PayPal: Spinning? Or is it really not their problem?

If you haven’t’ been paying attention, PayPal and iTunes (Apple) have been on the ropes over the past week or so because of thousands of dollars of alleged fraudulent charges resulting from an innocuous-seeming iPhone application.

The TLDR version is that users are seeing wacky wild charges – into the thousands of dollars – leaving their accounts via PayPal and going to a suspicious-looking application developer.  First, apple went out there saying that it’s totally not them and that they couldn’t fix it even if it was.

PayPal has a similar message as of this morning as well; from their CISO:

We’ve looked into this extensively, and want to assure you that: 1) the PayPal system itself has not been compromised and continues to be secure; and 2) if you have been affected by this issue, the criminals behind it have not taken over or logged into your PayPal account.

It’s apparently nobody’s fault.  He goes on to tell us to eat our vegetables:

Issues like this are a good reminder to be extra vigilant with any personal and financial information when you’re online. It’s also important to know that if a criminal gains unauthorised access to your PayPal account, PayPal will cover you for the full amount of unauthorised transactions. But I believe that an ounce of prevention is worth a pound of cure.

Um… OK.  Thank you for the PSA, PayPal.  Great advice from folks as well known for their robust security and lack of fraud.

So back to the issue at hand – what’s the solution to the fraud issue?  Oh, you still don’t know?  Apple?  PayPal? Either of you have a clue? Maybe it’s a good idea to figure that out before we all line up press conferences about whose fault it is.