Hello everyone. This is a report of a previous topic which i think i posted too hastily. I am studying system security at the university and came up with a question, after a friend got scammed with a paypal transaction. I am posting a half-real, half-hypotetical situation that interested me enough to study it and understand it clearly. Please note that most of this already happened, so it works. It was done unintentionally, and Ann was the one that got scammed. ------------- Ann has a paypal account, registed with fake personal info, and sells a service to Bob for 50$. After doing this, Ann imediately transfers the money to Charlie, who has his own paypal account. Charlie receives 50$ on his account, and transfers the money to his bank account. Bob, maybe trying to scam Ann, or maybe not (we dont know this), opens a dispute with paypal, and since Ann was selling a service, with no tangible proof that she actually provided it, Bob gets a full refund. (NOTE 1) Results: Ann gets his account blocked because she has a negative 50$ balance on her account. She doesn't care about losing this account, as she will never access it again. Bob most probably has gotten his money back, because paypal refunded him. Charlie has transfered the money to his bank account. Paypal will probably try to get its money back. NOTE 1: I dont know whether Bob actually received the full refund or not. I think it did, because Paypal has paid his refund even if Ann's account was empty. Paypal, of course, will ask Ann for its money back. Anyone can confirm if Paypal has refunded Bob or not? --------------------- Please note that everything that i wrote up there, has actually happened. It works, and it's confirmed that it does. Now let's try to abstract things a little. Let's say Ann is completely anonymous to paypal: she has fake personal info, and she used a Wifi connection with a laptop somewhere far from home, and masked her MAC address. Bob did the same, and funded his paypal account through an anonymous gift card. Charlie is currently not anonymous because he transferred funds to his bank account. But let's suppose Charlie is able to transfer the money to a giftcard which does NOT have his personal info on it, and followed the same steps (laptop, wifi, mac masking) as Ann and Bob did. Let's say Charlie is lucky enough to have found this credit card lying on the ground, along with its secret codes. Question: By looking at the above situation, can anyone point flaws that enable someone to trace the money? Think high, think Police or Feds. Do you think they could trace the money, assuming Charlie has found a way to transfer it to a nameless credit card while following the same procedure as Ann and Bob to remain anonymous? Can you think of any flaws or methods of tracing that could stop Charlie from getting away with the money, or at least trace him?