Yes, I just had a look at paypal's user agreement, and this does seem to be the case. That begs the question - why are the hackers even bothering to do this, if all their transactions will be cancelled? Are they hoping that a small % of their victims won't notice the fraudulent transactions?
Most paypal fraud, like credit card fraud happens at a very small scale. A fraudster pays $50 for 50 accounts and then spends a day with them and maybe walks out with $300.
The guy selling the accounts sells hundreds of thousands of them, and obviously doesn't get involved in the fraud itself.
This is why this whole thing is so strange, there's a bunch of people claiming that someone hacked teamviewer and is now using that access for petty paypal fraud instead of targetting the tens (if not hundreds) of thousands of PoS systems teamviewer is used to manage.
>Are they hoping that a small % of their victims won't notice the fraudulent transactions?
No, they certainly don't care if the payments get charged back or not. If they try to send money to their own account, it'll be suspended before they can actually withdraw it out of PayPal.
Instead in this case they seem to be trying to buy itunes gift cards, undoubtedly with the intent to sell them (on sites such as g2a.com) before they get cancelled.
It's a very different process challenging credit-card-funded payments vs. those funded by bank account or funds already in the Paypal account. The former is easy, and you have two levels of challenge (via Paypal and via the credit card issuer).
On PPs end challenging them will be all the same, and generally you'll win the dispute instantly by calling them.
However of course bank funded payments will have some delays. Letting things pull money from your bank account like that is a terrible practice, and people should know better.
Have you actually pursued this process for payments funded by balance or bank transfer beyond a week or so after the charge?
I have.
It's fine if the recipient's account is still active and they successfully get the money back from their deposits or linked account. But in deliberate fraud cases, their only reclourse would be to to refund you out of their own pocket. Paypal has no incentive to do so. Once the money is beyond their reach (e.g. withdrawn via debit card or transferred to an outside account which is then closed), they will not help, in my experience.
Even if you fund via a credit card, if the payment recipient is beyond their reach, they make you jump through numerous fake loopholes (in one case I had, they claimed they had proof of delivery... and gave tracking data for an item shipped from the wrong state and shipped to a location 2000+ miles from me and to another name). I then contested the charge via my card issuer; the phone rep said that this happens often.
I say this as a user from the year they started business (back when they paid a $5 bounty to sign up) and with over 50,000 Paypal transactions.
I've been on the phone with PayPal on far too many occasions, and they definitely know how to handle these issues quick.
Although, you wouldn't even really have to call them. You can dispute the charges with like two clicks on your account page. It's just that if you call them, they can instantly settle the dispute in your favor.