PayPal Chargebacks


Getting A Refund By SEing PayPal With A Chargeback.

Pertaining to social engineering online retailers on a large scale such as Amazon, Logitech, John Lewis and so forth, there are a couple of options available- either obtain a replacement Item or request a refund. Unless you're keen on keeping the Item for personal use, the latter Is the preferred choice for the majority of SE'ers. In fact, there are many refunding services by experienced social engineers and for the most part, they result In a successful outcome.

In order to make this possible, It's of the utmost Importance for the SE'er (who's performing the refund), to have a clear understanding of how payment systems operate, thereby manipulate their terms accordingly. Given "PayPal" Is the most common form of online payment, this will be the main focus In this article, but will not be limited to this alone. Credit card providers and banks work closely with PayPal when chargebacks are requested by the buyer, thus I will also be discussing these entities.

If you haven't already realized, this Is solely "based from a buyer's standpoint", that Is, from a social engineer's perspective when claiming a refund for an Item he's SEing. So what exactly Is a "chargeback"? Before I discuss this, It's Imperative to have knowledge of how PayPal generally deals with complaints from the buyer. 

At the time of writing, PayPal has 3 different types of what they call "Disputes", with each one handled differently from the rest. The first Is named accordingly as "Dispute", the second Is called a "Claim" and lastly Is of course, "Chargebacks". So let's have a good look at all three respectively.

Understanding A PayPal Dispute:

A dispute, Is usually the first port of call when an Issue Is experienced between the buyer and seller. Based on legit grounds, there are number of reasons as to why a customer files a dispute via PayPal. It could be that he did not receive the Item, perhaps an unauthorized charge on the account, or the Item that was received was different to the one he ordered

As such, the buyer uses "PayPal's Resolution Center" to contact the seller, and try to come to a solution regarding the Issue at hand. In other words, the buyer & seller attempt to resolve the matter between themselves. If they cannot come to an agreement (which will obviously be the case with the social engineer!), then "the Dispute will be escalated to a Claim", which brings me to my next point.

Understanding A PayPal Claim:

As mentioned above, when the buyer and seller fail to reach an agreement by filing a Dispute, then the next move Is to launch a Claim. This Is simply done by the buyer by logging Into their PayPal account, selecting the Dispute that they want to escalate, and then choosing "Escalate to a Claim". Once this Is submitted, "PayPal takes over" by reviewing the case and ultimately decide the outcome In an Impartial and unbiased manner. 

Do note, that "Claims do have a time frame"- which Is 20 days from the time of when the Dispute was deemed Inconclusive. No doubt, the social engineer wants a refund, but evidently, this does not always work In the SE'ers favor. So what happens when this fails? You guessed It, a "Chargeback" takes place, so let's have a look at what this entails.

Understanding A Chargeback:

Although a "Chargeback" Is often viewed and related solely to PayPal, this Is In fact performed by contacting the credit card provider to request a refund. In other words, the buyer asks their credit card provider to reverse the charge on their account, and they will then get In touch with PayPal who will request further Information. The type of Information can Include proof of purchase and shipment, all communication between buyer & seller, transaction details and so forth.

Every bit of detail Is collected by PayPal, who then forward everything to the credit card provider for review. As a result, It's the credit card provider who makes the final decision as to whether the buyer will receive a refund, regardless of what PayPal has to say! "Chargebacks also have a time frame of when they can be filed"- which Is 180 days after the Item was purchased. This certainly covers the buyer rather well from a legit perspective, but social engineers use this to their advantage when claiming a refund for a given Item. Let's checkout what goes on In the mind of the SE'er.

How A Chargeback Is Used By The SE'er:

When the social engineer has exhausted all options with the company he's SEing, whereby they just refuse to provide a refund, he will then perform a Chargeback, by contacting his credit card provider who will then contact PayPal. He can also request a "Bank reversal", which Is the same process as the credit card. The SE'er Is well and truly prepared for this- he'll have everything ready, such as a fake POP, evidence that he did not receive the package (when In fact he did with a fake signature!) and so on. 

A chargeback has a pretty good success rate but the key to a favorable outcome, Is based on how well the social engineer has prepared his claim and most Importantly, being adamant and pushing his case to the absolute limit. When the credit card provider approves the claim for a refund, PayPal has no say In the matter- they must comply with the credit card provider's decision. Going by personal experience, If you, as the social engineer, stick with your story and keep hitting them with the chargeback, It has an "extremely high chance of succeeding".

When To Perform A Chargeback:

As per the title above, I've lost count as to the number of times I've been asked when a chargeback should be performed. Whilst there are no hard and fast rules, I always recommend to hit a chargeback when all else fails. Think of It as a backup to every social engineering attack you execute. Obviously you're going to SE the company FIRST, by using the traditional methods such as the DNA, wrong Item received, boxing, missing Item/partial methods etc, so why would you want to do a chargeback at the beginning, when you have all these methods to work with? So It's pretty clear that It should take place when every method has not worked In your favor.

In Conclusion:

You should now have a clear understanding of how PayPal operates when dealing with claims, and when & why a chargeback should be Initiated. There's obviously a lot more to PayPal's terms than what's mentioned above, however I cannot possibly cover the lot In a single blog page. On a closing note, be careful with the number of chargebacks that you perform- If you hit too many, your PayPal account may be limited.







Comments


Popular Social Engineering Posts