
PayPal is currently blocking all transactions containing the word “tardigrade” - _Microft
https://twitter.com/ArchieMcPhee/status/1304434532293046272
======
_Microft
Per [0], a possible answer to this seems to be that an arms dealer had
connections to a company called Tardigrade Ltd. and all transactions with
firms like these are prohibited which is why the word "Tardigrade" made it
into PayPal's filter.

As long as companies like PayPal have issues like that, or with moderation in
case of Youtube, Twitter or Facebook, I'd claim _neither_ of these companies
have actually solved scale. If they can not properly deal with the issues that
arise of scale, they haven't solved it at all. They might be reaping the
benefits and dumping the issues on others but they haven't solved anything
else at all.

[0]
[https://twitter.com/kenshirriff/status/1304564003859918849](https://twitter.com/kenshirriff/status/1304564003859918849)

[1] [https://home.treasury.gov/news/press-
releases/sm849](https://home.treasury.gov/news/press-releases/sm849)

~~~
imnotjames
PayPal gets a list of banned strings from the Office of Foreign Asset
controls.

If any match those strings it's flagged for a review.

This is more or less legally required for any company that moves money in the
United States of America. You will probably find the same issues with the same
terms on any other banking for financial body.

Technically, these aren't being blocked. They're being audited. The payments
will still go through. The way this is taking place is following very specific
legally "known good" pathways - so that when paypal does accidentally let a
payment through to a sanctioned entity they are able to argue that they took
every available precaution and should not have to pay the $250k per
transaction fine.

The last time PayPal had to pay these fines - for example - it was ~$7m.
That's not including legal fees. [https://fcpablog.com/2015/03/27/ofac-fines-
paypal-77-million...](https://fcpablog.com/2015/03/27/ofac-fines-
paypal-77-million-for-486-sanctions-violations/)

~~~
_Microft
And the strings from this list have to be matched indiscriminately against
everything? Names of account holders, text in the reference field of a
transaction (if such a thing exists in the US), whatever?

~~~
Ancapistani
I’ve had an order of “Aleppo pepper” blocked from a small online retailer
because it contained the word “Aleppo”.

[https://en.wikipedia.org/wiki/Aleppo_pepper](https://en.wikipedia.org/wiki/Aleppo_pepper)

------
therealmarv
Same for the word "Bitcoin". If you try to send something with this word to
somebody it will block their and your account. For me this is an (kamikaze)
attack vector.

~~~
gruez
I mean, why stop at just "Bitcoin". Might as well put a bunch of the words in
there to increase your chances (eg. iran, nuclear, uranium enrichment, north
korea, isis etc.), kind of like
[https://www.google.com/search?client=firefox-b-1-e&q=tiananm...](https://www.google.com/search?client=firefox-b-1-e&q=tiananmen+square+copypasta)

~~~
YetAnotherNick
Or just use "Cuba" somewher. It will have more effect than the rest all
combined.

------
tuiq03
I work europe based ecommerce company. paypal was blocking orders for any
product that had “cuba” as pat of the name/description due to us cuban
sanctions. although after talking with account manager, they have removed this
filter for us.

~~~
blunte
Based on my experiences helping a client with Paypal, even though we had
written approval from one of their executives in Paypal risk management, we
got shut down weeks later for violating the thing we explicitly got permission
for.

If I were you, I would expect something to trigger a blockage again (and
ultimately decide, like many companies, that Paypal just isn't reliable).

~~~
tuiq03
that’s proven by all other problems we have working with. but you cannot
simply turn it off since it has huge payment share vs other payment methods

~~~
YetAnotherNick
Just curious, why is allowing cuba in the description so important to you?

------
nieve
Farther down the thread:

    
    
      A few people mentioned OFAC sanctions, so I investigated a bit more. In Dec 2019, US Dept of Treasury sanctioned companies linked to Serbian arms dealer Slobodan Tesic, including Cyprus-based Tardigrade Ltd. So PayPal flags tardigrade ornaments by mistake.

~~~
skissane
Part of this is no doubt Paypal's fault, but part of it is also the fault of
the US's over-the-top trade sanctions laws. The penalties for getting it wrong
are so severe, it creates a strong incentive for companies to err on the side
of caution even when doing so produces idiotic outcomes like this one.

