
Is this Paypal experience customary? - stratosgear
https://gist.github.com/stratosgear/6923623321adacd368e965ff193fe2ce
======
davnicwil
I rarely use Paypal, but was forced to use it recently for something with no
other payment option. Whilst there I decided to change my password, and was
horrified to find that they limit passwords to 20 characters.

It got me thinking about the standard assumption that any system limiting
chars in a password must be storing passwords in plaintext and not hashing
them, else there would be no logical reason to do so (since hash length is
constant regardless of input length) - with the only exception being placing a
really large limit (say 1024 chars) just to avoid performance issues with
hashing really massive passwords.

But.. I refuse to accept that's what's happening here. It simply can't be the
case that _Paypal_ is storing plaintext passwords, can it? So there must be
another explanation - but what is it?

The only thing I can think is that perhaps they are encrypting passwords,
instead of hashing them, or started out doing this in the early days and have
since switched to hashing passwords, but there were by then so many layers of
validation cruft and/or dependent systems that somehow relied on the 20 char
limit being enforced, that they were unable to remove the limit without
breaking everything, and they've decided the tradeoff of just sticking with a
20 char limit is worth it.

Does anyone know of or can think of a better explanation for this?

~~~
pteraspidomorph
I know the "logic" behind modern low password length limits for services like
Paypal. Too many of their users are literally incapable of remembering their
passwords and call/e-mail them bitching about how they're entering the right
password and their account won't let them in and now they can't get to their
money and bogus threats of legal action. So they encourage weak passwords and
try to handle security on their side by flagging accounts for any reason and
using 2FA. Recently they started requiring one number or special character in
passwords, which puts them about 15 years behind the times when it comes to
password policies.

~~~
jeromegv
Their 2FA policy is awful, SMS or nothing. At least that's the case in Canada
(I heard it might be different in other regions).

~~~
Thorrez
Just now I (in the US) added TOTP (Google Authenticator) 2FA, and removed my
old SMS 2FA. It does seem a bit laggy but I was able to do it and log in.

~~~
efreak
PayPal allows directly adding totp now? When I added 2fa, I had to use a
python script that emulates the stupid Symantec software they were using in
order to get the secret; it instead gave you a code to give the Symantec app,
which prevented you from using 3rd party apps.

~~~
Thorrez
Yes, I think it's somewhat recent. The previous time I checked it didn't let
me, now it does. I found this from 6 months ago mentioning it might only be US
accounts[1], and this from March[2].

[1]
[https://www.reddit.com/r/YouShouldKnow/comments/a59knq/ysk_p...](https://www.reddit.com/r/YouShouldKnow/comments/a59knq/ysk_paypal_now_allows_2factor_authentication_from/)

[2] [https://benbrian.net/authenticator-app-support-in-paypal-
fin...](https://benbrian.net/authenticator-app-support-in-paypal-finally/)

------
noonespecial
Learned the hard way you make a _separate_ bank account to link to PayPal. You
turn off overdraft and you keep that sucker _empty_.

It's like living with a drug addict. They may be family but you sure as hell
dont leave cash or valuables laying about...

~~~
canada_dry
> like living with a drug addict

Great analogy! Despite enjoying a long relationship, Paypal will very possibly
stab you in the back and rob you blind in a blink of an eye then become
incommunicado.

~~~
NightlyDev
As a business I can confirm that.

"Oh, yeah, don't worry, 3D secure can't be forced for all payments, but we got
you, we'll enable it when we think it might be abuse. Also, our seller
protection covers you."

All the time: "Here is a customer that made 12 purchases during the last 13
months. We took the money, but you have to prove that the card wasn't stolen
and that the customer got what he paid for. We didn't enable 3D secure for
this transaction, so please fix this for us and we'll give you your money
back. Also, if you don't we'll take some more money from your account. Seller
protection does not cover this as services are in a gray-zone."

240K frozen and taken since 2012 and still counting! At least I've started to
win all the cases, but it takes a lot of time. Time to switch to stripe where
I can force 3D secure...

PayPal is a joke. A bad joke.

------
zxcvbn4038
I very rarely have to contact PayPal for anything, but I’ve had to talk to
them a couple times. My experience is that they absolutely will not answer any
question they don’t have a pre-written response for, instead choosing whatever
they think is closest to what I am asking, even if it doesn’t answer the
question. I’ve even had them send me the same response again when I explain
that it didn’t answer my question the first time. If I need something specific
like the fedwire tracking number for a transfer, I’m basically SOL because
they don’t have a response for that, they just send me links on how to view my
statement.

I don’t know why companies do this but I notice that companies that don’t
compete with Amazon tend to have horrible customer support, but as soon as
Amazon enters the market suddenly everyone picks up the phone second ring, has
chat, and sends out hand written e-mails.

~~~
lucb1e
> they absolutely will not answer any question they don’t have a pre-written
> response for, instead choosing whatever they think is closest to what I am
> asking, even if it doesn’t answer the question

I got the exact same feeling when talking to them. It sounded like they
understood my problem, but the proposed resolutions were obviously not a
match. Reasoning about it with them got me nowhere, they clearly had no other
options.

------
CommieBobDole
This is not a customary experience - Pretty much any interaction with Paypal
support that doesn't involve you losing hundreds or thousands of dollars is an
uncommonly good experience.

Paypal is a well-oiled machine until you trigger some exception that creates a
case with their legendarily incompetent support - at that point, the results
will be essentially random and often apparently malicious, no matter the facts
of the case.

------
Moru
Once I ordered some expensive gear from UK and only option to pay was PayPal.
I ordered and paid for the goods, order shipped and a few days later I get a
mail from the selling company asking why I locked their account for fraud
protection or some such. PayPal sent me the money back and I got the goods.
Offcourse I didn't use PayPal again and sent them a normal bank transfer
instead. Was also a better exchange rate than PayPal.

~~~
FDSGSG
>few days later I get a mail from the selling company asking why I locked
their account for fraud protection or some such

How come most of these stories seem to involve obviously incompetent
merchants?

------
antihero
Whoa, I just got off of a call from PayPal as to why my account was banned.

Turns out, 15 years ago when I signed up, I was 15 (I am 30 now) and that is
against their terms of service. So my account is permabanned and they said to
make a new one with a different email.

I can understand they don't want people under 18 to sign up, but for fucks
sakes, it was 15 years ago, this feels like a fairly stupid policy.

I would like to add that the customer service experience in this instance was
pretty good - they had a queue system where you can leave your number and they
call you back instead of keeping you on hold forever, and they representative
was helpful and professional and told me straight up that I could make another
account.

