Tell HN: Do not store any funds in PayPal or use them for anything critical
I have used PayPal for over a decade, usually once or twice a month to make small purchases when buying something off Craigslist or Facebook marketplace. I also occasionally use it to split dinner with friends. I don't use it for business and I don't use it for anything sketchy.
I recently received an email from PayPal saying that my account had been permanently banned. No appeal, no reason given. I logged in separately to make sure this was a real email, at first I thought it must be phishing. It was real.
The only thing I can think of which might have precipitated this. I got a few invoice requests though PayPal a while ago from people/businesses I had never heard of. This is a well known and documented scam where they spam invoices en-masse and hope some people pay them accidentally (I did not pay them, but the PayPal UI makes this very easy to do and there is no way to decline or dismiss the requests).
Not a big deal for me since I don't use PayPal for anything critical, but I figured a reminder was in order in case anyone still thinks it won't happen to them. If it could happen to me, it can happen to anyone.
302 comments
[ 3.9 ms ] story [ 302 ms ] threadEBay just banned my account last week for listing a Macbook Pro with stock image, removing it to adjust the title, relisting it with a photo of the "About this Mac" to show that the specs were correct. (Can't think of anything else that would even be remotely related).
Also, the messages component of the Ebay web app was completely down the whole time so it made it impossible to respond to any users that were asking questions about the MacBook Pro. Completely insane. Apparently making listings is "harmful to the [Ebay] community"
and thankfully backed up all my critical data, but still have not been able to get a hold of anyone at Amazon.
It seems like our ability to interact with a corporate entity has become an afterthought + that all the machinery driving customer interactions (UIs, special support chat hidden, dark patterns everywhere...) have become a total impediment to actually getting something fixed.
100+ phones. Mostly "activation locked", all "no charger, no accessories".
50+ laptops, all "no charger, no accessories".
All blatantly stolen goods.
That's why I wonder at folks stealing iPhones and iPads. They are basically unsellable.
https://9to5mac.com/2021/07/07/brazilian-criminals-detail-ho...
Still... :(
https://archive.is/eEt4B
Nah bud. How do I know you are not the person who stole it? So I guess he went back to the seller, asked for an exchange. Seller said no, so he said “I have all your information, and I have the legit owner, so give me a different phone or I give him your info to take to the police.” Seller exchanges the phone and guy gives me the info anyway, including the listing.
I take all the above discoveries to the police. Who, I kid you not, first say “he’s probably not the person who stole it”, though I could have sworn selling stolen goods was still a crime, and said as much. They declined to get involved.
I thought it was that PayPal was built, then bought by eBay so the could double dip.
Surely you can take them to court (if you have time to burn)?
Absolutely correct.
Even worse, winning the lawsuit does not mean you'll see the money. It only gives you the right to do things like attach liens onto their assets. You have to actually do all that footwork (and pay the associated expenses) yourself.
So suing is a clusterfuck nightmare, and after winning, collecting what you're owed is a second clusterfuck nightmare.
Examples of paypal being shitty abound. Why do people keep falling for it?
I am sure their user agreement gives them some leeway to hold the funds for some period of time, but I would be surprised if the law allows them to permanently keep the money, with no legal recourse.
https://www.cogini.com/blog/paypal-know-your-customer-failur...
I'm out of the country, I complete 4x $20 payments to a friend I'm visiting. I try to do the 5th and it wants to me to "Add a Mobile Number" to verify my identity.
Brilliant PayPal. You already have my email+mobile on file. It says confirmed. I have 2FA enabled. And now, to verify my identity, you need me to enroll a "new" phone number. How in the **, exactly, is that going to verify my identity. And how screwed up are your systems that your left brain and right brain are out of sync.
Granted, I basically have to call them every 2 years for some similar sort of "your website just told me to go F myself, can you press the magic buttons to fix it since you can't, you know, actually fix your systems.".
EDIT: The clencher to this story is calling PayPal and getting the sweetest older lady from Texas that, without asking me any further verification questions, pressed a button and said "okay, try again", and wouldn't tell me anything else. Only to hit the same issue ~24 hours later.
I have a story like this for Schwab. I have a story like this for both my credit unions. Capitalism driven banking baby. What a joy.
Will be removing my bank account from it right now.
I refuse to use SMS as a second factor, so using it as the _only_ factor for what is effectively a bank account is absolutely batshit insane. They’ve completely lost their mind.
https://www.paypal-community.com/t5/Managing-Account/How-do-...
