729 comments

[ 0.26 ms ] story [ 82.0 ms ] thread
I'm really struggling to think of what "Alep" even refers to that would trigger this. Surely not Aleppo, right?
Yup Alepo & thus ISIS. What a world: where a regex match can kill your business.
More accurately, I suspect it's Aleppo and thus Syria, which is under sanctions by the US and European countries.
Yeah, this is almost certainly some AML provision that has gone amuck, but they'd rather inconvenience you in a silly way to prove that they were "doing their job" than to get themselves shut down due to sanctions.
(comment deleted)
Aren’t there towns in the US and elsewhere named for towns in other countries? This xenophobia is an albatross.
The people of Aleppo, Pennsylvania must have a lot of fun.
It's the dream of box ticking auditors everywhere
My friend had an account with Isis in the username because she learnt about the Egyptian god in video games. She was panic about that a few years later
Also an elite spy agency
I wouldn't say “elite”.
That was the original name for what eventually became Google Wallet. It was launched as Isis, then promptly rebranded to Softcard before eventually being bought by Google.
I remember PayPal restricting some users back in 2014, whose billing address was Simferopol blvd., Moscow, Russia.

People of Isis st., somewhere across UK, were also out of luck.

isis is commonly used to refer to the stretch of the river thames running through oxford, uk, and to several oxford institutions

https://en.wikipedia.org/wiki/The_Isis

Its also a name of a Egyptian goddess, a moon, a Dutch DJ (Dj Isis formerly known as 100% Isis) and a whole lot more [1].

At least the word 'is' did not get corrupted.

[1] https://en.wikipedia.org/wiki/Isis_(disambiguation)

Someone wanting to cause world wide disruption should start an organization called a
Surely Aleppo. Financial institutions are responsible for making sure their customers don't circumvent sanctions, don't launder money etc. If PayPal would not stopped this transaction, it could be a huge liability for them in regards to financial regulators.

Unfortunately, I do not know of a better solution than "match transaction data on this list of regexes" that would scale for the millions of daily payments that banks are processing.

Yeah because terrorist put the real subject in their transactions.
So your solution is?
Actually know your customers. Like real banks do. Relying on a free text description on the payment is completely useless.
Yeah because terrorists will definitely not lie when they open a bank account!

Also…how would KYC stop a terrorist from abusing your mothers bank account to transfer money?

This is why you need KYC and also transaction screening (and also X, Y and Z).

Yes, but transaction screening should rely on information about the accounts involved, and not the descriptions on the payments. Because those mean nothing.
The real bank that I use in the UK cares about what you put in the reference field. Putting something like "AK47" as the reference quickly results in a phone call from them telling you to not do that.
Would it be a problem for a US bank?
"Real banks" also will block transactions with the "wrong" keywords in them. They are literally required to do this.

For example:

Chase Bank blocks California man’s online payment over service dog’s ‘terrorist’ name

https://www.nydailynews.com/life-style/chase-bank-blocks-onl...

These stories are really common. Usually a phone call fixes it.

Not wage financial war?
Come again? Just to make sure we’re on the same page, your opinion is that terrorists should be free to use existing financial instruments (bank accounts, PayPal etc.) to transfer funds for their terrorist needs? Or am I misunderstanding?
That might be less harmful than being overzealous and banning every innocent person.
Yes, because the cost of pretending to “do something” is far too high (unbanking unprivileged people and a huge % of the world just because they aren’t born in the ‘right’ country or with the right name) for absolutely no result!

By analogy, would members of the KYC/AML cult have the opinion that terrorists should be free to use roads for their terrorists needs? The solution is police roadblocks and checks every kilometer or so?

Hmm. Maybe?

Wouldn't it make more sense to allow these transactions to proceed but report them for investigation?

Aiding terrorist organizations is a crime. Wouldn't it be better to know who's doing it?

It feels like it would make more sense than automated block lists and account closures.

It's sort of similar to how bone-headed the shutdown of Backpage was. Backpage actively and willingly worked with the police to investigate human trafficking etc... It was basically a giant honeypot. From what I've read, when they were shut down the government lost a valuable tool and ally in the fight against sex slavery.

Have a system in place to resolve these false positives quickly and painlessly?

Of course all positives are going to be false positives, but what did you expect? Fighting international terrorism one regex at a time?

A system. You mean like sending the owner of the flagged transaction an e-mail? Like what happened exactly in this case?

Also, curious about your source that all screening positives are false positives. Can you link to that?

The entire country of Syria is under sanction.
> Unfortunately, I do not know of a better solution than "match transaction data on this list of regexes" that would scale for the millions of daily payments that banks are processing.

I think it would be reasonable to ask you, and other supporters of this, to provide emperical data of the positive law-enforcement impact that grepping transactions for "ALEP" has had, so we can weight it against the human cost (capital and time spent across all sides, including legal departments in financial institutions, Google Docs written, impact on affected customers).

Because the default assumption of a normal person is, of course, that this is ridiculous.

One data point I can provide is: $900,000,000.00 — which is the cost for a bank for NOT doing this.

https://www.reuters.com/article/us-ing-groep-settlement-mone...

In the case of BNP Paribas, 10 times that.
> One data point I can provide is: $900,000,000.00 — which is the cost for a bank for NOT doing this.

(It's not at all clear that this fine is due to a lack of regexes.)

If the argument is "banks have to do this because of non-sensical and unjust regulations" - fine, that's one for the lawyers and maybe risk managers.

I understood your position as defending the regulations itself.

I think it's a city? That's the best I can find. Don't know why saying a city name is bannable
(comment deleted)
At least they were given the reason and a chance to respond. I'm just an infrequent, individual user and one day I got an email from Paypal that I was banned for life with my account closed and the same would happen if I tried opening any new accounts. It also banned my Zelle account for life.

Thank god I never left any money in there or it would have been stolen. And to this day I still get emails from them as if my account isn't banned, but logging in just takes me straight to the ban notice and I can't actually close it or opt-out of emails.

> Thank god I never left any money in there or it would have been stolen.

That's not true. They banned my account when I was below 18 because it's forbidden to have an account for minors, but there was absolutely no problem retrieving the $1000+ that I had.

Even if the account is banned they let you link a bank account and withdraw.

I know several people who got stuck in an endless loop of Paypal processes and couldn't withdraw their money. It is a terrible service.
It took years of litigations for my coworked to fetch his $30k from PayPal. The reason they banned was irrelevant.
What’s the link between PayPal and Zelle? And what does it mean for a Zelle account to be banned for life?
None. There is no link between Paypal and Zelle.
They link is the person, and as Cthuhlu_ points out, maybe something like a common password?
> And what does it mean for a Zelle account to be banned for life?

Considering that Zelle is focused on traditional bank-to-bank transfers, probably something pretty sketchy to be banned.

I think he means Venmo, which is a PayPal product. Zelle is a consortium of banks.
Report those emails as malicious.
Yeah mess with your email provider by sending false reports, I'm sure they'll appreciate that (sometimes I wonder if spam is such a big issue in part because users report anything they don't want in their inbox, like a newsletter they previously signed up for, as spam or similar)

Either you're at a small ISP and paypal doesn't care about a handful of customers that need to dig an email out of the spam folder, or you're at a large one and it won't have an effect because nobody else is reporting it

This doesn't hurt paypal but might annoy a small email hoster that might have to clean up your mess.

People use Paypal because they can't get around it. If you want to hurt them, help reduce their market share. Complain to the support of the service where you needed paypal, asking for better payment options (cite articles like this or whatever). That's what I do anyway, and doubly so when I know the owner. That they need to also offer paypal to get more customers, sure that's their risk (I make sure they're aware of it), but at least offer legit payment options as well

They aren't false.
Regardless, the main point (that it'll not affect paypal a jot while inconveniencing someone else) is still valid.
>sometimes I wonder if spam is such a big issue in part because users report anything they don't want in their inbox

Spam is by definition email users don't want in their inbox.

"spam (n): irrelevant or inappropriate messages sent on the internet to a large number of recipients."
No. Spam is by definition unsolicited email (often commercial in nature) from someone you never have had any sort of (business) relationship with.

If you've used a service, even briefly, and willingly given them your email address, and then later get emails from them, that's not spam. Yes, it is super annoying that they automatically sign up your address for marketing, but there is a way to unsubscribe.

If I sign up for a service but don't explicitly opt in to getting their newsletter, any marketing emails I get are spam, and flagged accordingly. The whole idea that I've implicitly opted in without being asked is nonsense.
That's something to take up with your representative, because that's legal unfortunately (specifically: marketing similar products based on past purchases, and in my experience, the consumer market authority takes that definition rather broadly).

There's a second category of unwanted email where unsubscribing has as only effect that you'll get more spam because now they know that your email address is actively being read. The sender is a hacked server or a botnet, and no business is identifiable as sender. This type of illegal activity is what spam filters are designed to combat. You're not helping the designers by marking other email as spam: it muddles the data, causes legit senders trouble (like me, I don't have a newsletter but spam filters are so aggressive that personal messages sent from my server still regularly ends up in spam), and makes everyone's life harder.

> That's something to take up with your representative, because that's legal unfortunately

Or you culd report it as spam in your email client. Because legal or not, it's still spam.

> Spam is by definition unsolicited email (often commercial in nature) from someone you never have had any sort of (business) relationship with.

Can you provide a reference to that definition?

I have checked on merriam-webster, oxfordreference.com, oxfordlearnersdictionaries.com, and wikipedia. None of them include the "from someone you never have had any sort of (business) relationship with" clause. Or even anything which could be read that way.

> Yes, it is super annoying that they automatically sign up your address for marketing

Yes, super annoying. And also spam. If I didn't ask for it it is spam. If they trick you to "agree" to it (for example by having a checkbox where checking the box means you don't want to receive emails) without you realising, that is still spam.

> there is a way to unsubscribe

Sometimes. Doesn't make it any less spammy.

> None of them include the "from someone you never have had any sort of (business) relationship with" clause.

Spam is illegal, but I'm pretty sure none of the mentioned sources make the law about what is and isn't allowed to be sent. Maybe you can find the actual definition in the laws that apply in your jurisdiction.

The laws regarding spam are not the definition of "spam". Rather, the laws describe a subset of spam that can be clearly and definitively identified as "spam". It does not include cases that are just barely within a grey area, but which any reasonable person would label as "spam".

