326 comments

[ 6.1 ms ] story [ 679 ms ] thread
PayPal has the fraud problem. Every next payment platform who aims to become the next PayPal also suffer from it.
(comment deleted)
Sure, but it's not up to paypal to decide what's legal and what's not legal. Definitely not their responsibility to seize money from locked accounts. That’s plain theft.
That a problem of any banking institution.

Differently from Paypal though, the last time that there was a suspected fraudulent transaction in my bank account, I had a physical and factual meeting at a bank branch, rather than having my account frozen and given a stock answer.

And this is the problem for PayPal. They seem to freeze accounts for arbitrary reasons, and way more frequently than banks.

If you are a business, the ability to transfer money without getting all your funds locked up is important. I genuinely believe they are doing it for reasons other than fraud and money laundering.

PayPal has lot of third party data than most banks, but they stuck at decision making process.

"Shoot First and Ask Questions Later"

IF they choose the path of not having humans interact with their customers, and give bot replies, then yes, such platforms will suffer from it.

If they want to invest in proper human customer service, at the cost of decreasing their margins, then maybe part of that problem will be solved.

Thing that amazes me is that people leave huge amounts of money in their PayPal instead of withdrawing it regularly. Why not just withdraw it, and then PayPal has nothing to seize!
Sometimes PayPal institutes transfer limits on accounts, so its entirely possible that they don't let you transfer out the money fast enough.
If you move 50k a week it could still be a problem.
If you move 50K a week you can engage a payment platform to accept other means of payment in addition to Paypal, then reorganize how people pay so that paypal is de-emphasized in favor of more secure, lower cost, etc means of paying you.

Hell, for that kind of money you can hire an accountant or a full dev team to do it for you.

In the past at least, PayPal has also been known for simply taking funds from your linked banked account.

So maybe it's better to not link a bank account at all, which means leaving funds in your PayPal account until you can spend them (since you have no way of withdrawing).

Or link a bank account in the middle, between your primary one and PayPal, that exists solely to receive and pass along your funds.
Surely dropping PayPal would be way easier?
On the consumer side, I'd much rather use PayPal than put my card number into a potentially dodgy site. Protects me quite a bit, and with a easier UI.

If I can't PayPal or Apple Pay, I've at times gone elsewhere.

My credit card provider allows me to create unlimited virtual card numbers with any expiration date I want, that way every transaction can be its own number and any fraud is extremely easy to detect and prevent.
Cool, but mine doesn't.
Check out https://privacy.com/. Pretty neat and gives similar/better features.
Tried it, but I'm giving up serious credit card points that way.
You could look at the Citi Double Cash card, it's 2% back on everything and they support "virtual account numbers" directly.
You have zero risk in this situation so I'm not sure why you feel protected.
It's not zero risk; changing my card numbers after a compromise is an annoying process given the number of places I have to do it. Not having to provide that number to the random e-commerce site I'm trying to buy something unusual from is helpful, and reduces the risk of me having to spend an afternoon making sure I switched cable, internet, Github, Patreon, Heroku, kids' school lunches, music lessons, and fifty other recurring payments over to a new card number.

(I also get to skip entering card and billing details every time. Given the number of sites that see fit to use a special non-standard widget for the state field, that saves me time and annoyance on every transaction of this nature, too.)

All banks I've using have strong 3D secure. One of the banks require biometrics approve with installed phone app. I have no issues directly use credit card on random merchant sites for years. Especially when most of them use one of the popular payment aggregators.
> All banks I've using have strong 3D secure.

I've yet to see any bank in the US implement such a thing.

Citi, Discover, American Express, Chase, and my local credit union all lack such a two-factor setup for charges.

Biometric approve sounds pretty cool, but I'm personally not going to install some untrusted proprietary app to find out.
you have it backwards. 3d secure is not protection for you. it's for the merchant. it protects them against chargebacks. the merchants decides if it enables 3d secure or not, transaction by transaction. Most of them are using an external fraud risk assessment service. Accertify is such an example.
I do this, but not specifically for PayPal. I have a checking account solely for using with third parties, writing checks, debit card transactions, account linking, etc. It has overdraft protection disabled. All my bank funds are in a “private” accounts that aren’t linked anywhere, don’t have checks, etc.
That is crazy to me. Could you at least link PayPal to an account which you do not leave funds in?
Yes, that seems like a good option, provided you can find a bank account that's free with no hoops to jump through. KeyBank offered one at some point, not sure if they still do.
Might need to use a credit union instead of a traditional bank.
I'd just go to my bank and tell them to reverse the transfer. Thanks to SEPA for that one.
Wait so merchants can just pull funds out of accounts without user authentication? This seems tailor made to facilitate fraud.
Not universally but a lot of the ACH agreements you consent to have a clause allowing drafts to be initiated on-demand until you revoke that consent. This isn’t necessarily bad and can often be desirable, but then it’s often up to you and the withdrawing party to settle your disputes about what is authorized and what is not.
Paypal will issue physical checks if you want to withdraw funds. They charge $1.50 for this service, but I use it since I refuse to link any of my bank accounts directly. I have a credit card linked, but that's a safer (in my mind) way to deal with any PayPal shenanigans.
Paypal still makes it hard for you to automatically transfer out money, so you have to remember to do it manually every so often. And then they'll block you anyway because you tried to transfer out

- too much

- too often

- too seldomly

- too little

Or any combination thereof. The only winning move it to not use it in the first place.

Merchant accounts have a feature called auto leveling to automatically move money to a bank account that can be enabled with a phone call.
It's trivial set to up automatic payout. The only issue with it is that you can only get daily automatic payout, which for some of us is not desirable.

I manually move $15-20k out of PayPal on the last/first day of every month, and never have an issue with this. Could be because it's a merchant account.