~~~
ingenium
How did you manage to call them?

I've been fighting a similar issue. I woke up one morning to an email that my
account was permanently suspended, along with several family members' accounts
that don't live with me. All of our accounts were shut down at the same time,
with no reason given. None of us had used Paypal in months, and I haven't
received money on Paypal in years. We can't get a hold of anyone to find out
what happened.

~~~
antihero
[https://www.paypal.com/us/smarthelp/contact-
us](https://www.paypal.com/us/smarthelp/contact-us) There's a "Call us" link
at the bottom.

------
tobiasSoftware
I recently had a similar experience with eBay, though it got resolved:

-I had an old eBay account that was closed through inactivity

-I wanted to buy some headphones so I decided to create a new account

-When I went to eBay it had already given me a username through some sort of linked google account feature that used the google account I was logged in to

-I tried to buy 2 $40 headphones and it wouldn't let me, saying I was over my temporary purchase limit

-I figured maybe you can only buy one item at a time as a new user so I tried to buy a single pair of $40 headphones and got the same response

-I thought it might be my VPN, but my VPN was off at the time.

-I created a normal account linking it to my normal email and everything seemed well. I purchased the headphones successfully

-A few minutes later, I got an email that the first account had been suspended for suspicious activity. I first thought this was fine, until I read that I was not allowed to use any other eBay account ever again in my entire life. There were no options listed for recourse. Reading internet threads suggested that they were serious about this and that even if my other account still worked, they would eventually find it and close it.

Eventually I called and got a rep. I got the feeling he didn't believe me, but
he fixed the issue so now I can use eBay again without worry. The whole
experience left me a bit shaken though that triggering some automated flag
nearly resulted in being cut off from one of the largest marketplaces in the
world for the rest of my life.

~~~
nashashmi
You are lucky. I had a very old account that got suspended. Any further
account on the same address also got suspended. They blacklisted the address.

I called and spoke with them for an hour and they would not tell me why they
suspended the account, other than "I have reviewed the information and have
decided the suspension is correct. But cannot tell you why it is being
suspended." they kept repeating that she personally reviewed and therefore
suspension must be legitimate. I said to her that her review of the account
sucks.

And I had my pitchfork out to sue because they should not be doing that.

~~~
tobiasSoftware
Yeah, that's what I was afraid of and I think I got lucky. The big thing for
me is that I don't use eBay much but I'm getting married soon and my fiancee
is moving a very far distance and she will need eBay to get decorations and
such to help make her feel at home. I hated the feeling of inconveniencing her
over some weird glitch that I was powerless to fix.

------
IAmGraydon
I’m going against the consensus here, but why was this guy so concerned about
the reversal of a transaction that never should have happened in the first
place? It wasn’t his money. Someone at PayPal obviously manually reversed the
transaction when they realized the mistake. These things happen.

I’ve been using PayPal personally for 10+ years without issue. I also own a
company and have processed hundreds of transactions and withdrawals through a
business account with them without a single problem. I’m not saying that
dealing with PayPal is without risks, but it’s also possible that we’re
hearing a vocal minority here.

~~~
_jal
You don't have a problem with money flowing in to and out of your account, so
long as it all balances out in the end? Really?

Then you won't mind if I borrow the keys to your account. You'll never notice
a thing.

Even if PP is just covering their embarrassment over a mistake, it is still
nonsense on stilts that they stonewall and bullshit about transactions flowing
through your account. Who knows if they're even legal transactions? Someone
could be playing a game.

Before you assert the belief that Paypal would never risk laundering money,
you maybe want to look at Wachovia, HSBC and Deutsche. And it doesn't have to
be "Paypal" in some formal sense; it could be employees there.

It is incredibly naive to play "what, me worry?" about sketchy things going on
in your accounts.

~~~
unreal37
You would never notice a bank correcting it's own error on your bank
statement. They don't post it as a credit followed by a reversal - they remove
the accidental credit. It just disappears from your statement.

It happens ALL the time, and you'd never notice or be notified.

~~~
dzader
no, it doesn't.

------
kalleboo
No, most people would not be this agitated about a mistaken transaction being
silently refunded. At best they'd probably assume the notification went to
spam or something and went on with their day

My bank doesn't notify me about any transactions, I have to check my bank book
manually. Once a mistaken transaction showed up and disappeared a few hours
later, with no trace left behind at all. I just assumed it was a mistake and
didn't bother getting angry.

~~~
luckylion
> Once a mistaken transaction showed up and disappeared a few hours later,
> with no trace left behind at all. I just assumed it was a mistake and didn't
> bother getting angry.

In many (all?) countries, your bank would've acted criminally. If money has
been deposited to your account, only you or a court order can get it out
again. If somebody "just does it", they are on a similar legal basis as
somebody that forgot a jacket in your house and decides to break your lock and
enter your house without your knowledge or authorization to get it back.

~~~
astura
This is totally and completely incorrect for the US, reversing ACH
transactions that are made in error is totally a standard and perfectly legal.

Requiring a court order to correct simple bank errors is entirely infeasible
and, frankly, pretty silly.

