
New PayPal policy opts you into getting robocalls - SimplyUseless
http://www.washingtonpost.com/blogs/the-switch/wp/2015/06/03/a-horrible-new-paypal-policy-opts-you-into-getting-robocalls/
======
JoshTriplett
I am utterly unsurprised. Normally, you'd expect a payments company to be one
that needs to cultivate trust; however, PayPal seems determined to test out
every scummy business practice they can.

------
hwstar
Go ahead Paypal! Just try and get past my voice/dtmf Captcha system on my
Asterisk PBX with your robocaller. I whitelist friends and family so they
don't have to go through the Captcha if they call. So far, I've received no
friends and family robocalls, but receiving one eventually would not be
surprising.

~~~
fapjacks
This is awesome. I am pretty familiar with Asterisk and can think of a couple
ways to do this, but I would _love_ to see a blog post or something detailing
how you accomplished this.

~~~
rosser
Seconded! Please take moment to write up how you accomplished this wizardry,
for the benefit of mankind. (Or at least the Asterisk-using subset thereof...)

~~~
hwstar
1\. The following macro does the captcha:

[macro-captcha] exten => s,1,Answer exten => s,n(retry),Wait(2); exten =>
s,n,Set(pin3=${RAND(100,999)}); exten => s,n,Playback(reallivehuman); exten =>
s,n,Wait(1); exten => s,n,SayDigits(${pin3}); exten => s,n,Read(pinent,,4)
exten => s,n,GotoIf($["${pin3}" = "${pinent}"]?ok:retry) exten =>
s,n(ok),Playback(queue-thankyou);

2\. The whitelist jumps around the Captcha macro in the incoming context:

exten => 6199111111,n,GotoIf($["${CALLERID(num)}" = "2024561414"]?whitelist)

exten => 6199111111,n,Macro(captcha); __* Do captcha exten = >
6199111111,n(whitelist),Goto(inbound-calls-main,s,1);

This also buys me peace and quiet during the few days leading up to election
day. (Political robocalls are what caused me to implement it).

~~~
fapjacks
Perfect! Your hard work has subsequently been stolen and implemented
elsewhere. Thank you!

------
vinbreau
My wife has a small home business that ships internationally. PayPal is the
best method for taking payments from her clients. She generates more revenue
through that than from credit cards. Without any alternative, well, this just
sucks.

~~~
toomuchtodo
Switch your number on file to a Twilio number.

~~~
wlphoenix
There's a pretty solid chance PayPal will have predicted these switches, and
keep the old numbers on file.

Because the new policy allows for calling no matter how they get your number,
it probably won't help.

~~~
toomuchtodo
Can't hurt to spend a few minutes putting a Twiml file in S3 and buying a
number for $1.

I closed my Paypal account today because of this. Not everyone can do that
though.

------
derefr
Am I the only one who thinks this is likely for the purpose of additional
Know-Your-Customer preverification, rather than for advertising?

If Paypal can be sure that fewer of the accounts pumping money through the
system are doing so for anonymous multi-identity money-laundering, then the
horrifying "we froze your account because started getting Real Money through
it and that's suspicious" step can happen less often.

Though, thinking about it, even just switching to mandatory phone-based 2FA
(with options to either call or text) would technically require a "we can
robocall you" clause. The 2FA system is a robot!

~~~
jakejake
I wouldn't have a problem with that but the terms specifically mention surveys
and special offers.

~~~
derefr
Hmm, you're right.

> We may place such calls or texts to ... (v) poll your opinions through
> surveys or questionnaires, (vii) contact you with offers and promotions;

I'm pretty certain this same language is in my agreement with my bank, and
with the VISA corporation. I rarely get calls from them (other than the
occasional "hey was it you who made that e-transfer from your account just
now") but I do get their spammy stuff via email. I think they prefer email as
a channel for sending this stuff as long as they _know_ your email, but will
send it to your phone if they don't know it.

I don't know how that would work with Paypal, who obviously knows your email.

I'm pretty certain, on a second reading, that the original purpose of this is
actually very clear, though:

> We won’t share your phone number with third parties for their purposes
> without your consent, but may share your phone numbers with our Affiliates
> or with our service providers, such as billing or collections companies, who
> we have contracted with to assist us in pursuing our rights or performing
> our obligations under this User Agreement, our policies, applicable law, or
> any other agreement we may have with you.

They want to be able to pursue people who have negative Paypal balances. Right
now, a lot of them don't have a card attached to their account, or only have a
prepaid card or something, so they have no idea who they are and can't really
get their money back.

------
Havoc
Why is Paypal always going out of its way to be horrible?

------
asn0
The only way to opt out is to cancel your Paypal account before July 1

From the BGR article referenced by WaPo ([http://bgr.com/2015/06/02/paypal-
user-agreement-robocall-rob...](http://bgr.com/2015/06/02/paypal-user-
agreement-robocall-robodial-autotext-text/))

------
mratzloff
It is really convenient to automatically pay my bills through PayPal (or any
widely available payment abstraction layer), but I may have to switch back to
my debit card if they insist on this policy.

(My debit card is much less convenient because some new attack happens at
least once a year where they have to send out a new card.)