(comment deleted)
They offer the worst currency conversion rate imaginable when you go to withdraw to your non-US bank, so some people prefer to keep it in PP as a USD spending account i guess.
True, if I have to pay in a foreign currency I let Paypal charge my cc in that currency, so that the cc company converts my currency instead of Paypal.

I don't recall the difference, but I believe the cc company gave me more than an order of magninude tighter spread on the conversion, perhaps even two.

I went to visit the US and transferred just 500 Dollars to a friend for our shared Airbnb. The account got suspended because of "unusual activities" I called them and told them it was myself transferring funds and it still took them two weeks to reinstate the account...
I had a CC lock my account once when I went on a trip to several places in a quick amount of time. I called them and worked it out. Their algos thought it was someone had stolen my card.

Now, before I go on vacation or make a large purchase, I call them and tell them what I'm going to do. I've never had a problem since doing that and it's a very quick call, actually.

I wonder if anyone has tried same with PayPal.

With my bank I explicitly have to announce in advance if I am going to use my card abroad and can enter specific dates and times online. It's quite easy to do. You can also call if you forgot but then you will have to go online and add days if you want to use it for more than one/a few if I recall correctly.
These "unusual activity" detecting algos are a menace. If I use a VPN to access my account, blocked.

Had this issue with Paypal & Digitalocean. Reddit shadowbans accounts made with VPN.

At least the 'unusual activity' should block the transaction not ban the account and you get notified on the spot.
I mean that's fair enough because that (payment methods being stolen) happens frequently enough, but it should be just as easy to clear it up again.

Over here, banks have set things up so that by default you can't get money from foreign ATMs - you have to activate that first. Because lots of people got their bank card stolen and PIN code skimmed, only for the card to pop up again in eastern Europe or wherever to drain the account.

I have had a situation where I called my bank to let them know I was traveling overseas so this wouldn't happen, and it still happened. It's utterly ridiculous.
I used to travel a bunch and never informed anyone. Then one year I decided to inform my cc. That was the first time my cc was blocked because it unusual activity.
I paid my PayPal credit card with my PayPal balance (which was "cleared funds"), $700 or so, and that triggered a three week hold on both my card and my balance.
They hold people's money a lot. Very profitable as they are essentially free overnight loans. Fuck PayPal. Anyone who does business with them is captive.
When a bank places a hold on a transaction or account for compliance review, the law state that those funds are to be held in an interest-bearing escrow account to be returned to the owner when the hold is lifted.

It’s illegal for PayPal to treat held funds as an overnight loan— that’s a gross misunderstanding of what is going on.

As many others have pointed out, PayPal goes out of their way to make sure they are not a bank.
It doesn’t matter. If they aren’t holding your deposits then the underlying bank would place the hold and they must follow the banking regulations.

If PayPal isn’t holding deposits and doesn’t forward the hold to the underlying bank, then go get your funds from the underlying bank or sue them.

FinTech is a stack of companies operating as veneers on the underlying, heavily regulated banks.

Good luck with that. Any links to stories of people who have successfully done that?
https://www.paypalobjects.com/marketing/ua/pdf/US/en/synchro...

Look through the disclosures and agreements you signed on account opening and find out which banks PayPal is using for your account. The linked one above is for a deposit account at Synchrony Bank.

Never signed anything.
Do you have a PayPal account? If so, I assure you that you signed an agreement. The complaint in this class action lawsuit says that the agreement is a 65-page PDF. You would likely have signed it electronically by clicking an “I agree” checkbox.
They sure didn't give me a penny more when they froze my account.
Hmmm...there is no bank holding those funds which is counting them as reserves?
All I had to do was login to be suspended a few minutes later for "suspicious activity". Fortunately I didn't have any money in my account. Fuck PayPal.
“using PayPal to buy and sell clothing on eBay, to exchange money for a poker league she owns and for a non-profit that helps women with various needs. “

I can see one of those things causing an issue (poker league)

We use PayPal for membership fees for our nonprofit. This year they’re limiting us to 2000 a month transfer out which is annoying to us, but we’re small enough to get by.

If they don't like that their service is used for poker activities they are free to dump the customer.

What they are not free to do is to freeze his account and just keep his money.

For two of the three cases mentioned, I'd tentatively agree, but in that particular user's case they probably are free to keep the money for several months to a year after they freeze the account because she was running a business in a field that has a high chargeback risk.

Someone has to pay for the high level of consumer protection that people who pay with credit cards receive. Every entity that is in the chain between the issuer of the credit card user and the merchant that receives the payment arranges it so that responsibility of this falls on someone farther down the chain than them. There is no one farther down the chain that the merchant, so the merchant ends up being the one who has to pay for chargebacks.

There is nothing further down the chain than the merchant so it ends up on them. But a merchant that ends up incurring a lot of chargebacks often also is a merchant that ends up not having the money to pay for those chargebacks, and in that case the entity that the merchant was dealing with for accepting payments ends up having to pay.

Thus that entity will almost always have in its contract with the merchant that they can keep some of the funds the merchant earns in reserve to cover chargebacks. I doubt any court will find such terms invalid. They have a legitimate purpose of risk mitigation, the companies will have the data and actuarial analysis to show that the amounts held in reserve are reasonable for the level risk, and the ultimate purpose is to support the strong consumer protections that credit cards provide.

> Someone has to pay for the high level of consumer protection that people who pay with credit cards receive.

I, the consumer, does, every step of the way. If I understand their fee structure, Paypal takes about 3.5% of any transaction I make with them. (They show this to the merchant, but any merchant is going to have to consider this part of their costs. Some just directly pass it back to the customer. The point is: they make money from the good transactions, and should plan appropriately to deal with the bad ones. And there is CC & interchange fees, too, at those levels…)

(comment deleted)
>What they are not free to do is to freeze his account and just keep his money.