[https://digital.wf.com/treasuryinsights/portfolio-
items/tm31...](https://digital.wf.com/treasuryinsights/portfolio-
items/tm3192/)

>A payor can attempt to reverse a payment made with an ACH credit only if the
payor claims the beneficiary was already paid by a previous ACH credit entry,
or the beneficiary was the wrong recipient of the funds, or the original ACH
payment was in the wrong amount. Otherwise, the credit is considered final.

~~~
luckylion
No clue how that works in different countries. Here it's pretty simple: once
the money is _in_ the account, you can't do anything. While the transaction
isn't complete, you can cancel them obviously.

There's a good reason for that: nobody want's banks to take money out of
accounts because they "feel that's the right thing to do".

There's one notable exception: SEPA direct debits getting reversed. Using DD
requires a special agreement with your bank, however, and it won't happen that
money ends up in your account without you requesting it - or if it does, you
will get a phone call from your bank where somebody explains the situation,
apologizes a dozen times and asks you to look into the matter and authorize a
reversal. Acting on their own would be a criminal matter and likely be of
interest to the regulators as well.

~~~
astura
So if you decide not to reverse the mistake transaction you just get free
money?

Unless it's a real lot of money going through the courts to get reimbursed
would be impractical and if you transposed two numbers while typing an account
number then you might not even know who the money went to.

~~~
luckylion
> So if you decide not to reverse the mistake transaction you just get free
> money?

No, the law gets involved and at some point, a judge will decide whether you
owe the sender the amount they mistakenly sent. It's basically the same for "I
mistakenly sent you 100 that I meant to send to my friend" and "I mistakenly
sent you 100 when I only meant to send you 50 that I owe".

And yeah, it's a hassle. At least you can generally find out which account the
money went to, and with new IBANs, you need to mess up multiple digits, since
they include a checksum. If the checksum doesn't match, the money bounces back
into your account. Previously, some banks required that the account number and
account holder match (within reasonable limits, misspelling the last name
would work), but that changed with the IBAN system, only the account number
matters now.

------
edcrfv
This is standard PayPal. They don’t give a crap about their merchants and it’s
been widely documented in the past. See
[https://www.google.com/search?q=paypal+horror+stories](https://www.google.com/search?q=paypal+horror+stories)

~~~
FDSGSG
Can you name some payment processors which do care about their smaller
merchants?

~~~
tadzik_
Stripe. We moved most of our payment processing from Paypal to Stripe last
year, they're unbelievably more competent (an extrapolation from the quality
of the tooling and APIs) and actually respond with meaningful input when a
problem arises.

~~~
FDSGSG
I use Stripe, the support is certainly better than Paypals but it's not like
they'll do anything to keep your business if they consider you a risk.

------
nikolay
I just got an invoice from Google Account. Basically, scammers send people
invoices stating that they exceeded their 5GB and people have to pay $120 not
to lose their Google account. I'm sure there are tons of rich idiots who will
pay $120, but I wonder why:

\- There was no merchant contact info. They managed to upload Google's logo
and use Google Account as the merchant name. Isn't PayPal doing any basic
blacklist check, etc. or check against stock logos (there are tons of
companies now, which provide logo by provided company name).

\- There's not way to report the invoice as scam attempt - I can only "cancel"
or "archive", which sends the "merchant" an email and they can know that my
email belong to a valid PayPal account after that as the email is sent by
PayPal.

In general, after so many in business, PayPal is a lazy, slow, and stupid
company. I am sorry to say that, but it's the truth. Their developers are a
bunch of old timers, who have entrenched into the company and there's no
innovation going on. There are many, many, many complains about PayPal, which
I can list here. Most of the are very simple to spot and fix by PayPal, but,
no, they are untouched for years.

I feel like their dev teams is maybe a dozen people who just do maintenance of
critical issues and that's it. Their recent interface upgrade took years and
it still sucks and feels like in the dawn of DotCom. Compare PayPal to Stripe,
let's say - there's no room for comparison! Stripe innovates at a huge pace,
they provide a much better DX (Developer Experience), and are so much nicer to
work with!

PayPal recently acquired Xoom - a very expensive and shady money transfer
company. Compared to TransferWise, they are a total joke. In general, I think
PayPal is managed by technological morons!

P.S. PayPal Here is also a disaster compared to the rest. I bought the device
(as PayPal gives nonprofit discounts like Stripe but unlike Square) and many
of our transactions failed, so, we switched back to Square. Now we're
integrating with Stripe's reader, so, we'll get the best of both.

~~~
gruez
>Their recent interface upgrade took years

Nah it's still not done. There are nooks and crannies of the site where the
early 2000s theme is still around.

~~~
pbhjpbhj
You'd think paypal was run by two people in someone's basement ...

------
jonnu
Similar to my experience, especially the ping-ponging between eBay and PayPal.
In my case, I _did_ actually sell something, but then the buyer decided to
return it. Somehow both my eBay and PayPal accounts got into a 'locked' state,
with no way to resolve it instead of contacting customer service. The
experience with their CS department was beyond frustrating - they're happy to
send 'red' letters demanding refunds and transaction fees despite cutting off
all my ability to do anything about it.

Reading this post has given me the final nudge I need to look into closing
both those accounts.

------
tannhaeuser
Is it too much to ask for regulations for payment transactions to step in, at
least in EU? I know we're not too regulation-friendly here, and I haven't made
up my mind yet, but I tend to think it's only consequential that digital
payment transactions are considered a field where governments should exercise
authority, on similar grounds that give (or doesn't give) government authority
over establishing a currency in the first place.

Note this isn't a snark at paypal specifically. I'm just interested if anyone
with an economic background has an opinion to share.

~~~
TazeTSchnitzel
The EU has a lot of law about digital payments. In September this year, a new
provision will come into force in the entire EEA that requires digital
payments to be made with two-factor authentication, for example. I don't know
whether or how that affects PayPal though.

~~~
lucb1e
Ugh, I'm really going to need virtual phone numbers for all these "second
factors" (i.e. linkable identifiers), I'm just not sure where to get them.
Twilio requires a credit card, and most other businesses that offer this look
super shady.

~~~
TazeTSchnitzel
There's no requirement it be SMS. Card payments in Sweden are already able to
comply with this just by having a phone app for authentication.

~~~
lucb1e
I won't install an app on my phone. It probably won't work without Evilcorp
Play Framework, it probably won't work with root, and even if neither of those
are an issue, I still don't trust my device enough (I won't install banking,
password managing, or pgp apps on there, it's too much of a play thing for
that). My trusted things are computer-based, not a mobile device that goes
everywhere and that I want to be able to use without having to unlock the
screen with a complicated password every time.

