Hacker News new | past | comments | ask | show | jobs | submit login
PayPal faces lawsuit for freezing customer accounts and funds (engadget.com)
814 points by I_am_tiberius 12 days ago | hide | past | favorite | 311 comments





I'm so happy to see this. I am working on publishing a book on leanpub, and leanpub disburses payments using paypal. Yesterday, I logged into my paypal account and I remembered that this happened to me and my funds and account were frozen since 2010 (something I must have put out of my mind :p).

I was searching for this issue and found this lawsuit and cannot wait to be part of it.

Dealing with Paypal during the time was borderline abusive and I felt helpless every step of the way. In 2010 when they froze my account they mailed me a physical letter with an activation code which took weeks, and when I called to confirm my account I was told that the code was incorrect...

I had very very little money in my account < $100 and I can't imagine how frustrating it would be for someone who needed paypal for their income.

I'm happy to be in a position where I can choose to never use paypal again and I hope they are punished for the way they treat their customers.


Don't worry.

You won't have that money after they've implemented the inactivity fee last year: https://www.paypal.com/be/smarthelp/article/what-is-the-inac...


Wow. Notably receiving money does not make the account active.

Notifications to inactive accounts begins 15 November 2021 and advise simple actions to take before 15 December 2021 to avoid the fee:

- Log-in to your account; or

- Shop wherever PayPal is accepted; or

- Send money to friends & family, or vendors for goods & services; or

- Withdraw money from your account; or

- Donate to a charity with your account


I chose the option to close my account.

I chose the option of making a bot that logs in every 150ms.

I think everyone should do this. It is the best way to keep your money safe


PayPal will limit your account soon enough for security concerns. I would highly recommend not doing what you are proposing

This is true, a long long time ago I linked my Paypal account with Yodlee just to view balances (it would poll my balances at automatic intervals) and PayPal limited my account for "unauthorized third-party activity" or something to that effect.

Now that account aggregators like Mint/Yodlee are more common, I'm sure they worked out a deal with Paypal. But automated login activity is still scrutinized.


Would the inactivity clock keep running while you are locked out?

This happened 10+ years ago and I don't think there was an activity fee back then.

But the account limitation was removed fairly quickly. Basically I got an automated or template message telling me to change my password and keep it secure. Shortly after I changed my password, the limitation was removed.


> It is the best way to keep your money safe

The best way to keep your money safe is to keep it somewhere else.


Did you publish your code?

We’ve closed your account due to suspicious activity please drink one activation can.

Joking aside, don’t you want your PayPal matched with 2fa? If so. How do you handle that with scripting?


2FA is essentially a time encoded using a secret known to you. It's an alternative to using a private key, it's just lest confusing to non technical people.

You basically can read the QR code, get the secret and use it to programmatically generate the token every time you need it.


The phrase here is TOTP,

And for those with 2FA over email, some more automation is necessary.

2FA over SMS requires even more effort


Good to know. I just transferred out my PayPal balance.

> Accounts with zero balance won’t be impacted and this charge won’t result in any negative balance.

How gracious.


Yeah, very nice of them.

Inactivity fee is such a disgusting practice. It doesn't cost them anything to keep the account.

It's an attempt to legalize theft.

This. Skype has been doing the same for years.

With Skype credit that is deactivated, you can easily reactivate it again. I've done that.

Envato does the same thing; so does Freelancer.

That's not strictly true. It doesn't cost them _much_ but holding and tracking other people's money has a cost.

That said, I think the better answer is to send it to the state as unclaimed property.


> holding and tracking other people's money has a cost.

When you have as many users as PayPal does, in aggregate those non-zero balances are a mountain of money to play with. It's not a cost, it's opportunity for profit.


Holding other peoples money has a profit, not a cost. That float is valuable.

Presumably it costs more to keep the money and process login attempts. Since logging in is enough to keep the account at zero fees, this seems like a money grab.

Is there really a marginal cost to holding more money? Presumably they can buy treasury bonds and earn some interest off the holdings. In terms of data storage, is it really more expensive to store a positive number vs. zero?