If the poker league is being run illegally, not only are they free to freeze it, they are required to.

Illegally in what jurisdiction? Paypal's? This client's? These details matter.
Are they required to steal money that was generated by a crime instead of handing that money over to law enforcement? How does that make sense?
It’s not PayPal’s job to investigate whether a particular game of poker is legal or illegal. That’s why they just ban all transactions peripheral to gambling. If you’re going to use PayPal for poker night, just don’t mention that word anywhere in your use of the application.

A lot of PayPal’s complex enforcement algorithms seem to be merely word matches. Someone I know as a joke said “Kim Jong Un” in the message when he paid for his half of dinner and got his account insta-locked for weeks just like that.

(comment deleted)
So they’re preventing you from accessing your own money?
For a time they are limiting our ability to transfer money out. We talked to support so we'll see what happens . We only open registration once a year for a month. With our event being canceled (pandemic) we did have a lot of refunds. But we've been using them 10 years prior without issue.
Well if that's in their T's and C's that's fine, to a point, but they can't just silently close an account and take money from people. They need to return the money - it's not their job to play police and judge and seize illicit gains, a court has to decide whether it IS illicit and what happens to it first - and to give an explanation as to why they no longer want to do business with them.

I mean not wanting to do business is every business and person's right. But taking someone else's money without a court order or mandate is theft.

You should look into OFAC. They'll freeze your account for withdrawals, but not deposits, and no one is allowed to tell you it was an OFAC hit.

Make no mistake, financial service in the United States is heavily tilted against the consumer, and your service provider should be considered an actively hostile entity.

Every time I've read about someone making a fuss about PayPal freezing their account, as you get into the details of their business, it quickly becomes apparent that knowingly or otherwise, they're doing something risky enough that it triggered something related to terms and conditions that they didn't bother to read. I realize that's just my anecdote, but when you're working with money, there's a lot of boring reading you should do. Quickly becomes apparent why that opportunity to fill a seemingly obvious hole in a market isn't the opportunity you thought it was.
So why not use (Transfer)Wise, I wonder?
Yeah, I don't get it either. Never had any problems with Wise and their rates seem fair. Maybe people use PayPal just for the escrow service?
Enterprise Wise accounts are not available worldwide.
Can you clarify, please? I am legitimately interested.

What stops a big company to have a normal business account?

Each country has different compliance laws.
If you're a company and wish to use Wise, you need to create an Enterprise account. When doing so, not every country is listed in the dropdown. I've personally been waiting for Brazil to be added for almost 2 years at this point. It's a great service that would help me out a lot.
Interesting. Is it based on a number of employees, annual profit, or something else?

I did have to scan some documents and send it to them to prove that my company exists but nobody has called me for anything else.

As far as I know it is simply not allowed to make any sort of business-related transaction on a personal account, regardless of the size of your business or anything else. I asked them if that was a possibility when I saw it wasn't possible to open a Business account for a brazilian company, and they very clearly said no.
I see, so it's literally a regional lock. :(

Sorry about that. I opened a business account in Eastern Europe just fine.

Tried Paysera? Never used them, just heard of them.

Never heard of Paysera. Thank you, I'll check it out :)
Payoneer.
Payoneer is objectively worse than PayPal.
I received $50 last year through Payoneer for a quick freelancing job and completely forgot about it.

A year later, last week, I remembered and decided to withdraw it only to find out that I was deducted $30 for not using the account. Shitty, but I decided to just withdraw the rest and be done with it, only to be faced with the fact that they have a minimum withdraw amount.

I then proceeded to send them an e-mail requesting immediate termination of my account as they literally stole money from my account. I do not recommend this service to anyone.

Very good news, especially the potential class action.

Something that I find very interesting is how the individual lawsuits will end. I remember (but can't find) a David vs Goliath case from some time ago, where a user brought Google to the small claims court. He won the case in that venue, but subsequently lost when Google followed up an brought a huge amount of documentation and won. The guy's conclusion was that Google knows _a lot_ of stuff and can leverage it; I think that the events could play similarly, here.

I've been battling dumb Paypal problems both on the end user and the merchant side so often that I'll never again use it if at all possible, especially in shops. It's just not worth the time and effort to try and trick them into doing their job.
In my (quite extensive) experience with the company, one should only ever use PayPal as an extremely temporary means to accept payment for clients who can’t pay any other way, and then immediately withdraw the funds to a real bank account.

The company absolutely cannot be trusted, and will do everything in their power to take your money and not give it back. I do not know a single person who uses PayPal regularly for a business who doesn’t absolutely hate the company, because they do this type of thing so regularly.

Recently, when you log into a business account, there is a giant alert that looks like an important warning, that actually says you’re “eligible for a business loan”. You have to dismiss it every single time with the little non-default no thankyou button. And then beg them to give you access to your own money, because apparently you can’t be trusted.

I for one would love to see a lawsuit like this land.

(comment deleted)
I would add that folks should have a bank account connected to PayPal (etc) that is separate from your day to day accounts.

Not only will it localize any problems[0] but it will limit snooping[1].

[0] If PayPal wrongly deducts money from an account that has basically no funds in it you’ll be able to deal with the problem without having your actual funds locked up.

[1] Seems like basically every non-bank is switching from ACH deposit verification to a service called Plaid that requires your bank username & password, which then screen scrapes your financial details. There’s no reason to hand over your real life financial data when you can just use a dummy account.

>service called Plaid that requires your bank username & password, which then screen scrapes your financial details

That is hefty accusation. Wouldn't doing that be illegal?

Edit: Looks like they have an entire controversies section on their wiki page and banks are suing them over said sketchy practices. Classy stuff.