So it'll probably be SMS, and otherwise they can ship me a second factor -- as
the Rabobank already does for as long as I know: they basically send you a
payment terminal that creates 0 cent transactions on your card, if I
understand it correctly. While a bit annoying, it is safe and not too
inconvenient.

------
tinus_hn
It’s difficult to understand why people are even using this service anymore.
PayPal is not your ‘pal’ and to use them safely you need insurance and
leverage all the way. The only reason I can imagine is that it works most of
the time. But the times where it fails are invariably a disaster.

~~~
pjc50
It's a two-sided market with one-sided dispute resolution, like eBay.
Customers love it because it almost always finds in their favour. Sellers hate
it because it almost always finds in favour of the customer. Neither side
really wants to pay higher transaction fees in the hope of better justice from
the dispute resolution.

Ultimately if you get into a bit enough dispute with Paypal you have to
consider using the real courts.

~~~
analog31
I'm a seller and I actually like the buyer protection, because it emboldens
people to buy a product from a small and relatively unknown seller. Customers
also don't have to give me any of their personal or financial information
except for where to mail their package.

Now, an aspect of running even a small business is that I have some cash on
hand, and a profit margin to cover the cost of eating one or two disputes if
necessary. If a $100 sale goes down the toilet, I don't lose $100, but only my
original cost of goods.

Where I read about horror stories is individual sellers who are selling things
like a second hand electric guitar. In those cases, the buyer and seller are
probably both not swimming in cash, so having their money tied up in a dispute
is in fact painful. And that entire economy is rife with fraud and outright
theft. Also, electric guitars are a case where there is extensive room for
dispute about the provenance and condition of each piece. This gives the buyer
an easy way to claim "item not as described."

In my view the hot business model for using the small payment services is
selling an inexpensive physical good with a generous mark-up.

~~~
w0de0
> I don't lose $100, but only my original cost of goods.

If you shipped the product, you most certainly lost $100, plus whatever
additional labor costs were involved in attempting resolution.

There's also the opportunity cost of having that cash illiquid, even if you do
win the dispute in the end. Money's time is worth money.

~~~
analog31
I don't pay for labor. Amusingly, an MBA student interviewed me about my tiny
business, and could not wrap his head around the fact that I don't count labor
in my cost of goods. I do have a rough estimate of profit, and of how many
hours I work. The closest thing I could offer him was a ratio of these
numbers, which is typically around $100 per hour. I make my widgets in my
basement, and am usually able to take care of everything in one evening per
week. It's the closest thing to passive income that I've been able to come up
with so far.

I follow a rule that's common among micro-businesses, which is to waste zero
time on disputes. I always offer a full refund right away, along with a
boilerplate list of troubleshooting suggestions. In virtually every case, the
customer comes back in a few days and agrees that my product works. But
because of this, I consider a dispute to be an immediate loss, and not a
dollar amount hanging in limbo.

------
voidwtf
PayPal manipulating, removing, or holding hostage the balance of your account?

Yes that’s normal for PayPal.

Getting a the runaround about how and why it happened?

Yep, that’s expected too.

Actually getting a non-form letter response of any type?

That’s just lucky. We couldn’t get an account rep on the phone for almost 4
days when ~35k was suddenly deducted from the account. Nor when they
accidentally cancelled all of our customers subscriptions while working an an
unrelated fraud incident. Of course in both of these instances the customers
blamed us for not being able to process refunds and being unable to reactivate
their subscriptions.

PayPal, working as intended.

~~~
voidwtf
P.s. never ever link any account with shared funds to PayPal. Business or
otherwise, open a completely separate account for PayPal if you must use it.

Imagine having PayPal place a hold on the funds in your account to make sure
refunds/fraud can be handled. Then when a customer does request a refund
you’re literally unable to process the refund because it won’t take it from
the funds you just received that are held. So now you automatically lose all
disputes and they just start raiding your linked bank account. So why did they
hold the funds in the first place?

PayPal needs to end IMO.

~~~
stakhanov
Actually that doesn't even work. When they don't have a payment method on file
that they can abuse, they'll be happy to send your PayPal account into
overdraft and start threatening legal action to bully you into settling the
balance.

Really the only thing to do, as soon as you see a "pay with paypal" screen is
to go away screaming.

Here's the anecdote: I had had a company with a bank account and PayPal
account, then dissolved the company and closed the bank account. Months after
that, a former supplier of the now nonexistent company who had PayPal
authorization deducted funds fraudulently from the PayPal account, claiming
they had rendered services that were never rendered to a company that
obviously and provably no longer existed.

PayPal sent the account into overdraft. When they couldn't deduct payment from
the bank account that no longer existed, they started sending threatening
communications to get me to settle the balance. I took things up with their
fraud unit to get the transaction cancelled. Their fraud unit dismissed my
case without looking into any particulars regarding the services that the
vendor didn't render or the company that should have received services that no
longer existed. To them the only thing that mattered was that, years ago, I
was, in actual fact, stupid enough to click on "Pay with PayPal", the
ramifications being that vendors are entirely within their right to use PayPal
as an instrument of fraud and legal intimidation against me. It's your own
damn fault, sir, for being so stupid and using PayPal.

Knowing that taking the legal route would have been way more costly than the
amount of the transaction, and wanting to sleep soundly again against the
backdrop of PayPal sending threatening communications, I wired money from my
personal account to settle the balance and jumped through a shitload more
hoops to make sure the PayPal account was properly closed and couldn't come to
haunt me again in the future.

I think that's how they get away with it: Since the transactions they handle
tend to be small, no one will take legal action.

~~~
StavrosK
Do they use accounts linked for withdrawal to transfer money as well? I have
an account linked so I can withdraw PayPal money to the bank, but I don't want
them to get money from my bank account to PayPal.

Does anyone know how I can avoid that happening?

~~~
stakhanov
The point I was trying to make that is actually more general than PayPal was:
When you want to take back control over convoluted and untrustworthy systems
that end up accessing your account in some way, you can't really do it at the
level of the payment mechanism.

