
Open Source Events Get Burned By PayPal - pydanny
http://pydanny.com/we-are-not-using-paypal.html
======
secalex
Paypal is a long-time client of my consulting firm, and several of their trust
and security people are good friends. They are not stupid or malicious. Unlike
the author, they are cognizant of a basic truth about the Internet:

In any situation involving money, every loophole or mechanism for scamming
people will eventually be discovered and then exploited to an extent you never
believed possible. Just as the Internet has massively changed the basic
economics of almost every industry, it has greatly reduced the risk and costs
of widespread fraud to a level that would make Charles Ponzi cry with joy into
his spaghetti.

There are teams of extremely intelligent and motivated people who spend their
entire working careers figuring out ways to rip off Paypal (and Amazon, eBay,
Google, Baidu, Bitcoin merchants, etc...) If a top tier company that deals
with money on the Internet is problematic for a certain transaction, then you
can be sure that is due to a real problem in the past that resembles that
transaction.

Pydanny believes that Paypal's actions are without basis, so he has clearly
identified a market inefficiency that is ripe for "disruption".

I think pydanny should take this opportunity to pitch his payments startup,
PyPal, to pg and several other top-tier angels/VCs. Make sure to include a
slide on fraud and loss prevention, and clearly outline the policy that will
differentiate you from Paypal:

"The developer community is critical for the success of PyPal. In a situation
where a PyPal account identified only by a Yahoo email address and with
limited transaction history receives hundreds of thousands of dollars in
deposits for a service that will not be delivered for months, we will not
freeze that account under any circumstances. Especially if they self-identify
as a Python developer."

Let me know how the pitch meetings go.

~~~
derefr
At its heart, though, this isn't a service problem; it's a customer service
and UX problem.

Imagine that instead of the current Paypal interface, you had the following:

> Instead of having one email address to accept all payments, you created a
> new sub-account for each event/product/other "stream of payments" that you
> want to send/receive.

> Creating a "receive payments" sub-account pops up a wizard, that asks you
> what these payments are expected to be relating to--a product you sell, a
> subscription service, an event, donations, etc.

> If you pick "one-time event"--the fraud department is called down to verify
> you and your business _up-front_. It all gets explained in the interface,
> your sub-account just will be in a "verifying" state for a few days/weeks,
> you'll get phone calls and have to submit paperwork to make it "active."
> Meanwhile, the rest of your account continues to work and none of your other
> payments get frozen.

> This is _on top of_ the fraud detection that already happens. If you
> suddenly receive $50k, no matter what the sub-account _said_ it was for,
> then sure, pause that sub-account and have the fraud guys take a look. But
> if they pull up the account and the payment pattern exactly matches what
> they themselves already OKed you to do up-front--then turn right around and
> unpause it.

...

Now, this all _already happens_ with Paypal! Big corporations know what to do
to make Paypal work like this--create a new Paypal account for each venture,
get Paypal on the phone yourself and submit all the paperwork and get them to
OK it before you declare it safe to start using that account, etc.

But none of this is obvious to the average small-business owner who may have
never used an online payment system before. They just use one account for
everything, get popular for whatever reason, accept a bunch of payments or
donations all at once, and get their entire funding stream suddenly frozen
while Paypal does due diligence that should have happened at the _beginning_
of the process, not right when the money is needed most.

------
omfg
How is this related to just conferences? PayPal doesn't have an anti-
conference agenda.. There seems to be two things that set PayPal off.

1) Small volume to huge volume in a matter of days. 2) Taking payments for
something happening in the future.

Story after story about both of these scenarios.

It seems obvious at this point that PayPal is not a good processor for things
like pre-sales or events. It may be annoying but it's a liability for them and
they do what they need to minimize it.

PayPal may be attractive because it's quick to setup but it seems easier for
people to get in touch with a proper merchant account provider, discuss what
you'll be selling ahead of time so they're prepared, and not get your funds
frozen.

Update:

For anyone who is interested, here is PayPal's policy on pre-sales.

[https://www.paypal-businesscenter.com/content/presale-
policy...](https://www.paypal-businesscenter.com/content/presale-policy-and-
reserves)

~~~
pydanny
You're right, it's more than just conferences. But conferences and the will of
the developer community are a critical factor in PayPal's ongoing success.
Stripe and it's competitors are making inroads because of PayPal's difficulty
of use AND their forbidding anti-fraud policies.

As for proper merchant account providers, tell that to people in countries
where the majority of residents can get PayPal but not credit cards.

~~~
omfg
I understand that. We're in the same boat. We have to use PayPal because it's
what our customers want. But it's up to the business / organizer to minimize
the risk, same as it's PayPal's job to minimize theirs. Could split processing
between merchants, attempt to get authorization for capturing at a later date,
etc.

Great book by the way, just picked it up yesterday.