~~~
mrweasel
I don’t think it has to do with err on the side of caution. I don’t think
PayPal has the technology to implement better blocking.

~~~
skissane
The problem is that if you make a false negative error, there is the risk of
severe legal sanctions, if you make a false positive error, there are zero
negative legal consequences. Hence the law encourages everyone to prefer false
positive errors to false negative errors, and this is the result. If the legal
incentives were different, the outcome would be different.

The law could provide an efficient recourse in case of false positives – e.g.
a legislated right to appeal, legislated SLAs for considering appeals (and
penalties for failing to meet them), indemnification for the provider if they
grant an appeal in good faith, an expedited process for judicial review of
denied appeals, etc – but the law doesn't, and since there is no incentive for
an efficient recourse, nobody provides one

~~~
mrweasel
I understand the legal issue for PayPal, but then they got really lucky in
this case. Tardigrade isn’t really a widely used word, so just blocking the
word completely is “fine”, but what if the arms dealer in question operated
under the name “Arts and crafts ltd”? Would PayPal have used another blocking
system?

I don’t blame PayPal for their reaction, but I also doubt that they actually
have better solutions than keyword blocking.

------
someonehere
I forgot what happened once to my PayPal account but I remember calling them
because I knew the issue I had couldn’t be resolved over the phone. The person
on the other end had a canned response to my problem that didn’t answer why my
account was the way it was. I just remember saying that I wanted to buy
things, I have money to spend, why do you not want me to spend money with your
service. Brief pause and then she said my account would be active again in a
few minutes.

Don’t even get me started on eBay. Support is non-existent for my issue so I
had to lie in a different support request to get my issue looked at. Even then
what they need me to verify transactions on my account is impossible.

------
kinganurag
The solution paypal gave "don't use word tardigrade" is wrong from product
point of view

~~~
itronitron
paypal considers that a better solution than the alternative one "don't use
paypal"

------
082349872349872
The obvious workaround is to move from edges to facets.

Instead of Tardigrade (A) shipping arms to $TERRORISTS (B) and (B) sending
money to (A) by paypal in a bilateral pattern AB, they should move to the next
topological level.

A ships arms to $EMBARGOED_PARTY (B), (B) sends money to $FREEDOM_FIGHTERS
(C), and (C) sends drugs with street value to (A), making a triangular pattern
ABC.

Extension to tetrahedral trade is left as an exercise for the reader.

------
hrafn
Here's some context: [https://www.vice.com/amp/en_us/article/n7wg3w/paypal-
tardigr...](https://www.vice.com/amp/en_us/article/n7wg3w/paypal-tardigrade-
error)

Likely not due to the Scunthorpe problem like one might expect, but due to an
arms dealer having sold weapons through a shell company named Tardigrade.

~~~
ffpip
Non Amp - [https://www.vice.com/en_us/article/n7wg3w/paypal-
tardigrade-...](https://www.vice.com/en_us/article/n7wg3w/paypal-tardigrade-
error)

~~~
gwd
Non-Vice: [https://www.geekwire.com/2020/weird-seattle-retailer-
archie-...](https://www.geekwire.com/2020/weird-seattle-retailer-archie-
mcphee-hit-even-weirder-paypal-security-glitch/)

~~~
xrisk
What’s wrong with Vice?

~~~
Kliment
There's many things wrong with Vice. In addition to the story in the sibling
comment, they have a consistent track record of misrepresenting their
reporting to sources, heavily editing interview responses to change the
meaning of what the interviewee said, and in at least one case I directly
witnessed inventing the entire content of an interview that never happened and
publishing it. I would simply consider anything they write at least
misrepresented and possibly entirely fictional.

------
latte
You have to thank the OFAC regulations for that - they have created issues for
both businesses and customers in the name of political goals that don't have
any relation to them.

------
tgsovlerkhgsel
GDPR has a separate, less-known article that bans fully automated decision
making without an appeals process: [https://gdpr-
info.eu/art-22-gdpr/](https://gdpr-info.eu/art-22-gdpr/)

It's unlikely you'll be able to get Paypal to actually comply with it, but
going through a path that will hit someone familiar with GDPR and mentioning
this article, and escalating via the DPA, is probably the most promising
option

Obviously doesn't help if you need something done quickly, because especially
if you need to get the DPA involved, this process will take months.

