To increase his reach with customers in condominium towers, Jim has decided to accept payment from users of PayPal.com in addition to the credit card payments that he was accepting via his secure website. Jim had been using PayPal.com for about three months. One morning he received emails from several of his upset customers complaining that they had been billed several times for the same service. Yet when Jim looked at his PayPal records, he found that only one payment had been processed in his favour. Upon contacting the affected customers, Jim found that the customers had responded to a phishing email from someone pretending to belong to CondoCleaners.com customer support and had given their payment information to unauthorized individuals who had copied the transaction information and collected additional money. This means that someone had hacked into his company’s website and accessed his customer email list.
REQUIRED
What are Jim’s responsibilities in this case? What actions would you suggest that he take?