Legal Question in Credit and Debt Law in California

There is a business named RockYou that owns a game called ZooWorld. It can be added as an application on Facebook.It apparently can be played thru other social networks as well. It uses what it calls a " one click purchase" policy. If you have EVER used a PayPal account to make a purchase from ZooWorld ONCE , your PayPal address and password is stored by the company RockYou. At any point thereafter, if you so much as accidently hit the PayPal button while playing the ZooWorld game, you will be charges whatever "package" amount the radial button happens to be set at. One is never able to change their payment option, or use a different account. You never see your PayPal login page again nor are you given informing information before your first use of PayPal on the ZooWorld purchase webpage. Once you hit the PayPal button, and give your information for the first time, they have 24/7 access to that account and whatever payment option you had selected upon your first use.

Many people have lost money too this company. They also have a recurring contract that will show up on your PayPal transaction that began being used Feb 6th approx. but you must be looking for that information on your PayPal receipt to find it even exists, I stumbled across mine when I could not figure out how, when I had changed my Password and security questions in PayPal, I purchase could still be made without my logging in and giving consent. There is no notification that this policy or contract exist on their Webpage.

How can these policies be legal? I changed my PayPal password 8 times and they still could remomve money from my account if I clicked on the PayPal button. I finally had to close my PayPal account due to compromise. I had $320.00 removed from a credit card and I had made two purchases with but had not selected the "store my information for further purchases" option. At the time of the unathorized withdrawals, I had stopped playing the game totally, and had deactivated Facebook. In other words I was nowhere near their game or even Facebook AND HAD NOTIFIED THEM OF MY DISLIKE OF THEIR POLICIES FOUR DAYS PRIOR TO THEM removing money from a credit card.

At an earlier time when money was removed I was told that by their help and support it was my Internet Explorer settings that were causing the PayPal information to be filled out! A few weeks later a little disclaimer appeared under the PayPal button stating " 1 click rebuys"

My auto fill or auto form settings in IE have never been used, I do not even allow email addresses I use on a regualr basis to be stored.

How can this be legal? They have returned one amount that they withdrew and may be returning the second amount. This will make the 3rd time they had to return money that they removed at random when no purchase was made.

I was also contacted by the fraud unit from PayPal when RockYou had tried to withdraw money for 4 purchases on the PayPal credit card. It was the card I had to close previously due to RockYou storing and using my information. The account had been closed for almost two weeks and I was called and asked if I was still trying to use it? Apparently, RockYou or PeanutLab Media [their other company that deals with purchases online] was trying to charge something against the card. They did not know I had closed my PayPal cards and Buyer credit that were linked to the information they stored on the first day I had used it, and also had "declined and deleted permision for them to do recurring payments on", They still had the stored card numbers, knew I was no longer playing their game and had removed the application from my Facebook account, They knew I no longer used the Facebook account, they just did not know I had closed the credit card accounts they had access too!. When I reported this to the agent who is now working on returning the two 160.00 dollar amounts they withdrew from the credit card, it went unreported to any supervisor or management. In fact, the representative has been informal and helpful until I asked two days ago for contact information for a supervisor. I was not given that information and now all correspondence comes with a ticket number, and is very formal. This man has never been this unfriendly and I have been working with him since before Christmas of 2009.

Everyone complains in the RockYou/ZooWorld forums that they are having unauthorized purchases made and want to know who to contact, I would like to know on what legal grounds any company can store your PayPal address and password without gaining permission, or why they do not legally have to make make it clear that they are storing it or that making one purchase using PayPal or your credit card gives them the right to keep your information?

You can do a search, this company has a suit against it for not encrypting thier customers email addresses and passwords, and lost the information of 32 million customers.

This company and it's practices has to border on illegal, but I see no law suits against them for the illegal storing of customers login email addresses and passwords or credit card information. All the information I have received gives the location of the company that makes the financial transactions as being in CA. San Jose, or Redwood City

I would like to know how what they are doing is legal? And who do you contact when you suspect internet fraud. PayPal is not co-operative, in fact they ruled in the favor of Rockyou on the first dispute I filed. They reasoned that I had given RockYou permission on my first purchase, therefore the second purchase hours later, must also have received my consent. The fact that I explained I was not even taken to my login in page, or given an option to give my consent did not seem to matter. There was no notice or disclaimer back in Dec. of 2009 that " one click rebuys" or any contract concering a recurring payment consent either. Naturally, I had thought when I clicked on the Paypal button the second time, I could log into a different account, but I was not given the option.Instead I received a message that my PayPal purchase was a success! I immediately went to my Paypal account and tried to stop payment but at that time, my payment option came straight from my bank and the money had already been approved in less than 5 minutes. This is why I had to close the account, this company had access to my bank thru the payment option that I entered the first time I used it. I had no help from PayPal at all, if I have had to deal with the support that is in India.I have in fact been lied too and told they had filed resolutions that were never filed etc.

I just don't understand how this can be legal, why PayPal did not investigate, or why I see no law suits filed for this underhanded way of storing a persons passwords, and account numbers?


Asked on 4/28/10, 7:29 pm

1 Answer from Attorneys
Michael Stone Law Offices of Michael B. Stone Toll Free 1-855-USE-MIKE

I can't believe that storing peoples' PayPal passwords is either legal or consistent with PayPal's terms of service for merchants. I guess the moral of the story is only enter your PayPal login credentials at the PayPal official site that you have reached by typing https://www.paypal.com directly into the address bar of your browser.

I presume some lawyer would file a class-action lawsuit, but finding internet scammers is hard, and finding their money is harder.

Read more
Answered on 5/03/10, 7:41 pm


Related Questions & Answers

More Credit, Debt and Collections Law questions and answers in California