~~~
disgruntledphd2
That's actually a good (if slow) solution, given that payment processing is
important enough to hit the filter (significant recourse or something).

------
fredsted
Don't use Paypal, or you risk randomly losing your money.

~~~
4ad
Pretty much. I'll refer to something that happened to me a few years back:
[https://news.ycombinator.com/item?id=18783724](https://news.ycombinator.com/item?id=18783724)

------
tmikaeld
This must be rough for the band "Tartigrade Inferno"..

[https://www.youtube.com/channel/UCm246J_436dbUOIHpra7J8A](https://www.youtube.com/channel/UCm246J_436dbUOIHpra7J8A)

------
Lagogarda
Thanks to PayPal I just learned a lot about Tardigrades. Interesting
creatures.

~~~
DarthGhandi
Unpopular opinion but I think we have a civic responsibility to put them on
probes and crash them into every planet in the solar system. Those cute little
water bears are nature's survivors.

~~~
eru
Why specifically a civic responsibility?

~~~
DarthGhandi
There's probably a better word but it resonates with some people.

The desire to preserve other planets for the remote chance that there's life
there and we can study it before turning up anyway and ruining things is
misguided. We are the only known life in the universe, it's incredibly
irresponsible to not propagate such things (just in case)

~~~
wizzwizz4
Unless we end up killing life that already exists there.

~~~
scollet
The aliens can make a movie about it.

------
ghego1
Based on my experience as a developer and user I can't understand how PayPal
got so big and ubiquitous.

I had the worst experience ever in trying to set up our recurring billing
system with them, wasting several days of work, to the point that I simply
gave up, switched to Stripe, and got everything up and running, in production,
in hours.

Even as a consumer I had a terrible experience when trying to send money
abroad, for my rent, with Xoom, a PayPal service. They initially took the
money from my PayPal account, told me that the money was on its way to the
recipient, only to block it some days later for non specified reasons
(refunded in my account). On top of that, I lost the option to use my PayPal
account to send money, for what appeared to be a technical issue. Even if the
system appeared to give me the option to use my PayPal account as a source of
funds, telling me that the accounts were indeed connected, then when actually
sending the money the option disappeared.

To solve the issue I called Xoom, they told me that there was no way of
reconnecting my account and that I had to contact PayPal. So I did and they
told me that they couldn't do anything and that I had to contact Xoom. After
few exchanges back and forth like these, I simply asked to close my Xoom
account so I could open a new one and restore the link between my Xoom and
PayPal accounts, but they told me that that was not possible and that to
cancel Xoom I had to cancel also PayPal.

So I gave up, used another service and got my money to my recipient.

~~~
afiori
I'm not from the US and to me PayPal was always only a way to avoid filling in
credit cards details on (random) websites.

it always feels a bit weird to see people elsewhere rely on it for much more.

~~~
aphextron
>I'm not from the US and to me PayPal was always only a way to avoid filling
in credit cards details on (random) websites.

And this is the answer.

Paypal's existence comes down to the fact that they are the sole "legitimate"
vector into the US financial system for a vast majority of the rest of the
world. Because that's such a massive financial incentive, they can basically
treat users however they wish and get away with it.

~~~
newyorker2
Brewing up space for that next startup who respects their users and works in
the same marketplace ;)

------
langitbiru
So I guess it's nice to have an alternative payment method like
cryptocurrency.

------
miga
Such arbitrary prohibition is caused by "Know Your Customer" regulations. And
it is anything but.

Clear indication for regulatory audit, since the methodology is at fault here.

------
justinzollars
The financial reforms following 9-11, introduced reporting requirements. This
could be under this umbrella? One example is suspicious deposits must be
reported by those in the financial services industry to the federal
government. Once reported your broker is prohibited by law from informing you
of the report. We lost a lot of financial freedom following 911. Paypal is
just following US law.

------
OnWriting
Anyone care to guess as to why? At face value it seems like a very odd word to
censor, I have absolutely no clue what the motivation might be.