I cannot log in without a phone any more to paypal. At all. My mobile phone doesn't even work on my property, I live in a rural area, with no cell phone service for 1km.
I have a phone. Email. I could set up 2fa via the internet.
Nope.
Because of course, cell phones are always reachable?!
I use TOTP with my account just fine?
Of course it doesn't change the fact that using SMS for security should be illegal.
I don't get what you're supposed to do when travelling? Incur international texting charges?
At _minimum_ I need to swap the physical SIM card in my phone which for some reason breaks iMessage for a few days every time I do it. However roaming doesn't work in every country, so, sometimes I'm just fucked.
eSIM could make the first problem easier, but it actually makes it harder. With a physical SIM, if I lose or break my phone I still have my home SIM so I can still access SMS on a new phone. With eSIM, if I lose or break my phone my home SIM is lost along with it. No problem, just provision a new eSIM, that's the whole point right? Well, one of my telcos doesn't support eSIM yet, but they enforce SMS MFA, so I can see where this is going. I'll only be able to provision a new sim if I have access to the old one. Absolutely braindead. Another of my telcos doesn't allow eSIMs to be provisioned digitally; you need to obtain a physical QR code from a shop or have it posted to an address within the country (they won't send one overseas). It's actually unbelievable how telcos have managed to make eSIMs less convenient than physical SIMs. Anyway, this means I need to return to my home country if I lose or break my phone because without SMS I won't be able to access banking.
This is beyond infuriating, but I'm an edge case so no one cares. It should be illegal for critical services, banking/finance/govt etc to depend on SMS.
(No affiliation; I'm just a happy customer.)
I was able to get my hands on one of their cards, but it was useless to me as I couldn't actually put any money on it from my unsupported country.
Why?
> And there appears to be a lot less protection for you as their customer.
They have EU banking licenses (depending on where you are a different one applies to you), but they are a regular bank with all the protections that includes for a customer - if they go bankrupt, your money is guaranteed up to a certain extent; they can't just close your account and keep the money like PayPal do, etc. etc..
What do you mean? They provide banking services, they cannot do that without a banking license to do it under. They used to only have one, in Lithuania, and use it for all operations, but now they have a bunch more and the most appropriate applies (e.g. I'm in France, and I'm under the French one).
When I duckduck the question, even revolut has this in their FAQ: https://megous.com/dl/tmp/bbebf0d88acb54d8.png
It's possible to have a license and not use it.
- Basically none of the banking functions were available outside the app
- The app itself was buggy. There was some sort of "vault" or whatever they called it that had attractive interest rates (the reason I signed up), and after wasting hours of my life over a few weeks with customer support I decided it would never work
- Unlike any other bank-like service I've used, you can't just get mailed a check and close the account. Neat idea maybe, but at the time the app was buggy and wouldn't let you withdraw fully if you had anything in savings because of some sort of minimum balance nonsense
- You can't use the app if they think your phone isn't sufficiently secure. This is more on Apple/Google for caving to that bullshit, but IMO an app with its own security model shouldn't have any clue how you access your phone
- Deposits were capped to like $10 for the first day, $100 for the second, and so on. I don't remember the exact schedule, but it meant that instead of just depositing an old 401k I had to design over a period of time a series of increasingly large deposits of some other money (just like a fraudster would do? ELI5, what are they actually preventing?) just to be able to throw a check into the account
- Deposits to and withdrawals from Revolut took an obscene number of days, nobody on either side of the transaction could tell where the money was (magically available in neither account), and the transactions were 10x longer when I was trying to leave
And on and on. Like, I'm sure they're fine on average, and they're probably better than when I tried last time, but I haven't had a worse banking experience yet anywhere by a longshot. The basics for an online bank are logging in, depositing money, and withdrawing money, and neither the basics nor the fancy features they sold me on were very functional.
Happy to hear the virtual debit cards work for you :)
As a secondary concern, the bank has occasional 2fa, and definitely does some kind of anomaly detection. Primed by the ickiness of the user/pass request I just had a mental image of some hacky Selenium script on an AWS IP address filling out the login form and getting my online banking disabled proactively.
There are a lot of checks on top of that which individual banks may or may not implement or care about, but at the end of the day those two numbers get you 99% of the way there. And for an organization the size of PayPal they're really going to be given the benefit of the doubt by banks.
Also not sure why that's not more common in comparison to credit card fraud.