I've done this a fair amount in the past: When I would do business with a
vendor that I don't trust all that much with the way they do their billing, I
would give them a credit card number for a prepaid credit card with tightly
controlled balances, instead of giving them anything that's linked to my main
bank account.

But it doesn't really help. When the untrustworthy party wants to deduct a
payment from the mechanism you've given them and it can't, then they will
instead just turn to bullying and threatening legal action, and you end up
paying them whatever is in dispute because you won't want to risk them taking
legal action.

Another consideration that enters into this is the dark and murky territory of
consumer credit rating. If there's an account that's in your name, regardless
of whether it's PayPal, a prepaid credit card, a bank account or whatever, and
there's a charge that hits the account and there's no balance, then this is an
event that they'll collect data about, and that may be disseminated in ways
that you may not realize, and it may come back to bite you in the ass when you
want to apply for a mortgage or something. So it's best not to go that route.

At the end of the day, the only thing you can do is to not do business with
certain kinds of entities at all. And PayPal is definitely on my list of
entities not to do business with.

------
DanielBMarkham
A few years ago, I sent my youngest son to a well-known online retailer to buy
some computer gear.

What he got was a counterfeit, a fake that was broken.

He started the refund process, but I was pretty miffed that my reputation with
my kid got mixed up in these poor business practices. So I emailed management
and asked that they apologize to the kid.

It took almost forever to get them to figure out that I was not asking for a
refund. I was asking for somebody to explain what happened, apologize, and
take steps for it not to happen again.

He finally got a refund, although whether it was from my actions or his nobody
knows. He said it came in three chunks, as if various departments were each
pitching in a bit.

I thought my point was pretty clear: as leadership, when you take your company
and allow its reputation to suffer like that, this is something you are
responsible for and need to take action to fix. The money has nothing to do
with anything. But they only have certain predefined channels that they seem
to be able to communicate through. Anything outside of those channels causes a
weird org fault.

I've worked with call centers before, and it continues to amaze me the strange
place we are putting humans. They're paid to answer the phone, but after that?
They're basically little robots, paid to execute a predefined program, adding
in a bit of human-sounding noises now and then to make things slightly more
palatable to the person on the other end.

~~~
pjc50
On call centers, I will keep pointing people at:
[http://www.harrowell.org.uk/blog/2012/01/21/the-politics-
of-...](http://www.harrowell.org.uk/blog/2012/01/21/the-politics-of-call-
centres-part-one/)

> Inappropriate automation and human/machine confusion bedevil call centres.
> If you could solve your problem by filling in a web form, you probably would
> have done. The fact you’re in the queue is evidence that your request is
> complicated, that something has gone wrong, or generally that human
> intervention is required.

> However, exactly this flexibility and devolution of authority is what call
> centres try to design out of their processes and impose on their employees.
> The product is not valued, therefore it is awful. The job is not valued by
> the employer, and therefore, it is awful. And, I would add, it is not valued
> by society at large and therefore, nobody cares.

~~~
DanielBMarkham
Call centers, warehouses, and distribution centers; all places where people
seem to be required yet their creativity and input isn't. For a large part, we
treat them like they're just meat robots.

I remember the first time I saw the computer-controlled voice-directing
picking. You wear the headset. The computer tells you what to do. I see this
way of working eating up more and more workers.

One economist put it this way in a recent column I read: robots aren't taking
your jobs. Robots are becoming your bosses.

~~~
tomp
There's a lot more jobs like this... Bank teller, fast food server, garbage
collector, store clerk...

~~~
nerdponx
What's interesting to me is that human creativity and input are indeed
required for _excellence_ in these jobs, but not _basic competence_.

------
claviska
I processed a few hundred thousand in revenue through PayPal subscriptions
starting around 2008. Everything went fine for a few years, then I moved to
Stripe because of the horror stories that kept popping up about PayPal (frozen
accounts for 6mo+ with no recourse, inability to contact anyone, etc.).

It just isn’t worth the risk, IMO. At least with Stripe I know I can talk to
somebody if a problem arises.

------
antihero
Yeah, had this happen to me. Currently my account is limited, they want me to
send proof that I have shipped things that do not exist. I am not a merchant
or anything like this, I just sent money to my gf and she sends money to me.
It's fucking stupid. These companies are absolute shit.

~~~
sethammons
My wife and several of our friends are using venmo for transferring money and
seem to like the app.

~~~
smoothgrammer
Guess who owns Venmo? You have 1 attempt.

~~~
sethammons
Wow, I didn't know that PayPal bought them a few years ago. Still, I hear lots
of folks like Venmo.

------
DagAgren
Paypal may, under good circumstances, fix problems they have themselves
caused.

However, the concept of explaining to a customer why they did something is
utterly alien to them. This just does not seem to be part of any process they
have. It bewilders them to no end if you ask them for an explanation of
anything.

------
matthewfelgate
Yup. This is why I left eBay and PayPal.

PayPal charged me £400 which I was lucky I spotted. Eventually after a week
got the money back.

I never got an explanation why it happened or how I or they would prevent it
in future. I prevented it by leaving eBay and Paypal.

~~~
clort
Interesting that you are in the UK and still had trouble. Do you think that
you got the money back because of the way they are regulated within Europe as
a bank rather than the way that they are not regulated in the USA (which is
where most of the horror stories I see seem to come from)?

~~~
matthewfelgate
I have no information to make a judgement of this as they didn't tell me what
happened. All they did is close the ticket.

------
swalladge
Yes, my experience with PayPal has involved inconsistent UIs, bad UX, locked
funds, and incompetent customer service. I only use paypal where absolutely
necessary, such as for selling on ebay.

------
DavideNL
I avoid PayPal, but in the rare case where there is no other payment method
possible and i really need something, i simply create an account, do the
transaction, and immediately delete the Paypal account again.

I find this the best way to deal with them :)

~~~
herghost
I once closed my account only for it to be re-opened 4-5 months later by them
with a debt balance assigned.