~~~
Lagogarda
cause it contains (starts with) "tard"

~~~
eru
What would be wrong with 'tard'?

~~~
matthewheath
It's a shortened version of the slur "retard".

------
tus88
Poor little fellas.

------
_heimdall
I had a horrible experience with PayPal earlier this year. I needed to send
$500 to an individual buying our house, they were paying cash and on such a
tight timeline for closing that the closing docs were written up before they
got back their inspection report and asked for an allowance.

Paypal kept blocking the transaction even though it was just a simple person
to person transfer. I was on chat with their support for nearly an hour. The
person kept describing some black box of a security system that, for security
purposes, no one manages or can see why transactions get flagged. I asked
multiple times to speak to a manager or someone on the security team and was
told consistently that managers won't have more info and there literally isn't
a security team...

Needless to say I haven't used them since and will do everything I can to
avoid it. I have no problem if a flag is errantly raised on a normal
transaction, but to say they literally don't have a security team is mind
boggling.

~~~
bbarnett
NO security team?!

So they literally admitted that they don't have anyone actively monitoring
transactions? Working to watch for fraud? Theft? Hacking?

Wow, I may stop using them as well.

~~~
bbarnett
All I can say, to all the comments, is "whoosh".

~~~
teddyh
Communicating badly and then acting smug when you’re misunderstood is not
cleverness.

— [https://xkcd.com/169/](https://xkcd.com/169/)

~~~
bbarnett
Hey, great info. Unfortunately, you assert several things with your statement,
which really are not true.

Try again? Do you have a better jab?

Maybe one that doesn't rely upon a comic, as your main argument?

------
awinter-py
'this is an arbitrary + stupid mistake by a company known for drawing lines in
the sand over stupid rules' is the _less_ scary answer here

we know tardigrades can travel through space. what if the aliens are _already
here_

tardigrades founded paypal to demoralize us with arbitrary + stupid rules, and
their only weakness is the streisand effect

~~~
rosstex
The only thing that would improve this comment is an embedded image of a
tardigrade. Mods?

~~~
CleanItUpJanny
an upvote to you my good sir

------
tzfld
So this "internal security system" takes over the company even if they don't
want this. This is so wrong I don't even know where to start.

~~~
duskwuff
It's a trade sanctions issue. PayPal could end up in _deep shit_ with the
Treasury Department if they let their front-line support techs override an
OFAC match.

There is almost certainly a way to handle this, but it involves talking to
PayPal's legal department, and it will take time.

~~~
wbl
OFAC match? The entities aren't matching just the product. It's like blocking
someone from buying food at Joe's Cuban Resturaunt in Miami. Not what OFAC
actually requires.

------
sitzkrieg
why is paypal and other payment processors getting caught out with this
braindead text filter stuff? slam a grep somewhere instead of real effort?

------
classics2
Wait until they ban you for life for a similarly random reason, then tell you
“it cannot be appealed” lol.

------
LaSombra
I bet the folks at tardigrade.io are not happy.

------
Krasnol
I hope the EU will come up with a central bank backed alternative soon.

~~~
Dahoon
The whole problem with PayPal is exactly that it isn't a bank so they can get
away with all kinds of stuff a bank cannot. I doubt a bank backed competitor
could survive against a business that can just lock an account with money in
it and never pay them back. Not really a level playing field.

~~~
Krasnol
It's really hard to identify sarcasm on the internet.

------
bleepblorp
Duplicate submission from several hours ago:

[https://news.ycombinator.com/item?id=24445174](https://news.ycombinator.com/item?id=24445174)

~~~
_Microft
I check for popular sources (Quanta Magazine, Nautilus, Ars Technica, ...) but
Twitter threads I usually just submit - if it's not someone super-duper well-
known or popular here on HN. Foone's latest shenanigans would warrant a check
for earlier submissions for example. My apologies.

------
anthk
With "tard" you can block any Spaniard or Latin American with any transaction
setting the time after the afternoon...