Not if it’s not otherwise illegal and disclosed in the terms you agree to. As part of a settlement they now have a “privacy-centric” portal so you can manage what they know about you, ostensibly. But it’s difficult to find, and I would wager that most people who use the service don’t understand what they’re getting into.

Everyone seems to use it now, and it’s increasingly difficult to link accounts using ACH micro deposits because Plaid can be configured to disallow manual linking if the routing number corresponds to a bank they support logging into.

I simply don’t do business with companies that use Plaid in that manner, it’s a hard stop for me. My bank’s customer agreement specifically prohibits disclosing user credentials to any other party, and when support is confronted by that, they typically have no idea what to do with that other than say “Plaid is secure”.

I've never heard of this before, who's everyone? Which country are you talking about?
I’m not sure if they’re in other countries, but I’m referring to the US. As for who uses them: off the top of my head, for well known services: PayPal, Coinbase, YNAB, Truebill, Acorns, Venmo, Stripe has an integration, I think Mint?, the list goes on.

More often than not I encounter them when trying to link bank accounts to anything now, except with other banks.

They have a history of imitating bank login screens and not disclosing that they’re not your bank. They settled a few lawsuits about that in the past few years and are a little more upfront, but I wouldn’t expect the average user to reasonably understand the situation.

Visa tried to acquire them back in 2020 but dropped the plan.

Visa probably got a look at their infrastructure, and saw liabilities that could expand to consume all of Visa.
> Seems like basically every non-bank is switching from ACH deposit verification to a service called Plaid that requires your bank username & password,

Why would anyone EVER do this. That has to be the most insecure and possibly catastrophic possible way to verify information.

Handing over your bank username and password to anyone would be a breach of the banks terms. So no, never do this.
I've been wondering about this as more and more services are asking me to do it via this same "Plaid" service. (I don't do it. I can't use some services. Cashapp mobile didn't want to let me withdraw cash without it; I figured out a way to on cashapp desktop).

Plaid is a company/service literally built around asking people to supply their bank username and password to a third party. (who then stores them (in cleartext, right?) for continued use!) I find it pretty astonishing.

(It's also literally training users to be phished, no?)

I'd be curious to see an article about it, with some details and context.

Here's a StackExchange discussion on it, and what a nightmare it is https://security.stackexchange.com/questions/198005/is-plaid...

I see a link to a lawsuit against Plaid in that discussion, but it's from 2020.

Interestingly, this page has someone claiming it's possible to register on Plain using ACH info https://teslamotorsclub.com/tmc/threads/for-those-hesitant-t...

This method is sometimes allowed, sometimes not. I'm not certain if it's an option the client who is using Plaid sets or if it's sometimes available based on the financial institution.
Prior to going to work for a direct competitor (which I was also a heavy user of), I fed my family out of a Paypal account for approximately 10 years, and had good experiences throughout. Total processed through Paypal on order of $X00,000 mostly in $30 chunks; I don't own the business anymore so can't SQL the breakdown by processor.

The one time my account was limited was after moving $3k immediately following a new apartment move in Japan. Total time to resolution: 2 minutes after calling them.

There, now you know one.

Very similar position here. $X00,000 for 10 years or so, payments generally in the US$1 - US$50 range. No specific complaints other can a couple of API breakdowns over the course of a decade.

So now they know two.

two good anecdotes vs over a decade of non-stop abusive practices.

2 white sand grains on a black beach count for very little.

Honestly, it is almost certainly the opposite. The vast majority of people use PayPal on a regular basis to pay for things they buy online without handing over a CC number. Those people generally have a perfectly fine experience and they never post about it. When people do post about their experience with a company, they are far more likely to post negative experiences than positive.

Putting that aside, I think PayPal should absolutely get reamed for this behavior. Even if they're only fucking over one out of 100k customers, it is still completely unacceptable and I hope they suffer for it.

I don't believe PP taking money is the outlier here. I know far too many people in real life who have had funds seized and never returned. I imagine it's happened to more people I know but who haven't spoken to me about it. I have had PP close one of my early accounts and keep the money.

As much as I hate Visa/MC/Amex et al they have never just stolen my money, or even left me holding the bag if someone got ahold of a number (as opposed to banks which have always left me hanging a la PP).

> and then immediately withdraw the funds to a real bank account.

If you link your bank account, you're at risk of them pulling funds from your bank account due to [reasons].

There's been such cases.

The concept of directly paying someone from your bank account seems completely impossible in America. There always has to be some middleman parasite- who conveniently charges a nice transaction fee for the privilege.
A UPI like system would completely solve these problems.
Yes, why doesn't the US have something like our SEPA where we can just transfer money to someone's account?
Because the U.S. financial system, and access to it is a very powerful tool in terms of international diplomacy, and a crucial source of evidence/intelligence for law enforcement.

Trivial abilities to move money around and an inability to lock out financial endpoints would completely neuter it's utility as sanctioning measure.

The payment volume over Zelle, which is instantaneous, free, bank-to-bank transfers, was about $307 billion in 2020. For ACH transactions, it was about $62 trillion (not a typo). Wire transfers are also a thing. So are, for that matter, checks, which by ancient custom are free for all parties but the banks (at least for retail users).

That the payment industry exists when all of the above is true is a fascinating topic. I should probably cover it in a newsletter sometime.

The funny thing to me is that you can't always even pay money to the government itself without involving some middleman parasite that takes 1 or 2% for themselves.
Tightening of mobile phone policies some years ago locked me out of few paypal accounts, also they seem to completely disregard and abandon security questions created long time ago.
Surprised it hasn't happened before.
The problem is that usually anti-money laundering laws give the operator and the compliance officer an infinite protection even on a suspected money laundering. As long as the compliance process is followed, no matter how stupid the process is, there is no legal basis to go after account freezer and the company is protected. Thus, the company has no incentive to be reasonable with account freezes.
Freezing the account or booting the user from the service is one thing, but seizing the money as a result without any due process seems pretty messed up IMO
PayPal has worked hard to not be a “bank” so they are long overdue for being sued about this. I know countless vendors who have had their funds stolen.
(comment deleted)
It's really and outrageous that this open stealing of customers' hard-earned cash for minor perceived user agreement violations is so freaking rampant, with PayPal. I wouldn't be surprised if it turned out that this literally was a strategy cooked up by the higher-ups at PayPal to buff up the company's gross profits.
I was thinking of that too. It’s gotta be quite profitable for them.