~~~
JustSomeNobody
I'm not trying to be "that guy", but I would suggest not using a debit card.
It's my understanding that debit cards are like cash, so they carry a lot of
risk. If something happens and your account gets drained, you are likely not
getting that back. Credit cards are much better to use.

~~~
nine_k
For extra online security, use a virtual credit card with a preset limit.

~~~
superuser2
It's basically impossible these days to have a card without Zero Fraud
Liability (in the US.) If you somehow have such a card, RUN. This is not a
drill. You need to get yourself and everyone you don't wish death on the fuck
away from that bank 30 years ago. Go _literally_ anywhere else.

 _However_ , even at banks with good policies, "extra" security measures are
excluded from Zero Fraud Liability. PIN transactions, Verified by Visa, etc.
appeal to the HN spirit of "taking responsibility" for your own security. But
you are doing just that - "taking responsibility." If the added layer of
protection can be broken (hint: it can) then you will have no recourse. For a
credit card, your loss is at least capped at your credit limit; some debit
cards have transaction limits of $15k+. We're talking possibly your _entire_
account, irrecoverable, _because you were an idiot and tried to protect
yourself instead of letting the rest of the system eat the loss_.

The security of your credit card number is everyone else's problem. Treating
it like your own problem is actively sabotaging your ability to recover from
the inevitable fraud.

------
meesterdude
um, what? Jeeze. I like the convenience of paypal, but I also like it when my
phone doesn't ring with nonsense.

realllly don't want to have to cancel my account, but looks like no
alternatives if they're going to play it that way.

So be it!

I'm actually really pissed off by this. If it wasn't clear. Are they TRYING to
drive customers away? there's literally no way I can accept that shit.

Aaaaand canceled! had a paypal since I got on the internet, crazy that it's
gone now.

Guess I'll have to keep my wallet by the computer now.

------
orbitingpluto
The "National Do Not Call List" can be useful in Canada.

Paypal may only contact you if you've requested info in the past 6 months or
used their service in the past 18 months.

If they call, you can demand that you be put onto their internal Do Not Call
list. They must honour that and you can make a complaint if they do not.

[http://www.crtc.gc.ca/eng/info_sht/t1031.htm](http://www.crtc.gc.ca/eng/info_sht/t1031.htm)

~~~
Shivetya
do politicians and some charities get a free pass when it comes to ignoring it
like they do in the US?

~~~
jakejake
The do not call list has an exception for robo-campaign call. Isn't it
interesting that our lawmakers would put in such an exception?

------
andegre
so, what are some PayPal alternatives?

~~~
JoshTriplett
Depends on the functionality you need. For payment processing, try Stripe. To
send money between individuals, try your bank's "send money to anyone"
mechanism if they have one; I don't know of good alternatives there.

~~~
callahad
Venmo is evidently popular for interpersonal transfers. I haven't used it, but
then again I'm right on the "Venmo line:" [http://qz.com/277509/read-what-
happens-when-a-bunch-of-over-...](http://qz.com/277509/read-what-happens-when-
a-bunch-of-over-30s-find-out-how-millennials-handle-their-money/)

(TL:DR; effectively everyone at QZ under the age of 30 is using Venmo
regularly, and those over 30 are kind of baffled.)

~~~
JoshTriplett
Venmo is owned (indirectly) by PayPal. Braintree bought Venmo, and PayPal
bought Braintree.

------
scraymer
I'm out!