The law follows the existing understanding of what constitutes spam, just as it does for "murder", "theft", and a myriad of other cases. The law does not define these terms, only how they will be applied within the context of the legal system.

Whether I have a relationship with a business or not, if they send me emails that I didn't ask for and don't want, they're unsolicited.

That's, like, the definition of "unsolicited". In the dictionary and everything.

Doesn't matter if there's an unsubscribe link either. It's still fucking spam.

When you unsubscribe, what happens?

Do they now mark your address as "still active and being read" and send it more messages because it's now more valuable?

Or will you stop getting email from them?

That's the difference between things you should be marking as spam and things that annoy you but are legal and you'll just need to press unsubscribe on (and be careful with whom you give your data to). Write to your representative if you want the law changed on what's legal.

You can also complain to the market authority if an identifiable party sends you unsolicited commercial email outside of the law. If they're not identifiable then it's never legal, and that's what you should classify as spam because spam filters are meant to catch this. A legit business can be held accountable and has an interest in remaining in business, but real spammers aren't so simple to trace down and stop so that's what these filters are meant to do.

I get plenty of junk mail in the post. The fact that it's legal doesn't stop it being junk mail. Yes, I could take the time to write to a politician to complain about junk mail, or I could just chuck it in the trash and get on with my day.

Ditto spam. Yes, some of the spam I receive might be within the law. That doesn't stop it being spam though. I could also take the time to write to a politician to try and change the law on what spam is legal and what isn't... or I could just mark it as the spam it is and get on with my day.

What kind of junk mail? Where you gave your physical address to a third party and now they're sending you crap, but they're a legit business that you can tell to stop doing that and then you stop receiving junk mail, or do you mean they got your physical address from data leaks and the sender tries to scam you into resetting your password, sell you illegitimate drugs, etc.? You're talking as though both kinds, legal and illegal spam, are the same thing.

> Yes, I could take the time to write to a politician to complain about junk mail, or I could just chuck it in the trash and get on with my day.

What you're suggesting is messing with a spam filter designed to handle illegitimate email to get confused enough to also filter out legitimate emails based on a guess as to whether or not you might want it. You're not "just chunking it in the trash and getting on with your day" but actively harming the system instead.

> What you're suggesting is messing with a spam filter designed to handle illegitimate email

No, I'm teaching my spam filter about which emails I consider spam, so it knows to automatically filter them out in future. Which is exactly what I want my spam filter to do. That's its job. That's why I installed it.

> You're [...] actively harming the system instead.

Lol.

I'd say the vast number of irrelevant commercial bullshit people get in their email harms the system more. It is spam. If I order a pair of pants from the Gap and they start sending me two or three emails a day, that is spam. If those marketing emails got marked as spam by all providers by default, the world would be better off.

Same with physical mail, which also explicitly just has an option for "bulk mail", which is even worse. If I could opt out of receiving mail from the USPS entirely, I would. (Although I consider them to be the most reliable service for sending and receiving packages.)

If an email address is provided for not-marketing purposes, and is used for sending marketing emails, that’s spam.

For example, I went to a mechanic, and provided my email address as a way to contact me. I started getting marketing emails from Sirius XM, despite never having interacted with them. Therefore, marked as spam. If Sirius doesn’t want their emails to be marked as spam, they shouldn’t be sending out spam.

Edit: Or, in the case of Walgreens, their "Unsubscribe" link reported that there was no subscription at the email address to which they had just sent an email. For that one, I did give a reply to let them know of the issue, and got no response. When the next one arrived from Walgreens a week later, that was reported as spam.

I'm fairly sure that according to even the old (by internet standards) American CAN-SPAM act, if you cannot easily unsubscribe then it is illegal.

I might however have misremembered something so please if someone knows, feel free to fill in.

You're quite right. https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003#Unsubscri...

I think in the Netherlands (or EU?) it has to also be one-click. It can't first give you a survey or ask you to enter your data again or other hurdles. It's quite strict in that way, but then quite loose in the way that businesses are allowed to send you unsolicited commercial (e)mail if you previously purchased something and they want to market a related product to you. Win some, lose some. I can see the point, though, that you might be genuinely interested in their new fancy better improved heat camera if you previously bought a heat camera of theirs, and the message still has to have that one-click unsubscribe link. I'm willing to accept this compromise even if I am usually not interested in those offers.

What has to die is the type of spam where you have no idea who the sender is or how they got your data. That's what spam filters are designed to filter out, since you cannot filter that by normal/legal means. It's much harder to try and make a spam filter read your mind on whether email from a legitimate business is something you're interested in reading (you may or may not care for that order confirmation, newsletter that you may or may not have signed up for, etc.).

But I've learned today (from the subthread above) that having the general public make this distinction and correctly train spam filters (such as email, but presumably also on reddit and such) together is a lost cause. We'll have spam forever, yay.

> It's much harder to try and make a spam filter read your mind on whether email from a legitimate business is something you're interested in reading (you may or may not care for that order confirmation, newsletter that you may or may not have signed up for, etc.).

Hence, the "Report Spam" button.

No don’t be silly, if you use that button you’re actually breaking the whole system.

You’re just supposed to sit there and take the unsolicited non-spam from everyone around you and never touch that button ever, or dare call something that doesn’t fit one person’s ridiculously narrow definition of “spam” that.

And if you don’t like it, your inly course of action is obviously talking to your representatives to change the legal definition of spam. Anything else is breaking the system.

/s, for those wondering.

Did you miss where the original person is unable to unsubscribe because they were banned? In this specific scenario, it is absolutely spam, otherwise known as Unsolicited Commercial E-mail (and by virtue of them being banned, these specific mails are by definition unsolicited).
> No. Spam is by definition unsolicited email (often commercial in nature) from someone you never have had any sort of (business) relationship with.

The name "spam" comes from an old Monty Python skit about hearing the same thing over and over and getting sick of it, so this definition doesn't really respect the history of the term. The name spam started as a Usenet moniker some time after some lawyers started trying to get people to pay to enter the free green card lottery run by the US government.

This definition almost sounds like you're gesturing at "UCE" (unsolicited commercial email) which some people started trying to push as a definition for spam back in the day.

> Yes, it is super annoying that they automatically sign up your address for marketing, but there is a way to unsubscribe.

I mean, you're responding in a thread where they mentioned that's impossible to reach that page because they're banned and ignoring that people long ago found that unsubscribe was being abused to confirm (and then sell) verified emails to other spammers.

Some of us do crazy things to let us use unique emails per service, so we can find out who is selling our info.

There's a difference between messages nobody wants and messages that you don't want.

We've got problems with messages sent to literally millions of people: viagra spam, phishing scams, banking malware, you name it.

There isn't a problem with messages that you don't want to see in your inbox anymore but that are from a legit business where you can unsubscribe. Trying to unsubscribe from real spam just confirms that the email address is active and the message has been read, and now you'll just get more spam and your email address is more valuable. That's very distinct from a legitimate sender.

There's a clear distinction and I'm wondering if we'd have an easier time filtering out the actually bad stuff if people that think like you didn't muddle the data by marking normal email traffic as spam

As they describe, they literally cannot unsubscribe though, so from that perspective marking it as spam is totally legit

I see your overall argument, however this dilemma is ultimately caused by PayPal's ruthless/unpredictable ban policy

Yes, this is a special situation with no real good options because paypal is behaving like its usual dickish self. I still don't think that it harms paypal or helps anyone to mark their email as spam. Best would be to create a rule to drop their incoming messages.

Or use GDPR or some other legal option if you have time to spare and want to cost them some time=money in dealing with your request.

> or helps anyone to mark their email as spam.

If it keeps the undesired email from landing in this person's inbox, it certainly sounds like it's helping to me.

Training a spam filter is not the same as creating a do-not-deliver rule for a given sender. Unless you manage to convince the filter that paypal is the same as a viagra scammer (good luck with that), you'd still get those messages from paypal.

Maybe some providers also denylist the sender-receiver pair when you click spam to combat this problem nowadays; back when I used public email services this was rarely the case. Nowadays I use a different system altogether so I don't know if this might now be common.

Either way, this is not what the spam button is for, but from this subthread I see that enough people on HN already don't understand how these systems work (and education is hard: people don't even read relevant oneliners pushed in their face at a relevant time, such as error messages), so I guess there's no hope for the general public altogether. I didn't know this is an entirely lost cause and is making me rethink about reporting spam on platforms like reddit. I guess they get so many false positives that I'm wasting my time reporting anything as spam ever.

Most of my email is on my own server, but in my experience (with gmail, etc.) marking a sender as spam will keep them out of my inbox going forward. I would personally filter the email, but for those who don't understand that process, marking as spam can be effective as well.
I mean, I agree that there are varying levels of legitimacy, but that's kind of baked into the system at this point and it doesn't help that plenty of spammers don't have legitimate unsubscribe buttons and sell your email to a chain of ever less legitimate players.

> There's a clear distinction and I'm wondering if we'd have an easier time filtering out the actually bad stuff if people that think like you didn't muddle the data by marking normal email traffic as spam

Something tells me that you missed most of the history of dealing with spam, because people used to be naive about this back in the day and spammers exploited the hell out of them by using unsubscribe to confirm that the email was live and similar tricks.

Unwanted is unwanted. It really does vary by person, that much is true, but even your viagra spam is wanted by some people. But the people sending it are very often also doing a lot of shady stuff like running botnets, so the technical measures to stop that look very different from, say, looking up the SPF record for Paypal:

https://mxtoolbox.com/SuperTool.aspx?action=spf%3apaypal.com...

So the short answer is no, people not wanting to get spammed by Paypal isn't likely to get you more viagra ads from botnets. Maybe, just maybe, it could create some small headache for Sendgrid (who is in Paypal's SPF, but is no small player), but I doubt it.

That aside, I think a few of them frequent HN and they can answer that one for themselves if they want to.

I mean, I'd report it as spam rather than as 'malicious' so I disagree with the GP on that part, but...

> sometimes I wonder if spam is such a big issue in part because users report anything they don't want in their inbox, like a newsletter they previously signed up for, as spam or similar

It's been a problem ever since some green card lottery lawyers decided to spam Usenet and then moved on to using botnets and whatnot while people fought back with DKIM and SPF and such, so I doubt it.