~~~
pydanny
Glad you liked the book!

------
lucb1e
I can't help but mention Bitcoin here. For international things like open
source events, it would work just perfectly. Especially given the tech
audience that is attracted to these, Bitcoin might be the easiest way to pay
for opensource conferences.

~~~
InclinedPlane
This is just fantasy. You might as well tell people to trade in gold. If you
want to operate a legal business above board there's no reason not to use the
existing suite of financial services out there today.

~~~
lucb1e
Can you fax gold? Thought so. And cash, which is as traceable as Bitcoin, is
not illegal either is it?

So what was your point exactly?

~~~
InclinedPlane
What is it, precisely, that you think justifies the use of bitcoin?

Here, let's make this simple. Just list, explicitly, the top 3 reasons for
using bitcoin. Then explain how these reasons are unique to bitcoin and also
how they fully justify dealing with the problems of dealing with bitcoin
(variable exchange rates, difficulty of converting into local denomination
funds, etc.).

~~~
codesuela
1) Bitcoins are easily transferable (P2P)

2) Bitcoin transactions are irreversible

3) No third party is involved for the essential transaction (in this case the
exchange of Bitcoin(s) for a ticket)

If you use Bitcoins as a method of transporting money you can cash them out as
soon as you get them (which is within a few minutes) and getting Bitcoins
isn't as hard as people make it out to be.

~~~
derefr
> If you use Bitcoins as a method of transporting money you can cash them out
> as soon as you get them (which is within a few minutes) and getting Bitcoins
> isn't as hard as people make it out to be.

I'm surprised nobody has made a service that transparently uses bitcoins to
send someone not-bitcoins:

[For the purposes of the example, let's call the sender of the money Alice,
the receiver Bob, and the two instances of this Exchanger service Eddie and
Edna. Eddie is local to Alice's legal/financial jurisdiction, and Edna to
Bob's.]

1\. Alice, living in America, visits Eddie and tells him that she wants to
send Bob, in Canada, $50 USD. Bob is only identified to Alice (and thereby to
Eddie) by his bitcoin deposit address.[1]

2\. Alice pays Eddie $50 USD (cash, Paypal, ACH, pre-deposited funds, an IOU,
whatever);

3\. Eddie buys bitcoins with those dollars, and transfers the bitcoins to
Bob's address.

Then, separately, Bob set up his bitcoin bank with an "on deposit" webhook
that calls Edna. When triggered,

4\. Edna, acting under an access token Bob granted her through the webhook,
withdraws the deposit into her own bitcoin bank account;

5\. Edna immediately sells the bitcoins for CAD, thus preventing any currency
volatility;

4\. Edna sends Bob an email saying "you've got $51.42 CAD[2]", with a URL;

5\. Bob visits the URL, and enters his [real, physical] bank account routing
information;

6\. Edna does a wire-transfer from her account to Bob's bank account.

In this example, Bob and Alice never meet. Eddie and Edna never meet, nor have
to trust one-another. The money is exchanged anonymously and securely. And
yet, neither Alice nor Bob ever touch a bitcoin, or deal with the volatility
of the currency.

Why doesn't this exist yet?

\---

[1] This could be encapsulated further if Eddie and Edna both subscribe to
Ronald the name-Registrar; then Edna could transparently register Bob as
"bob@ronald", and Bob could tell Alice to send her money to that alias.

[2] Assuming neither Eddie nor Edna take a cut of this transaction.

~~~
oleganza
Ripple does something like this: <https://ripple.com>

------
aardvark179
I've seen this problem come up multiple times, and had to talk to my bank when
I got hit by it myself, but I absolutely understand why it happens. In our
case it was because we moved from taking registration fees to taking
accommodation deposits as well, and suddenly a large amount of money appeared
in our account, and it does look very odd.