Edit: I guess credit card fraud can be easier to cash out (for physical goods or services), while ACH fraud requires mules to act as intermediaries to receive the fraudulent deposits, which might be harder to come by and sustain.
There's millions of retailers that accept credit info in exchange for goods and services.
You can't use ACH to buy Wal-Mart gift cards.
The US banking system can be summarized as "withdraw first, ask questions later." The whole system is based around auditing after the fact. If at the end of the day (or week, or month), the numbers don't balance out, a flag is raised, and someone investigates it. And in many cases, there is a waiting period before you can access funds transferred.
Outside the US, people find this whole thing crazy, but that's how it is and it actually works well enough. My understanding is that banks are moving to a more modern system, but it's a slow process given how much is built around the current system.
But it does happen; google "check cashing scam" to find how they mule it out.
might also be a reason why US banks always seem nosy as fuck, calling people about transactions, blocking stuff, etc. instead of just giving the account owner a safe way to perform transfers/authorizations/set limits
The bank is not in the business of allowing overdrafts and then somehow collecting the difference.
Having a separate account with enough for the current Paypal transaction (that you refill from the main bank account as needed, in a few mouse clicks) means you limit your losses from a transaction gone wrong with a major company.
Can a malicious player try pulling money from your main account? Absolutely. But the chances of a large company, like Paypal, hitting you like this on an account not registered with them is zero. And your bank's fraud protection should stop an attempt to pull a large sum from your account by an unknown company in a sketchy country.
This doesn't stop PayPal from reversing a previous inbound transfer they decide shouldn't have happened, but it ought to stop PayPal unilaterally deciding they would like some of your money.
[1] https://www.forbes.com/sites/halahtouryalai/2013/06/11/yes-b...
Why?
Seems random who gets screwed in these situations.
Honestly it boggles my mind that USPS can just mark something delivered with no actual evidence of delivery (signature, photograph etc.) and it's just taken as fact.
The buyer listed the radio I had sent him immediately on eBay for way above a reasonable price. I took screenshots and made a police report. Didn't hear anything back in a week. Considered small claims but I'd have to potentially travel to the claimant's area which is a good 3h drive each way at the time.
So the buyer/reseller was in Ipswich which is 15 miles or so from my brother-in-law so he went round there and recovered it for me. My brother-in-law is an ex army (Gulf War vet) 6'5" bouncer. The guy did not argue with him. He was told he could come and collect the broken one at his cost from Bristol. He never did.
I now run a mule account on ebay managed payments and do not accept paypal for anything and do not send anything until cash is cleared from the mule account into my main account.
Edit: also worth pointing out that ebay do not allow sellers to leave negative feedback for buyers so you can't even rate or report the buyer publicly. If you leave any comments in a positive feedback other than sucking dick, they will remove the feedback.
but I definitely have the same question, I always deposit anything sent to me via paypal, venmo, whatever right away so there's zero balance.
good luck telling a bank to un-authorize someone from being able to deposit or remove money from your account though, I had to call them up and they didn't even seem to know how to do it.
somehow it isn't just a checkbox, it seems to me like revoking that permission should be vastly easier than providing it...
Paypal receivables account has no overdraft protection and not overdraft allowance. If a withdrawl over the value of the account comes in, it is denied.
Connect that account to paypal.
Next, in the Paypal receivables account, setup an external transfer from the receivables account to the main account. You will have to validate the ownership of the second account usually by posting two small transactions that were auto posted to the account as part of the validation process. This takes a couple days. Once that is done, you can transfer money from receivables account to main account but not the other way.
Transfer money out of paypal to the receivables account, transfer money from receivables to main. Use a credit card to spend money with paypal.
You can set up two way transfers if you need to put cash into that account for transactions and you still get a similar level or separation, I just prefer to use a CC instead because they'll help you out if you want to dispute or reverse a transaction and paypal may not.
Note that this may not work everywhere in the world. For example, in Australia, the legacy direct debit system will happily put an account with no overdraft into negative balance.
I’m not sure if the modern replacement (PayTo) has the same behaviour. In any case, legacy direct debits will probably stick around for years.
The best option is to simply avoid PayPal.
Unfortunately certain vendors only accept Paypal. For example, I like to watch billiards, and Accu-Stats (one of the largest PPV billiards sites) only accepts Paypal. So, unfortunately, my choice is either to bite the bullet and use Paypal or be prevented from watching the events I'm interested in.
My bank (BoA) allows me to have multiple checking accounts so long as you satisfy the initial deposit requirement, and maintain sufficient balances in other linked accounts, so this looks like a good way forward. I think I'll switch other apps to use this new receivables account to contain their potential blast radius.