I suppose that compliance might cost something. I don’t know what KYC laws they have to comply with, but that is the kind of stuff that needs actual humans in the loop

It’s called zero marginal costs for a reason, dude.

How ironic.

When I was canceling my paypal account a few years ago, paypal prompted me: It's free to have a paypal account, so if you don't want to use it, just leave it.

It's hard for me to imagine when someone opens his old PayPal account and finds out that he was charged 10 €. (not even in US dollars)


For over a decade I've heard tons of stories about PayPal freezing accounts for questionable reasons. I've heard of events that were cancelled because the organizers suddenly couldn't access the money people paid to the event, and PayPal wouldn't release the money until they could prove they'd organized the event for which people paid, for which the organizers of course needed that money.

I will never ever use PayPal. Everything I've heard about them makes them sound like an extremely unreliable payment provider.They're not an organization you should trust with your money.


They even created this website, back in the old days:

https://paypalsucks.org/

Worth mentioning in this context is this page:

http://paypalsucks.org/paypal-frozen-accounts.shtml


> leanpub disburses payments using paypal

generally speaking, is it more complicated for these kinds of payments to be done via wire/swift/etc versus paypal?


Wire transfers have borderline predatory fees unless you're moving thousands of dollars, and there's still the issue of "oh you entered one of the numbers incorrectly, hopefully they give you your money back!"

This is a distinctively US feature. SEPA transfers cost (next to) nothing, and the IBAN has a checksum, so entering a single digit wrong will get the transaction rejected.

It's not a US feature, the US has ACH.

I wonder how Wise (formerly TransferWise) accomplishes this.

They seem to be able to send money to bank accounts anywhere for extremely reasonable prices.


They have bank accounts everywhere. They just avoid transferring money between them in the first place. As long as an even amount of money is going in each direction, they won’t have to.

Only if flow gets too out of whack but that means their rates are too one-sided.

That’s the forex business in a nutshell. They don’t convert money, they just exchange it.


Try shopping banks. My wires are free in most cases and I am not a big customer or anything.

I've used Zelle and it was easy. My bank is suggesting them (they have first class support), but I have no idea if they are otherwise better/worse than paypal. Most of the time if I owe money it is either credit card or I used my bank's bill pay (which sends a physical check if they don't have an electronic arrangement)

I did a wire transfer once, $15 in fees, but since the amount was from a house sale (to get from the bank where the money was deposited to my mortgage bank - they couldn't do this direct which was annoying). I wouldn't do it for normal things, but with that much money involved I don't blame the banks for some friction and the cost wasn't much. Hopefully I never do one again, and also I hope I'm an oddity for even doing it at all.


Zelle is window dressing on top of ACH.

Which is exactly what I want, most of the time — I want to write a check, but without the hassle of paper, or the recipient having to explicitly deposit it.

With increased provisions for those banks to push liability for fraud further away from themselves and towards consumers...

Zelle is instant for banks on the Zelle network. ACH isn’t.

Paypal is window dressing on top of ACH.

They frozen my account at Christmas. How do I get in Involved with this

> Lena Evans, one of the plaintiffs who'd been a PayPal user for 22 years, said the website seized $26,984 from her account six months after it got frozen without ever telling her why.

Wait, what? They're actually taking the money? I thought the article was just being careless with the terms "frozen" and "seized".

On what power are they doing so? It's understandable when the relevant authorities (be it a tax authority, or a financial supervisory authority, or a court, or whatever) seize money, but they are not an authority.

Furthermore, if the money in question actually were illicit, then by what fantasy argument would they be allowed to keep it themselves rather than having to hand it over to the goverment? The entire point is that the money is dirty and nobody may keep it.


See my comment below: they just seized (not frozen, seized) 50k EU from us in a targetted attack against our company and shareholders because we took legal counsel when they froze the accounts.

At the risk of arm-chairing this too much: did you contact the CSSF, who seems to be the supervisory authority responsible for AML enforcement in Luxembourg?

To highlight how insane this sounds: let's assume, for the sake of argument, that your 50K is suspected to be cocaine money. There exist exactly two outcomes: either you are exonerated and you get your money back, or you're eventually found guilty of something, and the government takes the money.