> This doesn't hurt paypal but might annoy a small email hoster that might have to clean up your mess.

It's not clear to me why Paypal would be routing emails through a small email host and most people are using the few big webmail providers at this point.

> If you want to hurt them

I don't think people want to hurt Paypal, they just want to turn off the damn marketing campaign when they're literally banned from the service. Personally, I just set up filters to dump all the junk like the constant emails from Amazon so that I don't have to deal with it.

(comment deleted)
If you are in Europe file a GDPR complaint with your right to have your data deleted.

If they fail, you get paid the fine (not the state)

> If they fail, you get paid the fine (not the state)

Source for this?

It's a lie, there is no provision whatsoever for people getting paid in GDPR.
Companies are allowed to keep data necessary for their other statutory obligations, like taxes or KYC. Otherwise it'd be a get out of jail free card for fraudsters and sanction evaders.
Sure, but the op suggestion to delete the account should mean deleting any email marketing permissions, which are not necessary for KYC or taxes.
Yes, but they're only allowed to use the data for the (legitimate) purpose it was retained. If you ask them not to retain/use it for marketing purposes, they can still retain it for statutory purposes but they can then only use it for that (not for sending you advertising emails etc.)
You are right, I misread the gp, my bad.
Do you have any evidence that this process actually works, or are you just parotting what we have been told over the last 5 years?

In my experience, there is actually quite a barrier to this, meaning most situations where you see a GDPR violation are not easy to escalate.

Is it possible your account was compromised and they closed it after someone abused it? I mean I don't know about you, but my password security wasn't exactly up to standards when I opened up my paypal account...
Wait, if they ban you and you have a balance at the time, they just keep your money? That can't possibly be legal.
It is because it's in their T&C's. And they fought tooth and nail for years to avoid being classified as a bank so the normal bank regulations and customer protections don't apply to them.
Watch them magically reverse these policies once FedNow arrives and they actually have some competition.
They are a bank in the EU, couldn’t get around that one.
Banks can do this too if you hit the right set of circumstances/red flags.
It is typical for large corporations to have a bunch of legal fine print. This effectively allows them to do just about anything, as long as they have a "reason".

They nominally don't do just anything (like take your money), because they want people to use their service, and if they cheated everyone all the time, you'd hope that people would catch on and stop using their service.

Having said all that, dealing with illegal transactions, fraud and scammers is tough. The corporations will, honestly, make mistakes, and having enough customer service to deal with it all properly is expensive. Hence automated bans. Often there is no recourse except moving towards a lawsuit, which may be unreasonably expensive for most cases, as compared to the money that has been lost.

While I agree that dealing with fraud is tough, what they are doing is pushing this risk onto their customers.
Yup. They closed my account with money in it, with no explanation why my account has been closed and absolutely zero recourse.
I'd be curious to know what happens if you sue them in small claims court. Jurisdiction may be an issue, but if they stole from you while you were home, then I'd argue your hometown is the proper jurisdiction. Note: IANAL.

I'd guess that they'd just not show up, you'd get a judgement, and then just have to figure out how to get it paid. Or maybe they will show up, hire a local lawyer to represent them and point out the fine print in the ToS that forbids holding them accountable for any reason in any venue. And with any luck, the judge will laugh at them and give you treble damages.

I saw a post on here recently talking about how they got Paypal into court. I'll have to try and find it again.

Problem is, it's not worth whatever court costs I would probably incur. Granted, there isn't a lawyer involved in small claims, but could they judge order me pay their lawyer fees if I lose?

Maybe we could create a sort of small mutual insurance fund to pay legal expenses in such cases.
I am not smart enough to know if that is already a thing or not...
You might want to check if lawyers are even allowed in small claims. If they aren't they would have to sent a company representative, and there would be no 'lawyer fees'.
Well in Michigan (where I am located) they are not allowed. I am pretty pessimistic and just assume there are fees I don't know about
Depends on the laws in your jurisdiction. I think in a lot of cases, small claims courts put very low caps on legal fees that can be claimed. The defendant might only be able to claim a few hundred dollars at most.
The ToS has a forced arbitration clause, so a judge would never get to the merits of the case. Any disputes must be resolved through an arbitrator that Paypal gets to pick. Judges love cases with forced arbitration, because they can just issue a summary dismissal and go to lunch early.
Forced arbitration clauses should be illegal just as indentured servitude should be illegal, and for similar reasons.
They may have an arbitration clause, but even then,you would have a good chance of getting your money back if you took them to arbitration.
Horribly applied logic. While mistakes will happen, PayPal for individuals and businesses are apples and oranges because that’s how the banks work. This is a business account. This comment adds nothing to the convo. Little Snitch is amazing btw
If you can't opt out of their emails, report them as spam. Because that's what it is.
I reported all my Paypal emails as spam the day I created an account to get something on eBay. Tragically, GMail didn't listen.
All? Like, you reported the account confirmation as spam?
They started sending me advertising shit the same day, so I reported them all because I considered them to be spammers at that point.
I presume PayPal has enough pull to be manually whitelisted by gmail.
I don’t think PayPal has any influence over Zelle which is run by a consortium of US banks and competes with PayPal.
If you can't unsubscribe and they're marketing emails take them to small claims in violation of the CAN-SPAM Act [0] if you're in the US. Liabilities are over $50k so you can easily max out the $10k limit in court with no representation. In this way it forces them to come to you and they will almost surely lose or settle before the court date.

[0] https://www.ftc.gov/business-guidance/resources/can-spam-act...

Unless something changed recently CAN-SPAM has no private right of action for individuals.
You’re right - individuals can’t do anything themselves:

https://www.law.cornell.edu/wex/inbox/can-spam_and_consumer_...

(comment deleted)
Interesting. I don't remember the verbiage around the private right to action. It seems as though it would still be trivial to classify yourself as an ISP with respect to email. If you're running your own infrastructure for mail sending and receipt and that infrastructure is in receipt of the violating emails why wouldn't an individual be allowed to sue?

Seems as though CAN-SPAM has lost its teeth to protect the consumer through precedent if that's not a viable path.

> And to this day I still get emails from them as if my account isn't banned

Marketing people please take note of this. It is particularly galling to be continually pestered to buy things from a company that has refused to do business with you. An Intuit company tried to sell me a home mortgage, and I applied, only to be refused because my home was manufactured off-site. OK, I moved on. But they continued to plaster me with offers for that same product almost daily for years, and now my relationship with all Intuit products is as distant as I can manage.

Ten years ago:

  Amazon: Sell your textbooks!
  Me: Ok
Now:

  Amazon: Sell your stuff!
  Amazon: You are banned from selling due to inactivity.
  Amazon: Sell your stuff!
(comment deleted)
Yet another person finding out that Paypal is sh*t. What a world where you have to worry about four random letters in your messages that may just happen to coincidentally have terrorist connotations "Alep" ffs. When I ran a company >10 years ago we swept our Paypal account daily to mitigate this risk.
> we swept our Paypal account daily to mitigate this risk

...so, is there a list of forbidden character combinations one should scan for somewhere? That sounds like a super useful thing to have.

"Swept" in this case means withdrawing all the cash from the Paypal account
This is not an option for the majority of businesses now as PayPal requires mandatory funds hold which may routinely be on the order of 90 days. So even if you sweep it daily, you still have 1-3 months of your MRR sitting in flight and at risk indefinitely.
This is such a terrible business risk, why are their customers not fleeing them like clients fled SVB?
This isn't a Paypal-specific practice, but rather a common practice for credit card acceptance for certain types of business; if these customers go to some other bank for card acceptance a merchant account, they'll get similar conditions.
True to some extent — usually banks are not as eager to ban you without any prior notice as PayPal nowadays.
For some markets/niches PayPal is a must due to customer trust, and they are not shy in exploiting their position to the fullest.
Paypal also has massive costumer trust outside of HN. Many people would not dare enter their credit card info on a website but will happily click the buy with paypal button. It also has incredibly low friction, which makes you more money.

In europe, the UX flow for someone ordering with a credit card goes: Enter cc info -> wait for 3d-secure notification -> click it -> enter passcode and possibly fingerprint as well -> click approve -> wait for the site to send you back from 3d-secure page -> order confirmed

With paypal, this flow, that happens everytime someone buys from your site, even repeat costumers, is reduced to: Click buy with paypal -> possibly login to paypal again -> click "yes i want to pay this" -> order confirmed.

Some sites even make use of paypal's delivery address API and don't even require you to enter it.

It's really a no-contest that costumers using paypal will drop out of the flow at a significantly lower rate than costumers using a card. In some markets, your busines is dead in the water if you decide to not accept paypal.

As a user who uses paypal a lot, this is exactly why - I don't trust random websites with my credit card number, but I already have decided to trust paypal and given an option to use paypal vs a site's own CC processing, I'll use paypal.

I'd love to be wrong though, since after reading all this I kind of feel bad for the merchants, but otherwise I'll continue to prefer using paypal.

Me too. The issue is that while PayPal is pretty bad, I don't know of any other processors that are any better (from the customer perspective). And PayPal is universal, nobody else is. I don't want to have to manage multiple payment processors.
I think amazon payments is similar, from the customer perspective.
Lots of so called challenger banks offer virtual cards which can be used with merchants you do not trust, thus mitigating the risk of them having your ACTUAL card number which they can abuse/leak.
Yes, but if you already have PayPal, it's much easier to just use it as opposed to: 1. get an account with a new back 2. transfer funds 3. have new temporary card issued 4. use that card to pay
If I don't get the 3d secure authentication from my bank when buying something with a credit card then I don't trust this site. The places I buy from don't even offer paypal as an option, I guess they must be too expensive for the local web shops.
PayPal is an enormous percent of total sales at my company. We accept all sorts of other payments types. So we drop PayPal and then what exactly? Suffer the loss of customers?
If using Paypal imposes additional operational risk, it's entirely reasonable to charge users extra for using Paypal. Offer them lower prices for using a payment method that isn't 100% shite.
This is indeed what I would do if I'd absolutely have to use PayPal. Customers can use it if they really want to, but they're the ones paying for the risk.
As a seller, you are going against paypal TOS if you charge a fee to use it, the same way a credit card carries the risk of chargebacks but you aren't alowed to charge a credit card fee. I agree that this would be an effective risk-management tactic (less the fact that the fee you charge to mitigate the risk still gets processed by the risk factor) but it would also worsen your chances of getting banned.
Gas stations get around this by advertising the credit card price as the full price, and then offering you a discounted price for paying with cash.
Right, iirc the newer agreement is that they can't tack on a fee greater than the credit card fee.
I pay a few companies by PayPal. I even switch to competitors if they are very similar (reputational-wise too) and one accepts PayPal while the other requires my credit card; but that doesn't happen very often.