What I'd be interested in seeing would be somebody like eventbrite handling
accommodation deposits and so forth as well as registration, then I could
funnel everything through that. It's important that any such service release
the funds to the event early so they can actually be used for running the
event.

~~~
jmodp
It is better not to use advance sales funds to run the event. Fund pre event
expenses from sponsors and/or a line of credit. Then if, for some reason, you
have to refund the advanced sales, the money will still be there. Board of
directors should insist on such a policy.

------
jusben1369
As a general rule of thumb. If you have a pretty predictable business then go
with an all in one payment gateway and merchant accounts. By predictable I
mean your growth is steady but not spectacular and not prone to any seasonal
or suddenly dramatic spikes. Your price points don't move around dramatically.
You're not something that will have a lot of chargebacks.

If your business DOES look like the above then engage a merchant account and
explain to them what you are up to. It reduces the chances you'll get frozen.

If you can't qualify for a merchant account initially then use an all in one
and build up a history that you can then take to a merchant account a little
further down the road. (shameless plug for core.spreedly.com if you want the
flexibility to shift and change easily)

------
InclinedPlane
Wow, I find it amazing that there is so much augery going on in this post.
Ooo, maybe paypal hates python conferences! Maybe they just hate open source
conferences!

And then they go on to describe how they refuse to kowtow to the obviously
made up "needs of paypal's anti-fraud division".

There are lots of reasons to get mad at paypal but all too often the formula
"We understood nothing about business, didn't even bother to familiarize
ourselves with the law or financial regulations, and somehow problems
resulted! We blame paypal!" is repeated all too often.

Let's look at this from the flip side. You decide you want to defraud a bunch
of people, so you gin up a fake conference, it's easy to put up a fancy web
page and sucker people in, then you take the money and run. You think this
doesn't happen?

Paypal does have pretty crappy customer service, but if you expect to accrue a
significant fraction of a million dollars in a paypal account and you don't
think that somehow there might be some hoops to jump through then you are
living in a fantasy world.

There's a reason why there is a lot of markup in event ticketing agencies
(such as brown paper tickets, or event brite, or the hated ticket master), and
it's not because it's such a fundamentally easy problem.

Edit: I'll say this again. It sucks when people who are working based on
perfectly good intentions get hurt by the system but we live in a heavily
regulated era. Expecting that you can operate a business without taking heed
of the relevant regulations and business rules is massively naive. More so,
it's a disservice to your customers. Imagine that you were running a 100% cash
business. It would certainly make some parts easier, but don't you think
people would start asking questions?

~~~
alain94040
Agreed. I organized a startup conference (<http://thestartupconference.com>)
for 3 years in 4 cities, always with PayPal as payment. Some advice: make sure
you are incorporated. Definitely don't use a personal account to receive
payments. Assume that most of the money may be stuck for a while, but know
that you'll get your payments eventually, so arrange for backup financing.

Bottom line: if you do this as an amateur, expect to be treated like one. You
can't script banking like you'd script ssh.

~~~
derefr
> know that you'll get your payments eventually, so arrange for backup
> financing.

How easy would you say it would be to get a loan with "I have $N-thousand
dollars stuck in my Paypal account, expected to clear" as collateral?

...actually, wait, that sounds like a [banking] startup idea:

> "We accept payments for an event into an escrow pool, then _lend_ you (with
> interest) a percentage of the escrow-pool as an advance to set up the event,
> then release the escrow-pool to you automatically if-and-only-if there
> aren't too many complaints after the event [otherwise the issue goes to a
> set-length arbitration, and then we either release the money to you, or
> refund it in its entirety.] For trusted repeat event-creators, we may
> increase the loan percentage up to 100%, and may delay loan-interest accrual
> until after the event-date. We're also partnered with an event underwriter
> who you can allow us to ensure your event with automatically, in case of
> black-swan event failure."

Is anyone doing this? Is it even feasible?

~~~
syedkarim
This sounds like a cashflow loan, which FastPay does <http://gofastpay.com/>.

I think it can also be described as factoring
<http://en.wikipedia.org/wiki/Factoring_(finance)>. And lots of companies are
involved in this space, though there is still room for improvement.

------
hcho
Maybe there's a business idea in payment processing for events.

~~~
lucb1e
I think there are enough payment services, we don't need another one. We need
a central one. PayPal is really big and seen as many as _the_ way for online
payments. And I agree, it works really easily and good. Only there are the
problems as mentioned in the article...

~~~
triplesec
Yes, and there are too many business software companies too. Why can't we just
leave it all to Microsoft, and we'll all be happy?

------
QuantumGood
Before we expanded our events (from 10-15 to 50-80) we dropped PayPal for
WePay. Works great, and I can sleep at night.

------
the_mitsuhiko
There is a good chance I will not attend your conference if it's not payable
through PayPal. As a customer the extra safety net is very reassuring.

------
marze
All PayPal would need to do is contact by email 50 of the people who already
paid and ask if the are confident the event is legit.

Since they don't, it shows they are a criminal organization.

------
joering2
This is nothing new, like article states. What interests me is that why would
tech group that most likely knew PayPal shameful history still trust them with
payment solution? Why is it that every one and each enterprenour or new
startup has to go with paypal?? Do you really want to learn on your own skin??
This is not 2006 anymore! There is so many other alternatives, some less
expensive, that you just need to let PayPal go. Also most of them are very
trustworthy so that customers don't really care whether you use PayPal,
Dwolla, Stripe or Authorize.net.

~~~
pydanny
The reason people are forced to use PayPal for events is that for many people
credit cards are impossible to get. PayPal is often much easier for more
people to use.