It happens every 10-18 months, enough that I assume there is a substantial amount of money being produced by charging a late fee and interest and people not noticing. They never put it back either, have to call and spend a couple hours with them.
My lease favorite bank.
That was the end of my interactions with PayPal.
Luckily I paid through my credit card on Paypal since I disputed it through them. If I had linked my checking account, they would have help a fraudster steal 700 dollars from me.
I went to another state to pick up a car I had bought. I needed to pull $10k of my own money in cash out of the my banks to pay the seller. I checked with the banks before I left to make sure it would be OK.
I arrived in Utah to meet the seller and we go to the bank to do the transaction, and my banks suddenly don't want to let me cash out that much money. I ended up having to kludge the transaction together with some my cash and credit card advances. I didn't quite make the full sale amount so the seller let me take the car and sent me the pink slip later.
Second fact: online banking used to do instant bill pays. Now anything above a trivial amount has to be scheduled. It didn't used to be that way.
Combining these two suggests to me there is a liquidity shortage in the retail banking system. Paypal may be under the same liquidity pressures and using fuzzy TOS reasons to hold money because they don't have the liquidity to handle all of their transaction demand.
The thing I wonder about is why did online banking start requiring scheduled payments for anything over a $100 or so about five years ago? Now they often make me wait a few days to clear a payment, unless it's internal to the bank itself (e.g. my checking account to pay off my same bank cc account).
I'm sure they're investing my money short term and the holds give them more time and flexibility to do so. However, tying up account money in short term invesments means their liquidity will be reduced.
If you were PayPal would you not invest user funds overnight (or longer) based on projections of inflow/outflow? If not you'd be cheating your shareholders. However the temptation to hold on to user funds as long as possible would be constantly present. That's almost certainly what's happening.
https://en.wikipedia.org/wiki/Ombudsman
I'll repeat the advice I gave there: run away from PayPal as soon as possible. It's not worth the risk.
Most of these websites only uses PayPal as a method of payment, kinda forcing the user to do the same.
https://medium.com/incerto/the-most-intolerant-wins-the-dict...
Tell them you can't purchase with them because they don't offer alternative payment.
it's the other way around, in my case, they pay me using PayPal.
It sounds like they've removed my card from the UI, but they can still charge it if they want.
In any case, I'm going to close my PayPal account and hopefully cancel that card within a few weeks.
The truth is trust no banks—I had Mercury Bank and First Republic help someone steal over $120,000 from me—I'm not kidding!
Trust no one-distribute your money in lots of places so if one is crooked you are not dead.
Franchise Tax Board of California felt like I owed them taxes (which I didn't) and emptied one of my bank accounts without even giving any advance notice. Luckily it was a smaller one. A year later and I still haven't gotten my funds back, even after having my accountant spend hours on the phone with them and them promising to give it back.
And you're right... people on this site time and again keep going after crypto as being a horrible scam... yet they keep on using Paypal. Well, if you hate crypto so much, what would be a better solution to the Paypal problem?
Op posted this before: https://news.ycombinator.com/item?id=30269141
I go on about (most) crypto(-related things) being a horrible scam (because it is) and also have avoided PayPal since very early in its existence, except in the very rare instances where a business for which there is no alternative requires it, which I’ve run into exactly once in the last decade (was a more common problem in the early 00s.)
The world isn’t a dichotomy between crypto and PayPal.
anecdotal evidence isn't really worth much, sorry.
there is a reason why this story is trending on HN 5 months after the op originally got banned. it is because this keeps happening over and over again to untold numbers of people. the thread is full of endless amounts of similar complaints. you're here responding to the comments at the bottom of the page. you can choose to ignore all of that and make it personal to your experience, or you can listen to the warnings and try to find solutions that help others beyond just yourself.
> The world isn’t a dichotomy between crypto and PayPal.
really, because you said so?
Ugh, sorry to hear you are going through this.
It's astonishing how incompetent (and/or corrupt) some organizations with power are.
Anyway, more fuel for my fire to make things better.
But the people creating and maintaining crypto wants neither of the above, because they all detract from its value as a scam.
I have never had a problem sending someone crypto (I'll admit though, offramping can be a b*tch). I often lose hours of my life on hold with banks when they block a payment and/or freeze an account for a regular transaction.
> low transaction tariffs
If you avoid BTC and ETH and use something like XLM or NEAR you can get dirt cheap fees and fast settlement times.