The issue is that the credit card system is broken. PayPal is a bit less broken from the customer POV. (At least in my country, where if they just removed money from my bank account, I'd go to the police and somebody would likely be arrested - or rather, I'd report to my bank, confident they would go to the police.)

I have no good solution to this either. Fixing the credit card system requires replacing credit cards, and the US will be an enemy of anybody that tries that.

  > The issue is that the credit card system is broken
in what way, is it the fees?
For me, it's the extra security and convenience. If the website doesn't use Shopify/PayPal, I'm trusting them with my credit card information and who knows how good their database security is.
A website will hardly roll their own payment processing tho. often,they dont store your cards, a third-party trustworthy processor like Stripe does.
> trustworthy processor

Trustworthy to whom? The customer doesn't even know who your card processor is.

It's the total lack of security. With the automatic consequence that all kinds security theater get imposed, stripping people of all kinds of rights, and solving none of the problems.

As a customer, I don't see the fees. But yes, by an eagle-eyes view the amount of inefficiency on the system is a problem too, as is the oligopolization. But those don't get in my mind when I make that kind of choice.

> It's the total lack of security. With the automatic consequence that all kinds security theater get imposed, stripping people of all kinds of rights, and solving none of the problems.

Not that I’m claiming that credit cards are a bastion of security, but could you be more specific?

What rights are you giving up? What inefficiencies do you see?

Have you tried promoting other methods such as standard credit card payments above PayPal? Have you AB tested removing PayPal? It could be a convenience but not a blocker.
PayPal offers the only viable micropayments service on the planet. Ardour.org saves 23c on every US$1 transaction we make (and there are a lot of them). There are no alternatives to this at the present time (and if there are, tell me about them).
I do all my business via PayPal, and have done so for 20 years. No mandatory funds hold. My account is cleared monthly, but I could have chosen daily (that screws with my own personally accounting). $200k/year transaction volume.

Too many people generalize specific stories or their own PP experience to all of PP.

I'm pretty sure that seizing customer funds is part of their profit model. They've been doing it for a very long time, and well beyond anything that could reasonably be explained via regulatory or card scheme requirements.
ALEP would be

* Association of Leasehold Enfranchisement Practitioners

* association of employment and learning providers

* Aboriginal Landcare Education Program

* Acute localised exanthematous pustulosis

Seems to be the Romanian name for Aleppo too.

And of course it's 4 random letters, which if random in say 32 character code would have 28 attempts to get. If those characters are letters without IOQZ it would show up once every 8000-9000 codes generated, 12k for a 24 character code.

Does anyone know what (presumably conspiracy theory) this refers to?

the P must be for paypal, I am sure.
Avoid listing every possible association, lest entity Paypal adapts logic evaluating perpetrators.
Nice! GPT or selfmade? :-)
Self made, but you can't be sure I'm not a large language model.
It's also a kind of artisanal soap, not surprisingly from Aleppo and therefore named after that. It's all over the internet, are they going to ban all those hipster, new-agey cottage industry websites? Stupid computer... stupid
> Seems to be the Romanian name for Aleppo too.

Also Catalan, Croatian, french, …

> Does anyone know what (presumably conspiracy theory) this refers to?

Like other commenters I’d assume it’s related to the syrian sanctions.

(comment deleted)
(comment deleted)
> PayPal has restricted our business account because we have invoiced a license key containing the random letter sequence “ALEP”.

This makes me wonder: what's the best way to generate "safe" license keys? Binary feels like an obvious solution (binary keys surely get through virtually all blacklists?) but at the same time: binary license keys would be very long and very atypical, so maybe fraud detection systems mark them as suspicious anyway.

Maybe just generate random alphanum license keys and run them through some open source blacklists yourself? I doubt "ALEP" is in those lists though.

What a time to be alive where you have to worry about how you generate your license keys as to not be labeled a terrorist.
It also begs the question: would actual terrorists put the name of their organisation in any of their financial transactions?

I know you should never underestimate human stupidity but even taking that into account this still feels like security theatre on the part of PayPal.

I think they might. Maybe not all and always, but a thing about terrorists which can be quite mind boggling at times is that not everyone seems to agree who they are. Just look at how many countries are still doing business with Russia and other countries with less-than-stellar reputations. There may be plenty of parties who would actually not mind doing business with disreputable entities, for various reasons. I would assume they'd try to be a bit clever, but I wouldn't be surprised to see lax controls.
"terrorist" is an opinion or a judgment, not an objective fact. A better term in a KYC context "sanctioned entity" or somesuch.

If someone X is comfortable doing business with/as entity Y but a bank Z is not, it's totally sensible that X would say Y to the bank Z and bank Z would block them.

> "terrorist" is an opinion or a judgment

More importantly, "terrorists" is often used by some governments in reference to protesters or any group that they see as unfriendly to them.

It is highly unlikely, but not impossible. Anecdotally, I did see a case of a business that put a real location of the business they are working with, which happened to be in a sanctioned country. Needless to say, it generated all sorts of questions and eventual OFAC contact.

Bottom line is: it happens, but I agree with you that people that know what they are doing are not putting "Pay for assasination by Osama Bin Laden on 03/28/23" in reference field.

> I know you should never underestimate human stupidity

Those of us “of a certain age,” will remember the old adage ”To err is human, but it takes a computer to really f*** things up.”

That's hilarious. "Payment of vest and explosives for ISIS attack"
Not really responding to your question, but one of my friend jokingly returned money to another friend with a bank transfer titled "for jihad". Needless to say, both banks were not amused. They both were "verified" on the phone and confirmed they are not, in fact, actually terrorists. I wonder how many people-years banks waste on pranks like this.
How could you verify someone was not a terrorist on the phone?
Many such organizations are legitimate legal entities in some country and handle purchases; and of course there are sanctioned people as well, and a payment from or to them does include their name.
Why is the license key in the payment description? The description should just be "update license key", and not contain the actual key.
If you buy multiple keys it makes life easier - you know which payment is for which key and for which invoice. This way you have an unique identifier to match them.

Without unique identifiers you have big problems.

The payment description should at least mention the invoice number or order number.

Undescriptive descriptions are terrible when you need to check / match something. Even a human will have problems not to mention autimatic systems. And automationg is something one could expect from decent systems. No manual checks. No ambiguity.

Alternating digits and letters seems easy and robust. That is until you get unlucky entropy and send some 1337ed out curse words :p
You cant. Insane people will always find hidden codes and dog-whistles in your messages.
> what's the best way to generate "safe" license keys?

In the library (like the kind with books) field where I work, one identifier standard was devised that intentionally has alternating letters and digits, with never more than two letters in a row. Explicitly for the intention of avoiding the possibility of any meaningful words (that might end up being offensive or just off-putting in an undesirable way.)

It does make the identifiers longer for the same entropy/byte width, compared to a more normal BASE-X with an alphabet. Which mattered to me when they were going to be used in a URL, although probably doesn't for a license key. I personally in my projects stopped using this system for a more straightforward "Ascii-85" like encoding (which can contain coincidental meaningful words), because it was more convenient.

The particular system the library community was using [https://n2t.net/e/noid.html] was, I still think, over-complicated for at least my needs, but the alternating letter/number schema seems attractive to me now and perhaps worth slightly more characters in identifiers and slightly more complex algorithm for creation than a simple base-x encoding.

It sounds good, but of course for "security" it might not be enough. 626f6d62 is alternating letters and digits, with never more than two letters in a row. And it spells "bomb" when converted from hex to ascii.

Some security scanners do check for this kind of thing.

Why would you convert an identifier to ascii as if it were hex? And it seems unlikely that (eg) paypal would do so?

But, sure, it's just one idea. You can add more layers to make it even less likely something will seem problematic to someone somewhere; a 100% guarantee seems impossible, especially if you are going to allow things like above "What if we brainstorm for a way this could be a puzzle where the answer is a problematic word to someone". No "scanner" will even possibly catch every possible thing in that domain, no matter how unlikely.

Store it as a brainfuck program that generates the required string.
For the user to type in as a license key?

That's a special kind of evil...

edit: Tbh. The more I think about it, maybe it is not such a far fetched idea after all with the assumption that they keys are temporary.

**

Eh. Coming from that environment, it would not be that easy for a reason that has nothing to do with technology. The lists that financial companies use are largely known ( some published by US Treasury for everyone to use ) and you can reasonably estimate a threshold most institutions will find acceptable.

However, the issue is political and not technical. OFAC itself has grown its SDN list[1] to 6300 names and that is just one list and the tool has been already severely overutilized ( in my opinion anyway, so take that with a grain of salt ), but if the trend and current geopolitical situation is any guide, this number will only increase.

What I am saying is that you have a big and very variable base to build a key from ( edit: come to think of it - not from:P ) and there is no guarantee and old key won't suddenly become 'hot'.

Here, the answer is to the problem is actually political. Affected businesses have to start really complaining, if they are affected by the requirements. I have no evidence suggesting that is the case ( based on what I saw maybe 20% of transactions face that kind of scrutiny and even smaller percentage is questioned the way the OP is ). Naturally, it does not help that this process is not standardized so every single financial institution does their own thing..

[1]https://home.treasury.gov/policy-issues/financial-sanctions/...

(comment deleted)
Windows keys use digits, consonants and Y, but then they have sequences like BKDR, F7CK, GYMP and 666.
This is horrifyingly bad. I have yet to this day read anything good about paypal. They provide a “free” service with the option to rob the user of their money at any random moment. What other options are there out there that provide similar services? Are all modern banking services this bad at their core or is paypal by far the worst? There has to be options that are at least partially run by sane humans.
PayPal and it's ilk are worse. At least with regular banks there is regulation against this sort of stuff. That is they can't just confiscate the money for long periods unless there is some external decision.