But Paypal? They have zero claim to the money, and they could be in hot water even for merely holding on to it.

But to seize it? There is just no way that any bank involved in AML enforcement can keep funds for themselves, and any supervisory authority who's handed evidence to such a practice would tear them apart.


I definitely appreciate the arm-chair assistance: I'm unfamiliar with the Luxembourg jurisdiction, so your pointers are great - we will discuss with our lawyers.

From what I understood, Luxembourg's consumer laws are more loosely defined than that of other EU jurisdictions - which makes the type of T&C that PP has established easier to maintain.


They could plausibly return it to the people who paid it in, if their excuse is that it's believed to be fraudulent. Six months of float is enough to make a significant amount of money, too, especially if it's in an inflating currency (like the dollar over the last year).

Indeed, their behaviour should be criminal if it somehow already isn't.

Good. I love when companies are so big they do as they please and retaliate when brought to task.

Hopefully it's one more nail in their coffin.

All the best, hope this is the beginning of their end.


PayPals parent company, Ebay, is not exactly innocent either.

> Federal prosecutors have said the harassment included anonymous deliveries of items like live insects, a funeral wreath, and a bloody pig face Halloween mask to the couple's home. The employees also sent pornographic magazines with the husband’s name on it to their neighbor’s house and planned to break into the couple’s garage to install a GPS device on their car.

https://abcnews.go.com/Business/wireStory/couple-ebay-harass...


FYI Ebay no longer owns Paypal, and hasn't for several years. Per https://en.wikipedia.org/wiki/Timeline_of_PayPal

> September 2014 onward: It is announced that PayPal will be split off eBay. The split will be completed by the second quarter of 2015.


EBay is actively de-integrating PayPal. E.g. sellers are being required to provide their banking info to eBay for eBay to deposit payments directly.

It was dumb to see eBay send two verification payments to “authorize” my bank account, of 1 cent and 3 cents, and after confirming, they let me know that they were going to take their 4 cents back.


There's nothing dumb about it. This is common practice when linking accounts throughout the financial services industry. Like my stockbroker did it when I linked my bank checking account. By verifying the amounts on two small payments you give them reasonable assurance that you actually control the account. This protects against both fraud and accidental account number data entry errors.

It was the clawback of the hilariously low amount that I found dumb, not the verification technique.

In my experience, it’s 2x double digit amounts, not two single digit amounts. I guess if they’re clawing it back, maybe my low sums are out of randomness, or maybe they’ve really lowered the cap on the test deposits (less float/fraud loss but less security?).


I suspect it’s because they want to verify they can withdraw from the account, not just deposit. Maybe they have deposit-only account links but IIRC the default is two-way. That’s because, for example, you can subscribe to various services using PayPal (if you have no funds in your PP account they will withdraw it from your bank account).

This makes a lot of sense. Lots of advice in the early days of PayPal to have a separate account for them and keep nothing in it.

Capital one, when confirmed my credit union account by same method, didn't fetched the money back. Data point

ACH fees almost certainly mean it's not "worth" it to pull back the 4 cents.

But I can see people being frustrated by verification payments throwing their bookkeeping off, especially by a (literally) random amount.


I couldn’t tell if the numbers were just randomly low or decidedly low.

I’m used to the amounts being larger and thinking “hey, a free dollar almost”, but if they are random, 1 cent and 1 cent are entirely possible.


random under $1 in every bank I've had do this. It better be a good random algorithm, if it isn't you can defraud a lot of people fast. (I won't say how, but I think anyone here can guess quickly)

2 Small payments can provide a larger range of random numbers for an account verification at lower cost to you.

Let's say you want a random number between 0 and 91, you can take up 9c times 2, for a maximum of 18c, giving a much lesser chance you can guess the number on the confirmation. Otherwise, for the same range you would take up to 91c out.


the only way this stuff will change is if the fines are SUBSTANTIAL

It's theft in great amounts of money. Fines are necessary but not sufficient. There should be prison time.