> stable valuation
Yes I 100% agree with you there.
> But the people creating and maintaining crypto
I would agree with you and say perhaps between 30% and 90% of people creating and maintaining crypto only care about short term gains, but I'm an optimist and think the minority that believes in it will triump in the end.
A good reminder for me that I still need to move off of their platform.
"But Zelle’s terms are clear: You can’t cancel a payment once it’s been sent if the recipient is already enrolled with Zelle. And if you send money to someone you don’t know for a product or service, you may not get your money back for a product or service that’s not delivered."
https://www.elliott.org/problem-solved/how-to-get-your-money...
The difference with crypto is that you're not going to be filing a Regulation E dispute against someone on the other side of the planet.
"Since Regulation E is virtually unknown outside of the financial services industry, few people — let alone customers — know the process of filing a claim."
Oh come on. Zelle and the banks are literally banking on the fact that they are protected by exactly these sorts of unknown processes. Are you really advocating for more of that?
> The difference with crypto
The difference with crypto is that contracts, written in code, can be used to do escrow that don't require a third party centralized company like Zelle to handle the transfers. They also work across borders. No need to tie up the US legal system with 'Regulation E' cases over $1700 rent payments or having to hire lawyers to sue banks.
My point is that, we can work to make this stuff better, or we can keep the status quo of having to learn about 'regulation e'. I'm on the side of working to make this better.
People say that crypto is just re-inventing what already exists and a lot of it is doing that... I'm ok with that. What exists is not always the best solution.
In the case of escrow contracts. The funds are in a contract. Those funds will be released to a specific wallet only when two humans agree to their human consensus. The blockchain again, is the settlement layer.
When I bought my house, it went through an escrow process. I had to pay some human paper pusher thousands of dollars to do something that really could have just been done by computers for fractions of a cent and in a matter of minutes.
Escrow is one area that you're going to have a hard time arguing with me that isn't a perfect use case for blockchain. I don't care if it is 'overly complicated'... nothing is more overly complicated than the current process today.
I wish those were called something else. They aren't actually contracts in the sense most people understand the term. And, being code (and immutable, if I understand it), I don't find their existence reassuring from a safety point of view. But that's neither here nor there.
> No need to tie up the US legal system
As (highly) imperfect as it is, the legal system does, at least, provide mechanisms to correct injustices.
I did use Zelle for that, required two payments since the limit was $2k/day. Also super lame... why can't I be trusted with my own money? "For your protection."
I'd love to know your magical way of paying him $4000.
I got scammed 500 USD using Wise, so it's not like these services help you in any way.
That said, with things like Wise (which I'd never heard of until your comment), it pays to read the fine print and avoid the ones that don't offer any real protection for you.
https://en.wikipedia.org/wiki/Mt._Gox
Not your keys, not your coins.
"Don't use paypal, cash solves this!"
Both systems have the same problem, in that people need to use intermediaries to accomplish the transactions they want to accomplish. Crypto solves nothing, it converts problems into different problems.
Yeah it seems kindof arbitrary. I've abused my account doing weird stuff for years and it's still fine.
Seems like this is might be the case of it? I'd imagine one of these people turned out to be scamming people they'd ban accounts that have transacted with them?
> I don't use it for anything sketchy.
Sending money to strangers seems sketchy to me. I certainly wouldn't do it. shrug
Anyway, PayPal isn't "special" - you risk being banned from literally any financial institution for seemingly no reason. You can read a million stories about people being banned from credit cards and banks online.
But even if he was, what's sketchy about it? I've purchased things from strangers and sent them money with PayPal before. Is that not legit?
I can't remember the exact legal/technical wizardry they've used to get around this, but this has always been a crucial part of the PayPal business model. It's not a bank, it just makes people think that it is one.
As others have said, don't keep any money in PayPal and if possible, try to attach a secondary bank account to your PayPal account to limit your exposure. I've had a PayPal account since I was a teenager and knock on wood have never had any problems, but I always immediately transfer the money out of PayPal as soon as possible.
https://en.wikipedia.org/wiki/PayPal#Offices
But, I've heard several times they have most of the law firms in Luxembourg on retainer. So, it's extra difficult taking them to court (with representation), due to "conflict of interest" with this majority of Luxembourg law firms.
There are many further examples of their EU legal approach here on HN, if that helps. eg:
* https://news.ycombinator.com/item?id=32742258
* (lots more from a quick search)