It’s probably one of those things which is never explicitly written down. Like, the CEO says ‘we have to double down on our “fraud” account seizures’ and they smile when they say “fraud”.

Or simply those that understand and play along get promoted and those that start asking questions are pushed out due to “restructuring”.

(comment deleted)
AML/KYC laws are a travesty to a free society. Wealth transfer shouldn't be illegal. Prosecute the underlying crimes and let the judicial process seize proceeds of crime after due process. In the meantime, various electronic systems continue to provide adequate avenues for those seeking minimized exposure to KYC/AML.
I agree, which means electronic money transfer should be a utility offered by the federal government.
That reminds me on how ironically the shipping company with lowest exposure to having your package snooped on is probably USPS. Since they are bound to 4th amendment, generally probable cause is necessary to open your package.
agree with the overall conclusion, have to ask for some reason in the expression of it. That is, there are legitimate reasons to Know Your Customer, yet, those the least in control are unendingly required to jump through ever more hoops. It is easier to exert control on the defenseless, and they do it. Meanwhile, professional money handlers are seriously considering negative interest rates, since there is just that much money being moved around. A requirement for cell phone numbers closes the connection graph, and a reporting requirement of "every transaction USD$600 or greater" (less than one month rent in most places), to my mind, is the straw that breaks the camels back.
I consider KYC violation of 4A. It's an unreasonable compulsory search to ascertain my identity devoid of probable cause or warrant of a crime.
What are legitimate reasons? Other than to ensure your money is yours?
AML/KYC is just the financial version of global mass surveillance. They're bad for society and freedom for exactly the same reasons. I truly hope that some cryptocurrency like Monero will succeed.
ZKs, bulletproofs etc are going to be working their way into btc and eth in the next year or two and i would expect to be ported to competitors. it will be impossible to prevent strong anonymity in transactions on any of the major chains in short order. even LND offers very good privacy advantages.
Yeah, that's totally cool. I'm doubtful that something like this will ever make it into Bitcoin but I'm really hopeful for what Ethereum could achieve in the long term. If these solutions prove to be better, I hope Monero will adopt them as well.
yes, i didn't mean this in a way that was dismissive of monero, only trying to convey my excitement about privacy tech becoming an intrinsic part of crypto as a whole
I didn't read it as dismissive. It's totally exciting to see privacy technology spread all over the cryptocurrency space. I think this should be the default.

Monero is pretty amazing but I've read some fair criticisms of it's privacy guarantees. New technology is always good and we'll get to see first hand which one is better.

> Prosecute the underlying crimes and let the judicial process seize proceeds of crime after due process.

At least a basic identity check (that's the "KYC" part) must be part of bank account onboarding for that to work though. Otherwise, how would a government be able to seize the bank account of a convicted criminal if they had no way to tie the bank account to a criminal?

As for the anti money laundering regulations: these are a very fine line to balance. Personally, I'd like for these to go away the earlier the better since I agree with you that the potential for dragnet-style abuse is way too high, but on the other hand, terrorism financing is a present and clear danger worldwide.

I'm supposed to give up my anonymity because of an entirely different person's crime? No thanks, I'm not a criminal. I'll keep using monero or whatever other systems limit my exposure to these unreasonable search without probable cause/warrant of my identity. I believe KYC is violation of 4th amendment, and that the government's ability to seize proceeds of crime is a lower priority than civil rights.
Congrats. You and your provider of conversion from Montero to fiat are criminals for not adhering to Electronic financial services regulations! If you don't report the income, you're a tax evader!

Isn't having so many selectively enforced laws grand?

ha, yeah. Fortunately there is at least one FinCEN registered money business in US trading fiat/XMR pair, so there's plenty of plausibility it was obtained in a way adhering to regulations.
On top of all that (with which I fully agree), it's not even effective, in any plausible sense of that word.

If this analysis[1] is to be believed, AML laws recover less than 1% of estimated laundered funds, at an explicit cost at least an order of magnitude higher than what is actually recovered.

That's not even including the implicit costs, e.g. when innocent people get caught up and lose their accounts or even their funds.

Travesty doesn't even begin to cover it.

[1] https://www.ledgerinsights.com/anti-money-laundering-has-les...

> an explicit cost at least an order of magnitude higher than what is actually recovered.

The goal is not to make money with AML laws, but to deter and prosecute crime (which has huge externalities itself). Is it effective at that? Your comment doesn't address that.

If it's only capturing 1% of the dirty money it's not effective at deterring nor is it an effective part of the prosecution.
That poses the potential problem of circular reasoning. How do we arrive at this estimate of 1%? Maybe it is more than 1% of the actual value because the estimate is wrong.
(comment deleted)
Consider this scenario: current AML practices catch 1% of laundered money, but deter additional money laundering 100x. In effect, this means nearly all money laundering is stopped because of these practices.

That seems extreme to me, but it does seem possible.