Long story short is that someone I'd previously transacted with owed them
money so they determined that they would take it from my account and recover
it from me.

I complained the Financial Ombudsman in the UK. They agreed with my position
that it was unreasonable for me to be held financially accountable for people
I've transacted with indefinitely.

Paypal stuck to the line that "You cannot close your account in order to avoid
a debt". Despite the fact that I had no debt, except the one they assigned me
several months after account closure, out of nowhere.

------
alkonaut
That sounds like normal procedure from a bank. If someone deposited a million
to my account in error, the bank would (and should) most certainly just
correct the error even if it means "decreasing the balance" on my account.

I expect them not to _hide_ it though, i.e. I expect to see the transaction
log to say "+1000 deposit -1000 correction", and I expect them to be open
about the mistake IF I ask. I do _not_ expect them to give me a call to
explain what happened, however.

This is behavior I expect from any entity where I have an account with a
balance, whether it's a commercial bank, PayPal, or anyone else.

~~~
pbhjpbhj
The mistake of having a deposit in your account shouldn't be furthered by the
bank, or other company, removing money from your account without notice. They
don't have to do a in-person phone call, a text message/email/automated call.

There are many situations in which a person could receive money and genuinely
think it was theirs to spend. Some of those situations could be ones in which
the spending could be extremely detrimental.

Other than that I agree.

------
codewiz
Every time I relocated, I ran into countless issues with my Paypal account
being tied irreversibly to the country where it was first opened.

So I end up opening a new Paypal account -- which must use a new email
address, and can't have my old credit cards added to it.

Now I'm stuck in a situation where my newest account doesn't accept the credit
card from my local bank because

    
    
      This card is linked to another PayPal account.
      Please remove the card from the other account
      or try a different payment method.
    

But I checked my other accounts, and I'm sure it isn't there.

------
Grollicus
And I'd bet their fraud detection machine learning bingo tool will learn
"owner did not contact us after the ban" as a correct ban and continue to be
more obnoxious to all the other customers.

Oh well, whoever are still using Paypal should know by now what they are
risking.

------
brownbat
A bit like chargeback without any consultation.

Planet Money just had a story from the other side, one of the producers made a
payment on another service in error, and tried to get it refunded.[0]

[0] [https://www.npr.org/2019/06/26/736352315/episode-922-the-
cos...](https://www.npr.org/2019/06/26/736352315/episode-922-the-cost-of-
getting-your-money-back)

You could read one of these stories and come away passionately more pro or
more against chargebacks, but the real solution for both situations is just
more transparency and communication.

In SG's case, if they're right that the money ended up at the right place,
fine, just let everyone involved know what happened, how PP came to that
conclusion, and what options there would be for the parties to appeal in the
case of fraud or mistake. It sounds like in the PM story that that approach
would have resolved everything faster there too.

Transparency isn't going to kill you in this situation. You may be worried
about privacy risks, but just make a clear policy as to what you can and can't
say during the initial phases of disputes.

Transparency will resolve the easy cases, but there are real dilemmas here
between buyer and seller rights. I feel like some of the tech that is taking
over the roles of payment systems are just pretending these dilemmas don't
actually exist. eBay definitely stumbled through buyer vs seller rights for a
while, maybe still doesn't have it right.

Cryptocurrency is an interesting spin. In some ways its stance is that
chargebacks are so anathema that they will design them completely out of
consideration.

------
rogy
Recently had a terrible experience with PP Dispute process.

1 - Bought tickets for a show via twickets.live 2 - Seller (supposedly) sent a
transfer request to me via the ticketmaster portal. 3 - I received, nothing,
tried to contact seller, got no reply till after event. 4 - Open a dispute as
I paid for something and received nothing. 5 - PP sides with the buyer citing
‘evidence’ the tickets were sent to me 6 - PP won’t share ‘evidence’ with me,
wont reopen my dispute, no option to create a new one.

Now I’m down a wad of cash, didn’t go to the show, and got no opportunity to
do anything about it. Closed my account immediately afterwards.

------
cpg
PayPal is horrible, both as a merchant and a customer. In every single way
possible. From APIs to service, to explanations to everything. It's time for
someone else to take their place and everyone stop using PayPal.

------
martin-adams
I'm not surprised. I accidentally created a seller account trying to create a
test account for a project I was working on. I never verified the account as I
realised quite soon. I've never sent or received any money.

But can I close the account? Nope! I have to send official paperwork to prove
it is a valid seller account before I can close it.The only reason I want to
close it is so I can reuse the email address. But you can't even change the
email address.

Their process is flawed and lacks common sense.

~~~
peteretep
Try GDPR'ing them

------
lucb1e
I still sometimes make the mistake of trying to login to paypal without a VPN.
I once lived 50km westwards in another country and if I try to login to my
account accidentally, it'll lock me out, also after I VPN back into the
original country I still can't login. It is randomly resolved after a cool-off
period.

When you call support, either in the original or the new country, they both
offer the same thing:

\- change your password (I know my password, and though they seem to
understand, their script seems to tell them to offer this)

\- close your account (what, after telling you my email address and the last 4
digits of my bank account (not even a credit card)? That's password-
equivalent?!)

Support tells me it's not supported to login to your paypal account from
another country. Don't thousands of people do this every day? On holiday,
while traveling for work, or moving countries like me... doesn't this happen
thousands of times a day? I live an hour driving from five different
countries, it's not uncommon for anyone here to be somewhere in, y'know, the
EU.