PayPal and the others like it are not banks, as such they play by different rules worse for consumers. What is kinda horrifying is that nothing has been done about this despite PayPal doing exactly these things for entire history seemingly it has existed.

PayPal is only not-a-bank in the US. They are an actual bank in EU.
The horrifying part is the bank's incompetency. In India you can transfer bank account to bank account immediately even without UPI.
PayPal isn't free. It charges about 3% of txn
I hope all people here who love AML/KYC and hate crypto and believe it is only for criminals and current legal system is absolutely fair will wholeheartedly approve this lawful decision.
(comment deleted)
In this particular case Paypal is acting stupid, but crypto still has only one valid use case and that is for criminal activities. Current legal system may not be absolutely fair, but it does not need to be replaced by a vastly inferior, slow, planet destroying ponzi.
In your opinion, why is sidestepping PayPal not a second valid use case?
There are far better options, though admittedly not as widely supported as they should be. In Netherland, there are a lot of ways to simply use direct bank transfers. You can buy at a webshop using iDeal, which handles the payment through your own bank. You can send someone a payment request that will simply transfer it straight from their bank to yours. All of these are far superior options to relying on either an unreliable third party, or a slow, expensive payment system using its own wildly fluctuating currency that consumes the energy of a small country.
It must be nice to live in the Netherlands.

> slow, expensive payment system using its own wildly fluctuating currency that consumes the energy of a small country

You don't have to use Bitcoin, you can e.g. use a stablecoin on an Ethereum roll-up.

It's not slow; transactions finalize within 1 minute (and soon, less). It's not expensive; it costs less than 10 cents (and soon, less). It doesn't fluctuate wildly, because it value is stabilized using one of several mechanisms. It doesn't consume the energy of a small country, because it does not use proof of work.

Because crypto is not money. It was envisioned as a peer to peer money but it quickly attracted scamsters and it became a speculative instrument. Besides, most of the world has alternatives to PayPal that work just fine and most of the time free.
Stablecoins are money. PayPal also quickly attracted scamsters. Some of the world doesn’t have alternatives to PayPal, and sometimes they are not free.
Stablecoins are casino chips. Casinos at least have equivalent cash on hand to encash them. Stablecoin issuers are printing them out of thin air.
> Casinos at least have equivalent cash on hand to encash them. Stablecoin issuers are printing them out of thin air.

I'm sorry but you have no idea what you're talking about. I bet you couldn't even name three stablecoins and describe how they maintain price stability.

Hint: There are three main backing types (tradfi-backed, overcollateralized, algorithmic), and two peg types (fixed, floating).

It looks like Paypal is acting in full accordance with laws and regulations. Since when complying with regulations is considered "stupid"?

> planet destroying ponzi

I don't see how Bitcoin is a ponzi scheme.

Bitcoin does not have any intrinsic value or utility. The only reason one would buy it so that it can be sold to someone else for a higher price and that person would buy it hoping to sell it at an ever higher price. It's a game of finding a bigger fool, classic ponzi. But the world has finite supply of fools so the chain eventually breaks and the last ones to enter end up holding the bag while the early adopters make the bank. Bitcoin has entered that stage where not much new money is coming in. It had its peak in the 2020 and 2021. General public is now donw with it. All the pumps are now just wash trades by whales to suck as much remaining value our of existing faithfuls as possible because it goes bust.
Can we say the same thing about gold? It has no value and almost no use (it can be replaced by any similar looking metal for use in jewelry), but is very expensive and people are more than willing to buy it. Banks set high commissions for operations with it and governments impose high taxes.
(comment deleted)
trustless and distributed is superior even if not widely adopted yet, think SMTP vs the postal service
I get the point, but SMTP is far from trustless and only debatably distributed. Sad things have happened with it.
> In this particular case Paypal is acting stupid, but crypto still has only one valid use case and that is for criminal activities.

Just no. PayPal has always acted like this and shut down people's accounts for vague reasons. Stop cheerleading for them.

Criminal activity on a public and traceable blockchain makes crypto worse for criminals to use. That is why scammers and criminals are using Zelle and the banks for their criminal enterprise. [0]

[0] https://www.nytimes.com/2022/03/06/business/payments-fraud-z...

Why does an Ethereum L2 have to be slow or planet destroying?

IMHO most Eth L2s already show more promise than PayPal as a future payment rail tech, despite them all basically being in beta state. Much lower fees, faster transactions, permissionless withdrawals, fully programmable, negligible energy usage now thanks to PoS.

Do you recommend any "Ethereum L2"s? I'm only vaguely familiar with the concept, and didn't hear about a single Ethereum L2 in the wild. Quick google led me to Arbitrum, Optimism, and Boba. Do you honestly think they may compete with PayPal in terms of usabilty, fees and transaction speed in the near future? Are there any caveats (other than their immaturity)?
If “near future” is 3-5 years then yes. Four interesting protocols in early development: Optimism, Arbitrum, zkSync, Scroll. These already all compete with PayPal in fees & transaction time, but not in UX, features, and widespread use. In theory they could provide similar frontend web UX, but with the option to hold tokens non-custodially so you could withdraw & exit the protocol without having to ask permission.

(IMHO it’s likely that other tech/protocols will emerge in 3-5 yrs that supersedes the protocols in development today.)

Lots of typical crypto caveats - eg: USDC on an L2 is centralized around Circle’s ability to redeem. Protocols can have bugs that make coins go poof. Non custodial ownership is harder for many users than asking PayPal or a bank not to lose their funds. L2s specifically are typically run by a single sequencer who could potentially disrupt your ability to use the network smoothly (but then you could use an escape hatch to permissionlessly get your funds out if that happens).

Fees and Transaction speed definitely - with new upgrades coming out in the next year (EIP4844) L2s can handle thousands of transactions per second.

The UI is really up to the apps, the good thing is there are many teams working on payments so there will be plenty to choose from to find the UI you like, and people will be able to pay via the same wallet. Stripe already has USDC payments on crypto rails and Visa is working with Starknet to integrate with these L2s too.

All the L2s with their usage, security, speed and tradeoffs are at http://l2beat.com

(comment deleted)
L2 shows promise, but I don't believe it works till I see it used at scale. Sorry but there's just too much hype, and I often say the same thing about other tech like Tesla FSD, the Metaverse, or all of Google's side bets.
“At scale” is relative. Platforms like Patreon and Ko-Fi haven’t achieved the same reach and scale as PayPal, but they still work for lots of users.
To me it's binary. If I've ever used it for real and not just as a curiosity, it's at scale.
PoS violets one of the fundamental tenets of crypto/blockchain - decentralization. Bitcoin uses PoW because it at least had a possibility of avoiding monopolizing by ensuring that no single entity will ever come to own majority of processing power of the network. That PoW is slow and expensive is a feature, not a bug. It's a different matter that Bitcoin eventually became centralized in the hands of a few whales who work as a cartel, but PoS makes it all the more easy and ensures that those who have more tokes, will accumulate even more tokens.

All being said and done, all the L2 are just centralization projects. These chains and tokens will always be controlled by a small number of early movers. Eventually, it doesn't even fulfill the very purpose of all these tokens - being peer to peer money.

>crypto still has only one valid use case and that is for criminal activities

And we will be thankful for that when we are all classed as criminals.

If Little Snitch accepted crypto, and people paid with it, then they would not be facing this problem. How is Little Snitch accepting payment for its services not a valid use case?
> but crypto still has only one valid use case and that is for criminal activities.

Many years ago, I used bitcoin to pay for web and e-mail hosting. Heck, there were several pubs in town offering the option to pay with crypto. I was paid for remote freelance web development work using bitcoin several times, none of it criminal (one example: a car dealership sales portal customization). All of that was above board, reported to government, taxes paid, etc.

Providers moved away from it because of sentiments like this becoming prevailing (lots of people used it for illicit activities of course) which is a shame.

Public sentiment has nothing to do with what the tech can actually be used for.

That said, the environment impact caused is the larger concern to have IMO.

> Providers moved away from it because

I would say people moved away from accepting bitcoin for beer because it's wildly fluctuating value made it unsuitable for use as a day to day currency, and because they realized it was a gimmick whose inconvenience (for the vendor) was not worth the limited interest in using it as such.

Yeah, fair, becoming a vehicle for speculation was maybe a bigger factor.
> it's wildly fluctuating value made it unsuitable for use as a day to day currency,

Coinbase has the option of immediately converting crypto payments into fiat, eliminating that problem.

> and because they realized it was a gimmick whose inconvenience (for the vendor) was not worth the limited interest in using it as such.

This is the bigger issue.

Even if it's an online vendor where having to wait an hour for the transaction to get 6 confirmations isn't a problem, they still have to either integrate with another payment processor like Coinbase to accept the payment, or spend money building their own. In any case, it's cost and infrastructure to setup and they're probably unlikely to see RoI.

> Coinbase has the option of immediately converting crypto payments into fiat, eliminating that problem.

Sure. You want to update your bitcoin prices what, hourly, to make sure you are charging what you meant to? I'm not sure that coinbase service exactly eliminates the problem. But I'm sure that is a useful service for some!

But yeah, we're on the same page. Overall... it is not a convenient thing for an ordinary business to take as payment for ordinary daily things.

> Sure. You want to update your bitcoin prices what, hourly, to make sure you are charging what you meant to?

That's one way to do it.

The other is to charge in USD just like you normally would. When the customer opts to pay in Bitcoin, they get sent to Coinbase which will convert the price into Bitcoin immediately and tell the customer what the balance is in Bitcoin. The exchange rate won't favor the customer, as it will include some amount extra to cover the possibility of the value dropping before the transaction is confirmed.

Providers moved away from it because it became unstable due to rampant speculation, wash-trading, and market manipulation, combined with the fact that hardly any customers used it.
How many years ago? Because I also remember how some years ago a major Bitcoin conference stopped accepting payment in Bitcoin.
> crypto still has only one valid use case and that is for criminal activities.

Sometimes, criminal activities are justified when all you do is to protect yourself. For example, when you live in a lawless area, and you need protection against bigger criminals. Peaceful countries with overall working systems are just one side of the world.