KYC laws are a tragedy that perpetuate the unranked I the digital age. without an ID you don't exist to the global financial system. Nevermind that some countries are too poor or lack the infrastructure to provide all of their citizens with IDs. Not to mention poor citizens in wealthy countries who don't have ID.
Am at paypal this is every year in compliance videos, there must be terrible and inept bureaucracy - not sure what is that side of the story. but i can see them no wanting to invite ire of regulatory punishments. go to small claims court if its a small sum. you should not keep large sums at any online outfit, paypal, coinbase or others. Even bank account is a suspect space, better stow money in money market funds for quick liquidity, its super easy to defraud it.
Governments need to ban 'shotgun KYC', which is where they let you put funds in the account before they freeze it and make you do KYC, rather than making you do KYC directly on sign-up. You're effectively forced to give away your info or lose the funds. Sites like Paypal don't want this to happen because registrations would drop off majorly if you had to KYC on sign up.
Governments encourage and are the ones pushing shotgun KYC so I would maybe phrase your comment more like "Citizens need to rebel against 'shotgun KYC'.
I resorted to using another payment gateway to prevent freezing accounts and funds; this is great news.
Paypal threatened to cancel my account because I closed the linked bank account and canceled the linked credit card. OK, go ahead.
That took way way too long... How is it possible that this happens only now and not shortly after PayPal launched?
Before Paypal launched, only companies had relationships with payment processors and could directly accept major credit cards. Individuals had basically nothing.

Paypal was a huge catalyst for online auctions and small business, and it took took time for behavior like this to develop. And as others have said, they worked hard to not be a bank.

I can recall reading many PayPal horror stories, but as I recall, they were all accounts frozen and then usually closed and paid out 6+months later. This story and others in comments suggest PayPal has decided not to pay out the frozen accounts anymore. Damages from freezing the money for 6 months are real, but may not be realistically legally actionable; damages from not paying the funds are clearly actionable.
Why doesn't this fall under the CFPB? The money is held in a bank account which ultimately belongs to the PayPal customer.

When I was in the prepaid card industry we held money for people in our bank account just like PayPal does. The bank held us to account for each of our customers. We accidentally prevented some people accessing thier finds for a few days due to a software glitch and had our asses handed to us. As we should have.

One lady was prevented from accessing her $200 for a few days and her lawyer extracted our maximum arbitration amount of $8000 from us.

> Why doesn't this fall under the CFPB?

Who said it wouldn't? Government action to vindicate consumer rights is generally complaint-based and not exclusive of private rights of action, so a private class action isn't evidence that a thing is not also within the enforcement jurisdiction of a government agency.

Bitcoin (and others) solve this.
PayPal closed an account of mine after 20 years without explaining anything because I logged in one day while still connected to my VPN.
We should legitimize using VPN like we legitimized and then adopted e2e encryption.
I'm all for it, but my overall experience so far has been that if something happens to a small percentage of users - like 1% or less - then overall it won't gain traction or matter much. I am interested if this class action gets an support because I will for sure join it out of spite for how poorly they handled the situation and how they kept my money locked up for 6 months.
Depends on which 1% and how good that number is at mobilizing.

I promise you'd hear a ton about anything that only affected trans or gay people, for example, or any issue that only impacted the top 1% of customers based on money spent.

If we found a population with a social microphone in that 1%, then it can gain traction.

Apple iCloud Private Relay is attempting to do that
The thing that's surprising to me isn't that big corporations will do their damndest to rob people blind, it's that within minutes/hours/days after reading this thread, there will be a horde of people who read this article and smugly decry crypto saying there's no use case or purpose for it.
Seizing funds without explanation or restitution is a well known use case for cryptocurrencies at this point.
I'm so happy to see this. I am working on publishing a book on leanpub, and leanpub disburses payments using paypal. Yesterday, I logged into my paypal account and I remembered that this happened to me and my funds and account were frozen since 2010 (something I must have put out of my mind :p).

I was searching for this issue and found this lawsuit and cannot wait to be part of it.

Dealing with Paypal during the time was borderline abusive and I felt helpless every step of the way. In 2010 when they froze my account they mailed me a physical letter with an activation code which took weeks, and when I called to confirm my account I was told that the code was incorrect...

I had very very little money in my account < $100 and I can't imagine how frustrating it would be for someone who needed paypal for their income.

I'm happy to be in a position where I can choose to never use paypal again and I hope they are punished for the way they treat their customers.

> leanpub disburses payments using paypal

generally speaking, is it more complicated for these kinds of payments to be done via wire/swift/etc versus paypal?

Wire transfers have borderline predatory fees unless you're moving thousands of dollars, and there's still the issue of "oh you entered one of the numbers incorrectly, hopefully they give you your money back!"
This is a distinctively US feature. SEPA transfers cost (next to) nothing, and the IBAN has a checksum, so entering a single digit wrong will get the transaction rejected.
It's not a US feature, the US has ACH.
I wonder how Wise (formerly TransferWise) accomplishes this.

They seem to be able to send money to bank accounts anywhere for extremely reasonable prices.

They have bank accounts everywhere. They just avoid transferring money between them in the first place. As long as an even amount of money is going in each direction, they won’t have to.

Only if flow gets too out of whack but that means their rates are too one-sided.

That’s the forex business in a nutshell. They don’t convert money, they just exchange it.

Try shopping banks. My wires are free in most cases and I am not a big customer or anything.
I've used Zelle and it was easy. My bank is suggesting them (they have first class support), but I have no idea if they are otherwise better/worse than paypal. Most of the time if I owe money it is either credit card or I used my bank's bill pay (which sends a physical check if they don't have an electronic arrangement)

I did a wire transfer once, $15 in fees, but since the amount was from a house sale (to get from the bank where the money was deposited to my mortgage bank - they couldn't do this direct which was annoying). I wouldn't do it for normal things, but with that much money involved I don't blame the banks for some friction and the cost wasn't much. Hopefully I never do one again, and also I hope I'm an oddity for even doing it at all.

Zelle is window dressing on top of ACH.
Which is exactly what I want, most of the time — I want to write a check, but without the hassle of paper, or the recipient having to explicitly deposit it.
With increased provisions for those banks to push liability for fraud further away from themselves and towards consumers...
Zelle is instant for banks on the Zelle network. ACH isn’t.
Don't worry.

