It took a while, but we got our first Plug and Save fraudster yesterday. The fraud wasn’t very difficult to spot but we’re detailing what happened here because it might be of value to other webmasters.

We certainly aren’t going to invest any time following this up or investigating it but here’s what we believe happened.

1) The frauster uses a firefox extension (we won’t disclose which one) that can be used to manipulate the values of a web shopping cart before it gets sent to PayPal. He set the payment info to just $0.02 (1 cent for the product, one for postage).

2) Fraudster paid us 2 cent via PayPal.

3) Our OSCommerce site reported the transaction as verified and ready to pack in our orders log.

Fortunately a $0.02 order isn’t hard to spot however we might not have been so quick to stop the transaction if he’d knocked off $100 for postage or if he’d ordered an expensive unit for the price of one cheaper.

We verify all orders ourselves and we need a postal address to ship products to so this isn’t a very effective fraud against our type of business. For webmasters selling digital goods or services it’s worth being aware that this scam is still being used.

Whilst we respect the concept of a written agreement it seems that a legally written contract is designed very much to discourage other parties to read them.

We are currently creating a distribution agreement for Plug and Save.  Whilst we know exactly what we want to include, the template, created for us by lawyers is unecessarily pompous, confusing and suprisingly ambiguous.

Much of our overseas business entails working with non-native English speakers.  It seems somewhat disrespectful to provide confusing and lengthy legalese to such companies, knowing that they’ll likely not understand the complex wording.  This gives us an unfair advantage and we’ve resolved to translate much of the default terms to something a little clearer.  To us, these documents are intimidating and don’t instill much confidence of a fair trading agreement.

Whichever lawyer chose to phrase this paragraph deserves to be shot …

"The individual contracts for the sale of Products formed by Distributor’s submission of orders to Company pursuant to the terms and conditions hereof shall automatically incorporate, to the extent applicable, the terms and conditions hereof, shall be subject only to those terms and conditions (together with all terms in orders which are contemplated by this Agreement) and shall not be subject to any conflicting or additional terms included in any documents exchanged in connection therewith."

We have replaced it with …

"This contract takes authority over any other agreements made, unless specifically agreed upon in writing by both Company and Distributor."
 

… if only contracts were designed to show how one company wishes to demonstrate that it’s created a fair and respectful contract then we’d have no need for the pompous and verbose contracts that seem so common.

We experienced problems today adding our business credit card to our PayPal account.

It eventually transpired that a company, we made a previous purchase from online, used our email address and credit card number to open a Czech PayPal account.

Stupidly, by using our email address they weren’t able to effectively verify this account but learning that this happened came as a shock.

Kudos to PayPal for their fantastic customer service.  Wait time was less than a minute, the three people I had to speak with were all extremely professional and we didn’t have to explain ourselves from the beginning when being transferred to the next operator.  They identified the rogue account once I gave them my credit card number and were happy to wait online whilst i reset the rogue account’s pasword, took a look inside it, removed my credit card info and closed the account down.

We know exactly where the information came from because we use unique email addresses for every business we deal with.  There is a possibility that this company got hacked and were unaware of it, but seeing as this new PayPal account was set up in Czech Koronas and the company we orderd from is also based there, we’re inclinded to think that this was a deliberate attempt at misusing customer information. 

No harm was done so this isn’t something we’ll take time to investigate but it is in PayPal’s hands now and we’re curious to know if the origin company will reply to our enquiry into what may have happened.