Kind of interesting to see the network of companies paypal uses for various functions. Surprise Surprise the largest sections are fraud prevention and marketing.
PayPal fraud prevention makes it impossible to use, you are guilty until proven innocent. In a way Coinbase is in a collision course also. Not saying that it's entirely their fault but there should be an innovative way to offer a good user experience while following regulations.
Beyond this, GDPR is educating us. I wonder how US regulations/regulators were so flexible with this kind of companies but are so strict with their users.
Having worked in the financial industry I am not surprised. You have to share a huge amount of PII just to process a transaction. The more you share the lower your fees per transaction which for a company like Paypal can mean mi(bi)llions.
The assumption is, the more data the less likely it is fraud and therefor the less likely there will be chargebacks.
Most of these are banks, customer service, and fraud prevention companies.
It's also worth noting that this list is of all the companies Paypal MAY share your data with. If you never opened a credit card in Germany and used it on Paypal it is unlikely to hit the German processor, for instance.
> To allow payment processing settlement services, and fraud checking.
So, do they only share my info with them when I make a payment with that specific institution, or do they share my info even if they’re uninvolved but sell fraud prevention services?
The title on the PayPal list itself reads "List of Third Parties (other than PayPal Customers) with Whom Personal Information May be Shared."
If that's true, this is just the "worst case" scenario - you are very unlikely to hit any significant fraction of these companies for any single given transaction.
The overwhelming majority likely never get anybodies info. These lists have to be extensive, and for the "marketing" category the data is almost assuredly anonymous. But to avoid hefty lawsuits, companies choose to list any company that might accidentally get a CC they aren't supposed to.
Dear customer, we may betray you in some of these 600 ways. This is just the "worst case" scenario. You are very unlikely to hit any significant fraction of these posibilities for any single given Transaction.
At least we hope so.
Interestingly, under GDPR EU citizens need to opt in to each of these, explicitly, and be able to toggle them off on an ad hoc basis. Additionally, PayPal is required to list each of these vendor's vendors (which could increase the number of vendors by 1 or 2 orders of magnitude). If companies actually follow the GDPR controls this is going to turtle all the way down.
Interestingly, under GDPR EU citizens need to opt in to each of these, explicitly, and be able to toggle them off on an ad hoc basis.
This sounds terrible. How is your regular EU citizen supposed to know which of these companies would be required to get your payment to reach its destination?
"Credit reference and fraud" companies are pretty much tied with "marketing and public relations"; the latter seems to be about half "tracking pixel providers". Fuck ubiquitous advertising. The Space Merchants was supposed to be a satire, not a manual.
This absurd level of data sharing is one of the reasons I use Apple Pay 100% of the time it's offered, at least they don't go sending half the world your info and product purchase history.
The merchant may still do so of course...but the footprint is reduced.
I'm curious as well. I mean, it might not be '600' (although as commented by others, that doesn't mean your particluar account data hits all 600 of them), but at least something should get shared somehow to complete any type of payment? If not just for the receiving party? And what information exactly do they get?
If Paypal pays service provider Y to validate a credit card hasn't recently been used in fraud, they would be sharing the data, but they certainly wouldn't be selling the data.
28 comments
[ 3.4 ms ] story [ 71.1 ms ] threadyou were saying? :)
Kind of interesting to see the network of companies paypal uses for various functions. Surprise Surprise the largest sections are fraud prevention and marketing.
Beyond this, GDPR is educating us. I wonder how US regulations/regulators were so flexible with this kind of companies but are so strict with their users.
I can’t see reversible payments between strangers over the internet working without that.
Let alone the tax/money-laundering reporting requirements.
The assumption is, the more data the less likely it is fraud and therefor the less likely there will be chargebacks.
Most of these are banks, customer service, and fraud prevention companies.
It's also worth noting that this list is of all the companies Paypal MAY share your data with. If you never opened a credit card in Germany and used it on Paypal it is unlikely to hit the German processor, for instance.
So, do they only share my info with them when I make a payment with that specific institution, or do they share my info even if they’re uninvolved but sell fraud prevention services?
If that's true, this is just the "worst case" scenario - you are very unlikely to hit any significant fraction of these companies for any single given transaction.
Or so I hope.
This sounds terrible. How is your regular EU citizen supposed to know which of these companies would be required to get your payment to reach its destination?
Not
- Your data MAY be shared with these 600 companies
but
- For this transaction to complete, your data WILL be shared with those 10 companies
Also they have to care about fraud.
"Credit reference and fraud" companies are pretty much tied with "marketing and public relations"; the latter seems to be about half "tracking pixel providers". Fuck ubiquitous advertising. The Space Merchants was supposed to be a satire, not a manual.
The merchant may still do so of course...but the footprint is reduced.
Sharing is Caring. If you want people to take these threats seriously you need to speak to them with language they can understand.