You won't have that money after they've implemented the inactivity fee last year: https://www.paypal.com/be/smarthelp/article/what-is-the-inac...

Wow. Notably receiving money does not make the account active.

Notifications to inactive accounts begins 15 November 2021 and advise simple actions to take before 15 December 2021 to avoid the fee:

- Log-in to your account; or

- Shop wherever PayPal is accepted; or

- Send money to friends & family, or vendors for goods & services; or

- Withdraw money from your account; or

- Donate to a charity with your account

I chose the option to close my account.
I chose the option of making a bot that logs in every 150ms.

I think everyone should do this. It is the best way to keep your money safe

(comment deleted)
PayPal will limit your account soon enough for security concerns. I would highly recommend not doing what you are proposing
This is true, a long long time ago I linked my Paypal account with Yodlee just to view balances (it would poll my balances at automatic intervals) and PayPal limited my account for "unauthorized third-party activity" or something to that effect.

Now that account aggregators like Mint/Yodlee are more common, I'm sure they worked out a deal with Paypal. But automated login activity is still scrutinized.

Would the inactivity clock keep running while you are locked out?
This happened 10+ years ago and I don't think there was an activity fee back then.

But the account limitation was removed fairly quickly. Basically I got an automated or template message telling me to change my password and keep it secure. Shortly after I changed my password, the limitation was removed.

> It is the best way to keep your money safe

The best way to keep your money safe is to keep it somewhere else.

We’ve closed your account due to suspicious activity please drink one activation can.

Joking aside, don’t you want your PayPal matched with 2fa? If so. How do you handle that with scripting?

2FA is essentially a time encoded using a secret known to you. It's an alternative to using a private key, it's just lest confusing to non technical people.

You basically can read the QR code, get the secret and use it to programmatically generate the token every time you need it.

The phrase here is TOTP,

And for those with 2FA over email, some more automation is necessary.

2FA over SMS requires even more effort

(comment deleted)
Good to know. I just transferred out my PayPal balance.
Inactivity fee is such a disgusting practice. It doesn't cost them anything to keep the account.
It's an attempt to legalize theft.
This. Skype has been doing the same for years.
With Skype credit that is deactivated, you can easily reactivate it again. I've done that.
That's not strictly true. It doesn't cost them _much_ but holding and tracking other people's money has a cost.

That said, I think the better answer is to send it to the state as unclaimed property.

Presumably it costs more to keep the money and process login attempts. Since logging in is enough to keep the account at zero fees, this seems like a money grab.
Is there really a marginal cost to holding more money? Presumably they can buy treasury bonds and earn some interest off the holdings. In terms of data storage, is it really more expensive to store a positive number vs. zero?
I suppose that compliance might cost something. I don’t know what KYC laws they have to comply with, but that is the kind of stuff that needs actual humans in the loop
> holding and tracking other people's money has a cost.

When you have as many users as PayPal does, in aggregate those non-zero balances are a mountain of money to play with. It's not a cost, it's opportunity for profit.

Holding other peoples money has a profit, not a cost. That float is valuable.
It’s called zero marginal costs for a reason, dude.
> Accounts with zero balance won’t be impacted and this charge won’t result in any negative balance.

How gracious.

How ironic.

When I was canceling my paypal account a few years ago, paypal prompted me: It's free to have a paypal account, so if you don't want to use it, just leave it.

It's hard for me to imagine when someone opens his old PayPal account and finds out that he was charged 10 €. (not even in US dollars)

For over a decade I've heard tons of stories about PayPal freezing accounts for questionable reasons. I've heard of events that were cancelled because the organizers suddenly couldn't access the money people paid to the event, and PayPal wouldn't release the money until they could prove they'd organized the event for which people paid, for which the organizers of course needed that money.

I will never ever use PayPal. Everything I've heard about them makes them sound like an extremely unreliable payment provider.They're not an organization you should trust with your money.

They frozen my account at Christmas. How do I get in Involved with this
We are Europe's largest site for RFID and pentesting hardware (lab401.com)

We are in the exactly the same situation. PayPal has conducted a personalised, manually executed war of attrition against our company and shareholders.

Eight months ago, PayPal froze our account, seizing 15kEU. They refused to give any justification for the action, despite discussions with C-level staff.

After the 180-day "withholding" period, we were informed that they would not release the funds, for undisclosed reasons.

We immediately engaged legal counsel. PayPal refused to interact with our counsel, and so a C&D was issued. Within one week of the C&D, PayPal did the following:

- Froze the account of our sister company (in Hong Kong), seizing 35k EU

- Froze the personal accounts of all shareholders of the EU and HK corps (~1,5k EU)

- Froze the business accounts of all shareholders by name search (different corporate entities, different businesses) - 5kEU

- Froze the business accounts that the shareholders held (again, different corps, different businesses) - another 5kEU

Our policy is to empty accounts on the 28th of each month. PayPal froze and seized funds in all accounts on the 27th of the month. Based on the time-stamps of the emails, and the order in which the accounts we closed, it's obvious that it was a targeted, manual process (2 - 3 minutes between closing each personal account, 15 minutes to find the next company account, 3 - 5 to close the personal accounts, and then 10 - 15 minutes for the next company accounts).

We engaged secondary legal counsel in Luxembourg (PayPal's EU headquarters). Again, PayPal refused to disclose any reason, justification or proof, replying with typo-ridden copy-pasted document from a low-level legal peon, concluding that no funds would be returned, the businesses and personal accounts were deemed 'illegal', and as such, PayPal would confiscate all funds.

All KYC was performed. All accounts had been "audited" by PayPal (when you reach the 5k, 50k, 100k+ processing tiers).