A few years ago I remember being locked out of a PayPal account (which I just
forfeited) for not knowing my security questions. Like, duh, you think I
answer truthfully what my favorite food is for a _payment_ account after I
(the 13 year old leet haxxor) 'hacked' a classmate's Hotmail by guessing a
very common favorite food? They still use security questions, but these days I
enter my current password there so I can at least answer when prompted.

~~~
hombre_fatal
> Support tells me it's not supported to login to your paypal account from
> another country. Don't thousands of people do this every day? On holiday,
> while traveling for work, or moving countries like me... doesn't this happen
> thousands of times a day? I live an hour driving from five different
> countries, it's not uncommon for anyone here to be somewhere in, y'know, the
> EU.

Yeah, exactly. I had the same thought when support told me to open a new
Paypal account from the country I live in abroad and only use that account
when I'm abroad.

Wait, what? Their official policy is to use a different account for N
countries you spend any time in?

To link my new US bank account to my Paypal account, I ended up using a US VPN
and then gave Paypal my friend's US telephone number so that he could feed me
the security code.

It made me suddenly feel very precarious about how I currently use my Paypal
account. I would've thought international-use was one of Paypal's main
marketing bullet points.

Though, to keep things in perspective, Paypal does let me do things that my
bank certainly doesn't, like send and receive money for free internationally
and work remotely for anyone with a Paypal account. I can't complain too much
and I'll give them the benefit of the doubt that they are hamstrung to some
degree by psychopathic anti-laundering/KYC bullshit.

I hope Facebook's Libra will be more polished and be built on the expectation
that people ever leave their country of origin.

------
fxleach
Completely expected. As a developer that has been forced to integrate with
PayPal numerous times I'm not surprised the customer service side is as
abysmal as the developer side. Terrible service, run-arounds, just shitting
all over the bed in general. Don't even get me started on their fraud
resolution.

They are simply the biggest name in the business and have been around the
longest. There is absolutely no other reason they deserve the market share
they have.

------
electriclove
I had a similar experience with Uber Eats. Though I despise PayPal, I think
this problem is common to these large companies that outsource all customer
support. There is no venue to actually reach someone who gives a damn and at
the top, they like it that way because they don't care about anything except
how much money they are making. It is deeply flawed. I wish there was a good
alternative to PayPal.

------
macspoofing
PayPal is stuck between a rock and a hard place. At their scale they are are
constantly targeted for all kinds of criminal activity and are under enormous
pressure to follow rigorous laws pertaining to handling money.

They keep trying to balance this with good customer service, but I'm not sure
you can do any better ... and I hope nobody thinks that cryptocurrencies are
the answer.

------
beezischillin
Same thing happened to me. I git charged for a “refund” for a sale I never
made. It took myaccount into the red and they demanded money and even more ID
from me so I closed it. Stuff like this is why I don’t keep money in any place
other than my bank acct. They also instantly and without warning locked my
account after receiving 2000 dollars from a friend before that and demanded
official documentation after I started investigating what happened citing EU
laws. I wouldn’t have minded that since I’m not a criminal but surely locking
away someone’s account without explanation is not a good way to take care if
users. Especially if you’re basically a bank.

Maybe I am in the wrong here but my approach each and every time to a project
where I deal with someone elses' money is to try and figure out the most
secure and most informative way to do everything, afterall it's one of the
biggest responsibilities you can take on as an online service provider.

------
TomMckenny
If anyone wanted a de facto software monopoly to break up, this would be a
good one.

~~~
jeltz
But how would one do that? There are competitors which are cheaper, have
better APIs, better customer service, and better user experience.

~~~
TheOtherHobbes
Aside from Stripe - who?

And sellers on larger sites like eBay can't easily use a competitor. It's a
classic anti-trust pattern and should be treated as such.

~~~
ryanlol
There’s no monopoly, certainly no “classic anti-trust pattern”.

------
Doubl
I have to say that I have been lucky with PayPal so far and I have a PayPal
account for a long time. I only use it as a buyer though. I really like it
when a website has a PayPal option so I don't have to give yet another site my
card numbers including the security number on the back. I think that maybe
twice over the years I have needed to get a refund and apart from the process
being a bit drawn out I had no problem. But then the unhappy stories are
usually from vendors so maybe my experience is nothing special

------
andreimiulescu
Just avoid Paypal, I’ve always had issues with them from funds being blocked
for no reason to my account being blocked, their support is an absolute
nightmare, also my friend sold something on eBay the buyer said she didn’t get
it so PayPal took the money back from my friend, she sent it and it was signed
for but not at the address listed on PayPal the address that has been given by
the buyer so it’s not protected. Shady shady business

------
Hendrikto
> I guess it's easier to pretend they fight crime when they just target the
> easier target they can find.

That is the story of the whole western world at the moment…

------
sharno
I got once a mistaken transaction on Paypal, the "buyer" contacted me to ask
me to refund their money because it was a mistake. I issued a refund and
Paypal took 30 cents fees because of the refund. I contacted paypal to ask why
I was charged for a mistaken transaction and they just told me this is how it
works and there's no way to avoid that.

------
wirrbel
I once ordered a domino's pizza via paypal. The app did not complete the
transaction. I did find however 20 transactions to dominos on my paypal
account. I tried to reason with Paypal that I did not authorize 20
transactions (just one), but Paypal did not want to reason with me. In the
end, Dominos refunded 20 transactions.

I now pay with credit card.

------
wbhart
If you do a calculation of the number of Ebay purchases that are handled by
PayPal, it's certainly in the millions, and probably hundreds of millions. The
rate of outright fraud is unfortunately very high, and the average person is
so prone to error that PayPal must employ many people to handle all the cases.

Once you have a very large organisation, consisting of many staff handling
cases, all of whom need to be acting consistently, you face the real
statistical likelihood of fraud within the company itself. Any sufficiently
large company will have employees that try to defraud it.

The upshot of this is that large companies handling many transactions like
this, especially ones that will often be disputed, must implement security not
just to prevent fraud from outside the company, but also inside.

Such security measures are often very difficult to work around by employees
trying to do the right thing by customers who are in the right, but where
something unusual has happened that those security systems didn't anticipate.
I can imagine this often frustrates the intention to have a smoothly working
system.

You also can't easily make changes to accommodate such corner cases without
opening other security holes, both within and without the company. And it
takes a long time to formulate and disseminate new protocols that your
employees should work to. And then you have to communicate any changes in the
way you handle things to your customers.

Running a company like this must be an absolute nightmare of logistics. And it
is surely made worse in that Ebay seems to have the ability to authorise
chargebacks and refunds in disputed cases that can then be appealed to PayPal
itself.