> In this particular case Paypal is acting stupid

So calling it 'acting stupid' totally negates the stranglehold that Paypal and Stripe have on a majority of online commerce and payments and totally liberates people from their unregulated tyranny then...

...

Things dont change their nature by 'rephrasing them differently'. Unregulated private tyrannies that dominate people's lives are still unregulated private tyrannies.

There is a time and place for each argument and there is a time and place for conceding the argument. This is one of them:

No one can ban anyone from crypto. If your business wallet gets stolen, you suffer some losses, but you can create a new wallet, add it as your payment option in your business or personal account at your site or wherever, and just continue your life.

With these unregulated private tyrannies, you cant.

> planet destroying ponzi.

2010s called. They want their proof of work back. What decade are you living in. Dont keep repeating invalidated arguments. That looks like religious zealotry.

This isn't a particular case, it's how all payment processors work under the same regulations. Planet-destroying is a valid concern, and that's why there's proof-of-stake.
Unfortunately, Visa, PayPal, banks, and more are not required to accept all payments for all legal activities. Instead, they are permitted to block users engaged in legal-but-risky behavior. Typically when they do so, there is no serious right of appeal (to an external body). Thus, there are plenty of valid use cases for crypto payments for services that are legal but too risky for banks.

For a list of examples, see the categories used in Operation Choke Point:

https://en.wikipedia.org/wiki/Operation_Choke_Point

Yes...one false positive on transaction screening certainly justifies replacing the current banking model with a payment system almost exclusively used by scammers and criminals.
You can go back to forum posts from >10 years ago and paypal locking accounts with funds in it was a common problem even back then. Even if you had 50k$ in your account, they would reply to you with a one liner saying they can't discuss the ban. The only to get your cash back was to sue them. A lot of people were speculating that they were intentionally locking accounts with the intention of stealing the funds.
If bitcoin wants to go anywhere, it must acquire weapons, including nuclear ones.
The more I dealt with PayPal, Stripe, and other payment processors at my job, plus my personal bank and Venmo, the more I appreciated Bitcoin and Ethereum. Takes a while to realize the full scope of control the governments have via money alone, both as a currency and a payment method. And the abuse of power. That PayPal rule against "misinformation" is the reddest flag.

Maybe cryptocurrency isn't the best answer in the end, but there needs to be some alternative even if only to pose a threat to the status quo.

This opens very fun avenues for naming yourself if you ever start organisation branded as terrorist one. So many fun 3 letter names and acronyms you should make. Maybe VAT or TEL. Or just pick something existing USA.
There's a national bank in France with the same 3 letter initials as a (now defunct) very right wing policital party in the UK. BNP
Many women named Isis
Oddly I've wondered about this too. The entire world somehow respected ISIS's declared name "Islamic State," or IS for short, which is a common word.
This is a good argument for BitCoin - no one can ban you from the blockchain.

It's extra work and expences, but it's worth supporting at least two payment processors.

Keep in mind that some people can't pay with PayPal - e.g. register a credit/debit card with PayPal, PayPal account gets locked - you can't pay with that card any more through PP.

Or at least it would be, assuming you didn't care too much about its fluctuations and had the ability to use it directly to pay for most goods and services in your daily life.
But any big player can certainly just confiscate your coins once they hit their own address. Or any coins that seem tainted enough... And you do not really have much recourse...
If held non-custodially, “big players” cannot confiscate your coins.
If you have coins in your own wallet, no one can move them without the secret keys. US sanctions work by tainting and tracing wallets, they've been proven useless against monero.
A fun fact: Patreon had hold a survey for creators, asking which features they need.

https://blog.patreon.com/the-first-ever-patreon-creator-cens...

Crypto is the only one creators voted *against*.

Yes, Patreon creators, where a lot NSFW content comes from, voted against cryptos.

I wonder how they'll think when Visa/Mastercard threat Patreon to ban them (which is just sooner or later).

Why would they vote against a feature? Why not just say it's not a priority or "would be nice"
Crypto fearmongering is as true as crypto frenzy.
It's not fearmongering to point out that association with crypto can be detrimental in itself, especially back then when every brand was trying to get onto the crypto and NFT hype train.

Features are never purely additive, they can also be transformative or even detrimental. Adding crypto support to Patreon would have changed what Patreon is by attracting different people. Regardless of whether any of the people already using Patreon might have benefited from crypto, it would also have attracted people who would specifically be interested in Patreon because of the crypto support.

Like it or not "people whose adoption of Patreon hinges on it adding support for crypto" is a very specific demographic and mostly people they probably didn't want to be associated with. You can call it guilt by assocation or digital NIMBYism but it would have changed a lot more than just having another option for payouts and donations.

Let's say I'm a creator.

I pay for my food in dollars. For my rent in dollars. For my clothes in dollars. For my equipment and supplies in dollars.

What would I do with crypto?

Okay, let's say I get paid in crypto. I still need to convert that to dollars. Price fluctuation of bitcoin is such that if I was paid 1 dollar worth of bitcoin last year, it would be less than 50 cents by the end of the year.

If you need stability in your FIAT of choice just liquidate it as soon as you receive it. It won't lose or gain 50% of its value in a matter of minutes. In the case of Patreon they could even do that for you since they are the middle man.

Also, note that you'd probably receive more donations if accepting crypto currencies, so even if the values of these were to fluctuate (which they won't, cause you can sell) you'd still be making more money overall.

> just liquidate it as soon as you receive it.

"just"

> It won't lose or gain 50% of its value in a matter of minutes.

If someone sets up a recurring payment of X bitcoin it means that on any given pay day your actual money is X*(absolutely random number). Minus the fees for converting to fiat.

> Also, note that you'd probably receive more donations if accepting crypto currencies

"Probably"

The fees for converting to fiat are generally _smaller_ than the fees MasterCard or Visa for instance will grab from credit card transactions [0][1]. If you are refering to the fees from the blockchain, note that L2 options exist, and not all cryptocurrencies have the absurd fees L1 ETHR would have, for instance Litecoin fees can be as small as 1 cent.

Relating to the varying amount monthly:

1 - It's a donation, not your source of income. If you really on that money that's your issue not of anyone else's.

2 - The platform such as Patreon could simply quote the value in dollars instead of BTC or whatever cryptocurrency. Recurring payments with crypto will have to be done manually anyways so this is a non-issue.

[0]: https://www.forbes.com/advisor/business/credit-card-processi...

[1]: https://help.coinbase.com/en/commerce/getting-started/fees

> It's a donation, not your source of income. If you really on that money that's your issue not of anyone else's.

We're literally in a topic about creators and Patreon where Patreon is a substantial source of income to quite a few creators.

And the dismissive tone about donations in general... well, I won't comment on that

> The platform such as Patreon could simply quote the value in dollars instead of BTC or whatever cryptocurrency.

Or they could just not bother.

> Recurring payments with crypto will have to be done manually anyways

Ah yes. The great digital system of the future where even such a simple thing as recurring payments must be done manually

   > And the dismissive tone about donations in general... well, I won't comment on that
Why not?

   > Or they could just not bother.
That's true. The creators have the option of creating their own cryptocurrency wallets and accepting the donations without any middleman. They could also choose a more libre alternative to Patreon such as OpenCollective [0][1] or Liberapay [2].

   > Ah yes. The great digital system of the future where even such a simple thing as recurring payments must be done manually 
I see that as a plus personally. Recurring payments are so hard to cancel at times with credit cards I'm at the point I create a new virtual credit card for every subscription I create. Theoretically you could also setup your wallet to automatically transact, it's just that's not a functionality of your cryptocurrency, just as recurring payments aren't a functionality of the dollar but rather of your bank/credit card provider.

[0]: https://opencollective.com/

[1]: https://docs.opencollective.foundation/how-it-works/financia...

[2]: https://en.liberapay.com/

> Why not?

Because a lot of people live or earn a lot of their living through donations, and quite a lot of opensource you're using would actually be helped with more donations.

> The creators have the option of creating their own cryptocurrency wallets and accepting the donations without any middleman

Except, you know, all the actual things that those "middlemen" do like provide verification that it is the actual artist and not a rip-off, provide hosting for their content etc.

> Recurring payments are so hard to cancel at times with credit cards I'm at the point I create a new virtual credit card for every subscription I create.

Yes, dark patterns around subscriptions are a problem. However, subscriptions and notifications about whether a person has canceled their subscirption or became a subscriber is valuable information to, you know, actually be able to plan ahead, and not wonder whether that person who did something manually yesterday will be there tomorrow.

Edit

> They could also choose a more libre alternative to Patreon such as OpenCollective [0][1] or Liberapay [2].

The could skip all the middlemen, or could chose these middlemen that I personally like and call them "libre" just because they accept cryptocurrency. And LiberaPay is literally a middleman with exactly zero additional value

You can get paid in USDC and can transfer that to and from your bank account as quick as banks will allow, or pay people directly with it.
> You can get paid in USDC and

So, as always every discussion about "but crypto" almost immediately devolves to "not crypto, but a very specific coin that seems to be more-or-less okay at this particular point in time"

> or pay people directly with it

Which people? The dozen or so places in the entire world that accept crypto?

Its US dollars and you can transfer it to anyone that is capable of downloading a wallet app. If you want to spend at stores you can use any number of debit cards or just wait till visa integrates it which is coming soon [1]

I don't understand why you want to be so hostile towards it, it's literally the solution to this problem.

1: https://usa.visa.com/solutions/crypto/auto-payments-for-self...

So let's just skip all the unnecessary useless steps and intermediaries in between, and let those cryptoi holders that are so willing to pay those artist just use those debit cards and visa integrations to pay the creators in actual dollars.
(comment deleted)
What's the point of a hard drive? You're only uploading and downloading from the internet, why not just keep all your data in the cloud?

This is essentially your argument just using money rather than data right?

Can you think of any reason someone might like to hold their own data? Perhaps they don't like being at the mercy of a company that can ban you from accessing it at any time like the OP? Perhaps they like the freedom of choosing where they send and receive data from instead of only using the provider approved services?

Crazy that so many people still don't get this and give all their power and control of their money away to providers because it's slighty more convenient.

> This is essentially your argument just using money rather than data right?

Of course it isn't. See False Analogy: https://en.wikipedia.org/wiki/Argument_from_analogy?wprov=sf...