Needless to say, operationally - we have shipped 50kEU of hardware to customers, and face losses of the hardware, and costs of replacing stock. I agree with the standpoint: this is purely racketeering - an online equivalent of Civil Forfeiture.

For extra context, as the points have been raised in other comments:

- In a perfect world, no merchant would use PayPal. In our experiments, disabling PayPal cuts revenue by ~30% in our industries.

- Pentesting products could include illegal products: keyloggers, etc. We sell no such products for obvious legal and compliance reasons. All the products we sell are sold by countless other resellers that use PayPal. We have processed Visa/MC with Stripe for over 6 years with no problems (legal, chargeback, etc)

- We empty accounts regularly, to minimize fallout. However, you have to keep a healthy minimum in accounts when dealing with large volume, or accounts get limited automatically (presumably to avoid merchants pulling cash to avoid chargebacks / refunds)

- We have already 'invested' over 20k in legal fees. I justify this cost in (perhaps falsely) believing that we could establish some case law that could benefit other merchants.

It's unfortunate that we cannot join the class action in the US, or we'd be into it. With that said, if anyone merchant in the EU has similar issues, it could be interesting to investigate if a similar action can be mounted in the EU. Feel free to reach out: simon at sn dot cm (not a typo).

> We immediately engaged legal counsel. PayPal refused to interact with our counsel, and so a C&D was issued. Within one week of the C&D, PayPal did the following:

- Froze the account of our sister company (in Hong Kong), seizing 35k EU

- Froze the personal accounts of all shareholders of the EU and HK corps (~1,5k EU)

- Froze the business accounts of all shareholders by name search (different corporate entities, different businesses) - 5kEU

- Froze the business accounts that the shareholders held (again, different corps, different businesses) - another 5kEU

how can any of this be legal? aren't there laws prohibiting such actions from PayPal?

When you don't need to justify your actions and are allowed to stay vague, everything is permitted.
> how can any of this be legal? aren't there laws prohibiting such actions from PayPal?

laws are only as good as the legal enforcement.

Based on the advice given from our French, Hong Kong and Luxembourg lawyers, it's not legal. But the barrier for _proving_ that it's not legal is very high.

PayPal don't reply to account holders, and they don't reply in any tangible form to lawyers. PayPal forced us (and our lawyers) to sign three rounds of paperwork before they would even acknowledge correspondence from our lawyers, despite the fact that our lawyers were obviously retained and representing us.

Likewise, the delay between each step averaged 1.5 months.

At the end of all of the hoops, they gave a copy-pasted letter that said _exactly_ the same thing that their initial "You can no longer do business with PayPal" emails said.

They know that legal representation is expensive. They know that you'll have to get representation (at least in the EU) in multiple jurisdictions. They know that by drawing out the affair over months, you'll bleed money, and at some point, you'll end up saying: We've lost more money on lawyers than PayPal seized, and you'll give up.

The only recourse that appears to remain for us is actually going to court (and our claims won't fit in the small claims court). At which point, while they'll possibly return the stolen money, they won't re-open the accounts, so we still lose.

In any case, I feel we have a moral obligation to force them to court, with the hopes of establishing some case law for other merchants.

> In our experiments, disabling PayPal cuts revenue by ~30% in our industries.

I’m curious- have you considered adding other third party gateways (Apple Pay/Amazon Pay/something else)? I personally try to avoid entering my card number, so my general order of precedence is Apple Pay > Amazon Pay > Paypal > card entry.

We have Shopify's "Pay" and Apple Pay, crypto and regular Visa / MC gateways (Stripe). We haven't tried Amazon pay - I'll try it as an experiment to see what happens.

However, the fact remains that removing PayPal means losing business. Consumers are shielded from (most) PayPal's horrors, and just see the advantages: ease of use, ubiquity and "guaranteed win" claims against the merchant.

Dang. I try to avoid PayPal as a consumer because I'm familiar with these practices (I use services like Venmo but always withdraw immediately upon receipt). But if the only other option is sending my card number on a less reputable site, I'll pick PayPal over card entry every time.

Google Pay might be another gateway to consider as well. While I prefer to always use Apple Pay, it's not available in Chrome, even on a Mac or iOS device.

Paypal no longer gives users guaranteed win - I had a highly documented case of a seller refusing to honor their warranty, and Paypal stiffed me. Paypal is just toxic.
> - Froze the business accounts of all shareholders by name search (different corporate entities, different businesses) - 5kEU

> - Froze the business accounts that the shareholders held (again, different corps, different businesses) - another 5kEU

Shareholders? Not execs, but shareholders?

If true, this is one of the worst things that I have ever seen a company do, and this should probably be the top comment.

For clarity, we are not a publicly held company, the EU corp is owned by two entities 50/50.

The business accounts of the shareholder companies (in unrelated industries) were frozen, the personal accounts of the owners of the shareholder's companies were frozen, and any other account related (via email, name, passport, credit card, bank account, domain or corp name) were frozen.

We woke up to 6 "you can no longer do business with PayPal" emails, sent over the space of 30 minutes. You can clearly see the trail: corp one, shareholders of corp one. Corps of each shareholder. Accounts with the same email domain. Accounts of permutations above.

I'm happy that this is happening. Small buisness owners, Twitch streamers etc. can get their PayPal account locked pretty easily for "suspicious" activity (i.e chargebacks or a few thousand dollars). Then PayPal locks their account for 180 days with little to no recourse. The big Twitch streamers register an LLC which PayPals gives more leniency to AFAIU.
"AFAIU" stands for "as far as I understand".

(So those who have never seen this acronym do not have to google for it.)

Yeah... I've been hearing these horror stories about paypal for a very long time now and it makes my blood boil knowing that nothing's ever been done about it. I really hope that a big change is about to happen.