But the alternative is in my opinion worse. As a buyer, you must pay for an
item before receiving it. I am aware of so many complaints online of
fraudulent sellers making off with tens of thousands from fraudulent sales,
and there being nothing anyone can do about it because of banking privacy
laws. Having a service like PayPal seems essential to reducing fraud in such
online transactions.

In summary, I can perfectly understand PayPal wanting to perform a security
check for every long time customer for whom a flag was raised by some security
protocol.

And naturally, there are going to be many false positives, and many unfair
decisions taken at such scale.

Independent arbitration would indeed seem like a good idea. But who is going
to pay for independent arbitration for potentially millions of disputed
transactions? The reality is, almost every single transaction that has already
been appealed to PayPal that can be appealed easily to an independent arbiter,
will be. So you simply double the (already high) cost of such a service.

------
tgb29
Paypal has taken thousands of dollars from me and won't let me access my
account with a pre-paid phone. It's hard, but avoid them if you can. I
inherently distrust Facebook's Libra project because of Paypal's involvement.

------
fghtr
Similar (worse) things happen to relatively small organizations relying on
PayPal:
[https://minifree.org/paypal/#paypalbastards](https://minifree.org/paypal/#paypalbastards)

------
bawana
I guess someone inside PayPal is using random people’s accounts to launder
money. Deposit dirty money into innocent account- let it sit for awhile then
take fresh clean credits out. In Greece? My guess is that it’s an arms dealer

------
mcnichol
Yeah, I dropped paypal a while back after Adobe made charges to my account
which I had cancelled.

Paypal makes it very easy for subscription services to keep sneaking those
charges in.

Closing my Paypal made it very easy to stop that nonsense.

------
bmania
Paypal strategy to get the ID: 1\. Ask the user to sign up. 2\. Pretend
everything is complete. 3\. Wait for the user to get a payment or money. 4\.
Block the account and ask for the ID.

------
blackethylene
> it's not like Paypal will miss me, I know, I would just feel too "dirty" to
> keep it open after all that happened

It's comforting to know that other people feel the same way.

------
carapace
PayPal owes me $200.

Details:
[https://news.ycombinator.com/item?id=19773036](https://news.ycombinator.com/item?id=19773036)

~~~
ValentineC
Did you follow up after requesting for the check?

~~~
carapace
Like call the 800 number back? No. At the time I was making about $100/hr so
the hassle wasn't really worth it. I figured if they send they check, great,
if not I can just bitch about it from time to time on the Internet...

------
kuroguro
This sounds like what happens if the buyer does a CC chargeback IIRC. You get
no notifications, money just disappears.

------
potatoman2
I worked PayPal Trust & Safety in my rebellious youth, and I wouldn't use
PayPal now if you paid me to do so.

------
Animats
_" If you want a vision of the future, imagine a boot stamping on a human face
- forever."_ \- Orwell.

------
oneepic
What a timeline we live in, where people choose to post their complaints about
random bs on GitHub or Twitter...

------
phpnode
Yes, yes it is.

------
random_savv
I've long stopped using Paypal, except where absolutely necessary because of
this sort of thing.

------
yalogin
This served as a swift kick in the butt for me to remove money from my Paypal
account. Done.

------
kyberias
Very weird case. The person got angry even though it was not his money to
begin with. Absolutely no harm was caused to him. The person demanded
explanation why an erroneous amount of money visited his account. Yet it's
none of his business. There was a moment in this incident where any reasonable
person would have just moved on.

~~~
jtbayly
Wrong. He got upset because he wasn’t notified of the refund.

Notification of deducted money is something that is quite reasonable to
expect.

In this case he was trying to figure out what to do, it was handled by others,
and a notification would have let him know that it was handled.

~~~
jeltz
Yeah, what if he had refunded it manually then it would have been refunded
twice.

------
dejan
Could get much much worse.

------
867-5309
if it's an infrequently used account linked to an email address from 20 years
ago it probably had an easy-to-guess password

------
rpvreviews
paypal is horrible, once an issue happens forget about resolutions. Their
customer service is one of worst

------
floatingatoll
Yes, this is approximately customary.

------
gregknicholson
If you don't like PayPal's service, choose another company instead. That's how
capitalism works, right?

(Yes, I know that's impossible. My point is PayPal is effectively a monopoly.)

------
nicky0
tl;dr: 1\. Erroneous deposit appears in account 2\. Soon after, the money is
removed 3\. Account holder makes a big fuss and falls out with paypal about it

------
diminoten
Getting offended, emotional, indignant, and angry about any of this was
completely uncalled for, and if this is how you go through life, you're going
to continue to have these kinds of problems at a rate much higher than the
average person has these kinds of problems.

------
fieryskiff1
[https://paypalsucks.org/toon1.shtml](https://paypalsucks.org/toon1.shtml)

~~~
FDSGSG
Do you work for merchantinc.com? They seem to own and operate paypalsucks.org
and have a history of advertising themselves with forum spam similar to your
comment.

~~~
the-dude
You seem overly active on this thread. What is your affiliation?

~~~
FDSGSG
I do payment processing for my SaaS products. Have used PP in the past,
currently I only use stripe and bitcoin to receive payments.

------
ilaksh
This is why people should support real cryptocurrency.

~~~
a254613e
As a buyer I would never want to use cryptocurrencies. There is absolutely
zero customer protection without the cryptocurrencies going trough a
middleman, at which point it's nothing else than another version of PayPal.

This is the primary reason I, and I assume a lot of others, use PayPal - not
because of their amazing customer support, but because of their customer
protection which works just fine in 99.9% cases - which is still a lot better
than 0 customer protection.

~~~
LMYahooTFY
>at which point it's nothing else than another version of PayPal

No. At this point you have a trusted broker, who can choose to broker your
transaction or not, but they cannot choose to decline it.

This is nothing like a "version of PayPal".

------
ilaksh
This is why people should support (real) cryptocurrency.

------
whydoineedthis
You never heard of bank transactions going sideways before? You should have
opened the issue when you saw the funds, but you let your greed get the best
of you and now your pissed you lost....what exactly?