> Perhaps Perhaps Perhaps

It's a great song https://youtu.be/GUVT1NZtZPo

But not as strong an argument as you think it is because you're still ignoring the reality of paying for food, water, rent, and the need to host your content.

Oh look, when we don't ignore reality, you yourself are immediately suggesting those creators use intermediaries.

Name a cryptocurrency that provides fraud protection, recovery of stolen funds/accounts, and whose value is close to the dollar in stability.
This particular one: because it would 100% get used for money laundering, which would get the platform cut off from traditional banking and could make it extremely difficult to get a paycheck.
It wouldn't be nice though. It would bring grifters and scammers to the platform.
Perhaps the concern that they'll be compelled (by user demand) to use the facility if present whether they want to or not? Not that the question is “creators having the ability to accept payments in cryptocurrency on Patreon” and not “Patreon accepting payments in cryptocurrency” – it would be something the creators would need to implement and manage. They might not want to be exposed to the volatility of cryptocurrency values.
Many reasons, but no one mentioned one that I think is probably the case for many of them: many cryptos, including the most popular, Bitcoin, are a complete disaster for the environment. At a time when everyone wants to do their part in combating climate change, I would oppose the use crypto for this reason alone, even to my own detriment.
That is both funny and interesting. But I suspect it also says more about starving artists' political opinions/financial savvy than what the future looks like. Making it easy for people to send you money seems like it'll be the winning equilibrium long term.

If Patreon doesn't do it, someone will. Probably a porn site somewhere underdeveloped accepting Monero or something. Cutting power away from financial intermediaries just has to be better for other market participants long term and that makes the shape of the future easier to guess at.

> Crypto is the only one creators voted against.

> Yes, Patreon creators, where a lot NSFW content comes from, voted against cryptos.

This is a gross misrepresentation.

Quoted from your link:

> In the Census, 68% of visual artists and 50% of writers were opposed to creators having the ability to accept payments in cryptocurrency on Patreon, while 39% of image, 34% of audio/music, and 31% of video creators indicated it would be a “crucial” or “nice to have” capability. Across creator types, about a third say they “don’t care.”

...how?

If you're opposing the "where a lot of NSFW content comes from" part, I apologize for the wording, but it's true. I just said a lot of NSFW content comes from Patreon. I didn't say they're the majority.

If you're opposing the "voted against cryptos" part, then:

https://live-patreon-blog.pantheonsite.io/wp-content/uploads...

I'm opposing the "voted against crypto" part.

I would assume that NSFW creators largely fall under the "Images" category where only 26% voted against the idea.

It's a good example of how cryptos have managed to get an absolutely terrible reputation amongst potential users, even the users worst served by the current financial system. It's not entirely undeserved: the sheer quantity of grift and hubris in the crypto ecosystem is absolutely harming it, and I don't blame someone for not wanting anything to do with it, even if it would solve problems for them. The same happened even more with NFTs: they were supposedly aimed directly at artists and yet because the first most artists heard of them was other people ripping off their art to sell at inflated prices because of the hype cycle (and the most valuable NFTs being shitty paper doll generic art) it 100% backfired and now most of the artist community absolutely hates NFTs and anything to do with them (this poll happened at the peak of that, as well). If you manage to make most of your potential users despise you and your product then something is seriously wrong.
> even if it would solve problems for them.

It wouldn't. At the end of the day you need to pay for stuff in your life: food, rent, clothes. None of those things are paid in crypto. All of them are paid in actual real money.

When the price of crypto can go up and down hundreds of percents per day this makes it a very bad substitute for money.

The price of BitCoin doesn't "go up and down hundreds of percents per day".
Even a 20% fluctuation would make it unviable for a person who needs to make long-term planning like, you know, paying rent and buying food.

Last week alone bitcoin price fluctuation was ~8%. Last month? 146%

146%?

Any source on that? It would need to go from 20K to 50K.

My bad. It looks like I misclicked on some graph here: https://www.coindesk.com/price/bitcoin/

But we could take past year as a whole. Fluctuations from 47k to 16.4k (3 times drop) then 27k (1.6 rise, still 1.7 below the high). There are drops that go to a price 1.5 lower in just a week. Imagine you need to pay rent on that week.

Turns out you can easily convert many cryptocurrencies into "real money" to pay for things like food and rent.
Several countries classify cryptocurrency as property subject to capital gains tax, making it more complicated than cash for ordinary uses like buying goods and services.
Sounds like a problem with the tax regime rather than with cryptocurrency.
If you wave away any reality then no problem is with cryptocurrency.

And yet, for some reason reality exists and intervenes every single time.

You can use USDC or any number of other stablecoins. You don't ever have to touch a volatile asset if you don't want to.
Food, clothes and all the other stuff can be paid with crypto. Rent is probably harder, but I guess when you live in a place like Dubai that also won't be a problem (houses are sold/bought with crypto there).

If you want you can also get paid in crypto, so it's not as hard as you might think.

> Food, clothes and all the other stuff can be paid with crypto.

Of course they can't

> Rent is probably harder, but I guess when you live in a place like Dubai that also won't be a problem

Ah yes. The solution to everyone's rent problems with crypto: just move to Dubai.

> If you want you can also get paid in crypto, so it's not as hard as you might think.

There are over 200 000 creators on Patreon. I'll let you guess how many of those live in Dubai

That's because they don't need an unregulated security; they need a neutral and reliable payment processor.

The world doesn't need crypto, it needs to turn Visa/MasterCard/Amex into utilities.

Interesting fact is that a wallet like https://www.bbw.sv/ allows you to sent payment requests in US$ denominated amounts, not even in bitcoin amounts.

In the background, the payment rails are bitcoin and lightning, but all the user needs to see is US$.

That's the theory. In practice, if your wallet address gets marked, nobody will want to deal with it anymore; exchanges won't accept transfers, and any other address you transfer to will get marked as well. See e.g. https://www.bbc.com/news/technology-60661763
Soooo, let's say you find the address of the cold wallet of a big exchange, you could destroy it by sending them coin from a marked address ?

Good to know :)

The way Bitcoin works at least, you don't just have one wallet address. You can generate new ones whenever you want, and nobody else can predict what they'll be. But yes it's generally more traceable than something like Monero.
No, it's a good argument for better regulating organisations like PayPal that function as banks but pretend they're anything but.
In this case they are acting as a payment processor. Payment processors are not banks usually.

More regulation can only help in forcing PP to have a human that you can talk to after the algorithms have banned you.

Payment processors also don't usually hold funds on your behalf. Visa can refuse to process your transaction, but they can't hold your money hostage because they never have it the first place. IIRC, in order to avoid banking regulations, Paypal claims that legally the balance you hold with them is owned by them. So if they want to close your account and just keep your money then they can (and do). Which is bullshit and a state of affairs should absolutely be regulated out of existence.
Yes, those same banks, that are "regulated" yet they decide what they do with your money, just like PayPal. Bonus: they collapse.
Paypal Europe have a banking license.

The problem is regulation, or at least the interaction between strict KYC/AML regulations and a business model that allows basically anyone to accept electronic payments. Banks and money transmitters are substantially deputised to enforce a raft of laws regarding the conduct of their customers. Either you're choosy in who you accept as a customer, or you're liberal in who you accept as a customer but have a hair-trigger response to any transaction that looks even vaguely suspect. Any alternative strategy will eventually lead to jail time.

These kind of issues are mostly because of regulation (KYC laws).
For Bitcoin payments, the equivalent of Paypal or some other payment processor is not the blockchain but the entity where you convert Bitcoin to actual money, as on-chain BTC is not practically usable for your business expenses without that. And that entity can ban you and restrict your payments, so you have pretty much the same considerations.
(comment deleted)
> no one can ban you from the blockchain.

Except, then you have even bigger problems than just PayPal.

I think that Bitcoin has many similar issues in the real world, though you might argue that these are more under the user's control.

For example, it seems like most people don't hold their own keys. I know, "not your keys, not your coins," but it does mean that Bitcoin doesn't provide that kind of safety for most of its users. Even if you do hold your own keys, there's a decent potential that you'll lose your keys. I've known people who have lost Bitcoin that way. If you're holding your keys yourself, how are you keeping them safe? You certainly need off-site backup and probably a weak enough password protecting them to be sure that you won't forget the password. People have those key safes that only allow a certain number of tries: https://www.bbc.com/news/technology-55645408. That guy has $240M locked away. Sure, PayPal feels unaccountable when you're a tiny player who uses PayPal for thousands of dollars, but a lawyer would be able to get that $240M.

From that article, "Currently, about $140bn worth of Bitcoin is lost or left in wallets that cannot be accessed, according to cryptocurrency-data company Chainanalysis." Given that Bitcoin had around a $700B market cap back then, we're talking about 20% of the total Bitcoin out there simply being lost.

Yes, in theory, these are things that you as a user have control over. But human life is tough. If you get in an accident that impacts your memory, do you lose access? If there's a fire, do you lose access? If you die, have you prepared a way of transmitting those Bitcoin to your heirs - and a way that doesn't give them access currently? How would you do that? "Here's how you access the private keys, but pinky swear that you won't until I'm gone."

> no one can ban you from the blockchain

I'm not so sure about that. Bitcoin are traceable. The government could blacklist certain coins they determine are the proceeds of criminal activity. Sure, the person holding those coins could still transmit them to others and then those people could transmit them to more people, but if the US/EU blacklisted certain coins, people would refuse to take them as payment. For example, Mt. Gox froze accounts that deposited Bitcoins that were known to have been stolen.

Let's say that the US says, "no business under our jurisdiction can do business with any wallet that has held Coin-X after today." The value of that coin becomes much lower than any other coin. You can't accept that coin as payment if you're looking to change it (or any other Bitcoin you own) into dollars in the future. Coinbase and other companies couldn't do business with you. Let's say the US takes it one step farther and says "any coin held by Wallet-X today is tainted and any wallet that accepts any of the coins held by Wallet-X (no matter how many transactions removed from Wallet-X) is also tainted along with all their coins." That means that everyone in the Bitcoin network needs to treat the coins in Wallet-X as radioactive. If you accept payment from Wallet-X, you now can't convert your money to dollars at Coinbase or similar companies. Even if you accept payment from Wallet-Z who got the coin from Wallet-Y who got it from Wallet-X, you're still compromised. There'd need to be an updating blacklist of coins that couldn't be used by US companies - a list that would expand over time. If Wallet-X had Coin-X and sent it to Wallet-Y, it would taint Coin-A and Coin-B in Wallet-Y which means even more Bitcoin are now blacklisted by the US.

