turns out a trail you are following leads to paypal/ebay. In order that you know what kind of information paypal/ebay can provide, I have transcribed the voicemail message. I am providing this to the group for reference. If you need any of this information, you can probably get it, but the request will need to come through your P.D. ------------------------- Transcript of PayPal-eBay Fraud Message taken 10/27/2006 @ 1300 EDT Thank you for calling the law enforcement hotline for ebay and paypal Fraud Investigations Team, also known as FIT. FIT can provide the following records, depending on the form of the request. Turn around time for requests is 5-10 business days, not including Saturdays Sundays and Holidays. In response to a subpoena, court order or other legal document, ebay will provide: * Full registration information including billing and mailing address * IP address at the time of registration * Complete sales and bid history including bidder information if specifically requested * Credit card and checking account information if available * All account information including: addresses, phone numbers, email addresses, SSN if available, IP addresses for each login, financial information, complaints against, and complete transaction information In response to a non-subpoena faxed request on department letterhead, ebay will provide: * Contact name, city, state, zip, and telephone number, email address and user id history * If specifically requested, sales and bid history dating back one year. Please note that all paypal records require a subpoena. Please specify if you are requesting ebay or paypal information or both. To formally request a record or to request that this message be faxed to you, fax the request to 408 967-9915. Please note that these instructions apply only to criminal subpoenas. ------------------------- Question for the group: Does anyone out there have a contact at paypal/ebay that has been helpful in these cases? Does anyone know who their lead investigator is? In some cases, there is non-protected information that they could provide that would tell us if it is worth the time to proceed with a court order. For various reasons, an internal investigative team may not want to involve the police unless/until a crime has been reasonable proven, so such a contact number would be of help. Thanks! Regards, Quinn R. Shamblin, PMP University of Cincinnati Information Security Officer (513) 556-0803 quinn.shamblin () uc edu
Current thread:
- FW: Paypal/Ebay Mclaughlin, Kevin L (mclaugkl) (Jan 11)