Even if you never want an off-ramp from Bitcoin, others do. Maybe you dream of making every transaction with Bitcoin for the rest of your life. Still, the value drops hard if others don't share that dream. Even if you never want US dollars, let's say you want to buy a house with...

I have opposite problem. I am trying to deactivate paypal account or get banned. They keep sending me spam.

I stopped using paypal long time ago. Phone number I used expired when I moved countries. Paypal somehow activated 2FA authentication and I can not login.

Perhaps I will try this

Don't worry, as someone pointed out in another thread they're not going to stop sending you spam just because they've banned you.
Set up an email rule to redirect the spam to their legal department or some other inbox monitored by highly-paid people.
GDPR to the rescue, send a delete request.
Just send $1 to anyone with the message "bomb terror weed crack isis"
All this AML/CTF nonsense for a 39EUR transaction…

There should be laws and penalties for triggering any of those nonsense checks for such insignificant amounts.

It's probably trying to avoid the opening of many accounts, all under 25$, as an attempt to transfer a lot of money but still fly under the AML radar
It's interesting how these money laundering checks works flawlessly for regular people and businesses but always seem to fail when there are hundreds of millions of dollars involved.
Optimistic explanation: businesses that handle millions of dollars probably have way more transactions than regular people, and thus have a higher chance of triggering a false-positive on some random blacklist.
Your solution is to make obeying the law illegal?

Do you think Paypal enjoys spending effort to prevent itself from collecting fees?

I only use them as an additional layer between an isolated debit card and the internet. Anything more is reckless.
PayPal sucks. I was scammed out of $130 because of their horrible UX. I can't believe no competitor has killed them yet.
If only there was some sort of global payment system where you could transact freely and no one could prevent you from sending or receiving money..

A system where instead of trusting banks and governments and other entities, we could harness the decentralised nature of the internet.

A system based not on trust at all.

A system where the total number of units of currency was limited to a pre-determined amount.

Snitches get... their accounts restricted by PayPal?
So what's stopping them writing a letter explaining it was a randomly generated license key and getting unrestricted?
Nothing, except the fact that nobody at PayPal would read the letter.
A small independant record label I'm involved with had its Paypal account shuttered with around £2500 balance because "reasons" and they've basically stolen it. Fuck Paypal.
I was "banned for life" about 4-6 weeks ago. No explanation given. No sketchy transactions on my record, just sending money back and forth between friends who (AFAIK) aren't up to anything suspicious. It was embarrassing having to explain to people that we'd have to figure out another way to transact going forward because I was no longer welcome with Paypal.

A week later I tried logging in again just to see what would happen, and everything was back to normal. I could once again send and receive money as if nothing had ever happened. Needless to say, I took the opportunity to transfer every last dime out of the account.

Make sure to uncouple your bank account and phone from your Paypal account if you're really done with them.
Not good enough. You have to also put a stop payment at your bank against all PayPal transactions.
Is thin an American thing? Can they just pool money at will?

In the EU, if you revoke their SEPA direct debit permission, they are committing a fraud if they try to pull money, and 99.9999% of companies will not even try. If someone still does it, you can revoke the transaction in your online banking interface, and the company will then have to pay an additional fee to the bank.

If you spot it in time. Plenty of people don't actually monitor their bank account all that closely. This is how lots of money gets stolen.
Supposedly there is no time limit on direct debit claims: https://www.directdebit.co.uk/direct-debit-explained/direct-...
Having had to deal with this is a previous job, from what I remember the rules DD are pretty strict and if you mess up as the collection agency, you have to put it right. You also don't get to just recollect - the few times we had software issues, we needed to write to all the people you are going to recollect from and inform them it will happen.
You have a lot of time though, it's just that it gets harder to reverse.

Netflix' fraud detection is garbage and someone created an account with random letters, some throwaway email and my bank account. I didn't notice until it was like three months in. For the two later transactions, I could reverse them immediately and the money was back in my account on the next business day.

The other one was outside of that window, but my bank filed a request with their bank and it took forever, but eventually they paid it back. I believe this works for something like 13 months. Beyond that, you could still sue the person (and their bank) who fraudulently debited money out of your account, but you don't get a default win.

So at least in Germany you have about a year to notice.

If they're large enough, they can get away with it, and the bank's insurance just eats the cost.

Experian routinely generates unauthorized credit card charges. The banks know, but they rely too heavily on the credit rating industry to stand up to them.

I think a "stop payment" is the US name for revoking direct debit permissions.
There is no initial permission. Anyone with your info can pull money out of your account. A stop payment just blocks a specific person from doing it again.
I've had to call my bank and they had a very hard time unapproving someone after I'd given them deposit permissions but ended the business relationship.

It was weird. They seemed very confused by the request.

Yeah all that is needed to do an ACH pull is a name, account number, and routing number. There is no real security.
I changed banks back in 07 over this.
[EU/SEPA Only] If you have signed a B2B SEPA Direct Debit (SDD), it's enough to revoke it on your banking portal as you have mentioned. Your bank is required for a signed Mandate to be able to debit your account. If you have been debited already for a B2B SDD, you only have 3 inter-banking business days to try to Reject the payment (if your bank offers that as a service), afterwards the bank that has issued the SDD is not legally bounded to return the money.

If it's a Core SEPA Direct Debit, there is not the concept of a "signed mandate" but according to the rulebook [1] you have up to 13 months [2] to ask for a Return.

[_sigh_] I've spend so much team reading those rulebooks

[1] https://www.europeanpaymentscouncil.eu/what-we-do/sepa-payme...

[2] "If the request for a Refund concerns an Unauthorised Transaction, a Debtor must present its claim to the Debtor PSP within 13 months of the debit date. [...]"

I opened a business PayPal account, and it was closed within the first 2 minutes of opening. There was no reason given, and I had provided all details necessary during sign-up. I still get promotional mails until now.
> I still get promotional mails until now

Just forward them to phishing@paypal.com

Same, I got the ban email before I was even done setting up the account:

> After a review, we decided to permanently limit your account as we found potential risk associated with it.

> You'll not be able to conduct any further business using PayPal.

> Based on this decision, if applicable, you are no longer eligible for PayPal Seller Protection as per our User Agreement. You'll also be charged a High Volume Dispute fee based on your activity for all existing and future cases you receive.

> Any bank or credit card information that's linked to your PayPal account cannot be removed nor can it be added to another account. You can still log in and see your account information but you can't send or receive money.

> If you have funds in your PayPal balance, we'll hold it for up to 180 days. After that period, we'll email you with information on how to access your funds.

> We regret any inconvenience this may cause.

No contact address, no escalation path, only vague rumors on internet forums of voodoo to get the ban lifted by the Paypal gods.

They continue to send me daily emails telling me to link my bank account. Okay!

And then a day or two later I get another email

> My name is YYYY and I work on the PayPal Business team. I am more than happy to assist you with your PayPal onboarding journey.

> So I understand the nature of your request. Could you please provide me with some additional insight to your business by answering the below questions.

And a bunch of generic business area questions (what do you sell, what's your volume, etc). Are you kidding? You open by telling a fellow to get stuffed, then talk about journeys and assisting them?

Same except I wasn't even sending money. Made an account years ago, never used it, got banned for life when I logged back in. Tried making a new account, but obviously they're able to detect that, so it wouldn't take any of my credit cards.

I don't get how people use this thing.

It works well until it doesn't, I guess.
Probably works or doesn't. I was part of whatever small percent gets banned by mistake, whereas most people would end up using it and generate enough confidence in their algos to not get banned later.

Whatever, I can live without the ability to purchase random crafts from Etsy.

there's a whole forum dedicated to how to create stealth paypal accounts, but I forgot the name
I was banned half a dozen times. :D
That's why I have no money in my PayPal account and the only payment method is a credit card which I get a notification for when it's charged. I don't trust PayPal at all, but sadly, it's the least bad payment option in big parts of the european online shopping sector.
I've recently had friends over for a weekend, the most convenient way they could send me money was through Paypal. I've made sure to transfer the money to my bank account as fast as possible, because I don't trust them anymore. I got a notification as well that they needed additional verification (it was a big group and we shared the cost of accommodation that I paid), that one already gave me The Fear. Although the verification went pretty smoothly, it used a system from my bank to verify identity.
European here. Happily never been a customer of PayPal or used harmful stuff like Bitcoin (ponzi-system). “Here” was never a need for them.

Why?

The banking system in Europe relied for long time on federated and regulated wire-transfer/direct-debit. More than a decade ago SEPA made cross-country transfers easily. And the instant-transfers are great! Little to no fees for transfers itself. Downsides? Both should have been added much earlier! Especially instant-transfers. Most Europeans don’t value that.

I’m always baffled by differences, especially using checks. And yes, we rely on cash because…you’ve seen PayPal? And fragile infrastructure.

The US direct transfer system is supposed to launch later this year. If it works out, it is going to absolutely crush PayPal, and Roundrect Cash or whatever they call themselves these days. I can’t wait.
FedNow is between banks, though, not an end-user service. Assuming it is as awesome as Zelle is, I don't think it'll crush my habit of using Venmo (which is a PayPal subsidiary).
We’ll see, certainly. I remain hopeful.
Maybe i should ask my users to pay for the $2 in-game purchases with wire transfer
Even as a European, there are times when paypal is the only viable solution. Though, they have been become less and less over the years, but they still are there. For example, looking at Humble Bundle just now, there is no SEPA-Option. It's paypal, credit card, Klana or Alipay. And I trust Klana and Alipay even less than paypal.
Klarna is an example of outsourcing, underpaid and unmotivated workforce. And it involves another party which doesn’t care.

If something goes wrong during an order (too many items shipped by merchants mistake) you’ve an uncooperative party on the other side.

but remember kids, bitcoin is only for criminals
It may be anti laundering or sth
I can not be the only one who is aware of the "Paypal Mafia" and hear tales of their giga brain level collective and induvidual genius and success - yet use their product and see only a total and utter failure.
(comment deleted)
I don't understand what PayPal's justification here is.