This applies to a great deal of white-collar crime. As long as there aren't serious PERSONAL consequences for wrongdoing, just a fine that the company coffers will pay as the cost of doing business, nothing will change. We need to start to put CEOs in actual prison and to forfeit their fortune.

Agreed, that's the only thing that will stop this garbage.

Between companies and banks doing this, our own government allowing civil forfeiture, and the penalties- of there even are any, are a monetary slap on the wrist, what recourse do we have?

We can't even change the laws because money lobbies and always wins.

I really hope this is the tide changing.


On what power? ”We are big and have money. You are small and have no money”.

This has been a reliable source of power for at least a century


I meant on what official authority.

I understand what you meant to say, but realize that this is like some random bully stopping cars on the highway and issuing speeding tickets. Victims might play along for a while, but when actual law enforcement shows up, the bully is going to have a very bad time.


> this is like some random bully stopping cars on the highway and issuing speeding tickets

LOL, I've paid that exact "fine", the "bullies" were official, uniformed Mexican police. They were literally just flagging everyone on vacation at a specific resort, along the only road from that resort into town (with a big chain across the road to collect everyone) and taking $200 to be allowed to continue on. Nice work if you can get it I guess.

I've also paid bribes to bullies in Yugoslavia ("people with machine guns standing in the road") in order to pass by. I don't think they were official though.


I had to pay an extra $90 when crossing the border into Zimbabwe. I was a little slow and asked all innocently why I had to pay more then the official entry tax when the guy in front of me paid the normal amount. The guy just shifted his AK-47 a bit and repeated the request. I figured it out at that point and forked it over.

Yes, rental cars stick out like a sore thumb so keep some cash on you. It is usually easy to negotiate them down by 50% though!

You can tell them, "dame la multa" (give me my fine) and most of the time they'll wave you on.

I don't know if this is still true, but years ago if you wanted to board your plane in La Paz, Bolivia everyone had to hand the police officer at the gate $20 USD cash (no substitutions) to board the plane. It didn't matter your nationality or where the plane was headed, just hand over $20 bucks or GTFO.

Longer than that.

Per the article, Paypal is seizing the money as damages:

> It also said that the money was taken from her account "for its liquidated damages arising from those AUP violations pursuant to the User Agreement.


Indeed, this is an important point that I missed. So if I get this right, this isn't about actually AML activity, but a civil claim under something like ToS.

So I looked up the AUP, and indeed: they claim $2,500(!) liquidated damages per violation of the AUP, which is on average a ridiculously high amount. Selling 10 individual bottles of wine without approval will incur $25,000 damages under this scheme.

Given these terms, you have to be absolutely nuts to sign any agreement with Paypal.


> if the money in question actually were illicit, then by what fantasy argument would they be allowed to keep it themselves rather than having to hand it over to the goverment? The entire point is that the money is dirty and nobody may keep it.

I don't know what fantasy they operate under, but back in the 2010s I observed Google doing this numerous times with "seized" click fraud revenue -- one of my sites was a victim of a click fraud attack as an attempt to get my AdSense account banned, and my friend's site at the time was advertising on my domain via AdWords and he didn't see any kind of refund despite the $800 that was taken from me (which was the entirety of my revenue for that month). Google just keeps funds they seize I'm pretty sure, or at least they did back then.


>They're actually taking the money? I thought the article was just being careless with the terms "frozen" and "seized".

but that's also the plaintiff's claim, so I wouldn't exactly call that reliable.


Link to actual lawsuit: https://aupdamages.com/wp-content/uploads/2022/01/PayPal_Fil...

(I had to Google this and find it in a Reddit thread, so it's not directly from the court's website. If anyone can find that it'd help)


It took a bit to find it because PACER's search is awful. Plus you have to PAY for every search.

I bought all the current docket entries and added them to RECAP so you can download them for free:

https://www.courtlistener.com/docket/62596200/evans-v-paypal...

EDIT: From PayPal's AUP in the Complaint.. yowch! "You acknowledge and agree that $2,500.00 U.S. dollars per violation of the Acceptable Use Policy is presently a reasonable minimum estimate of PayPal’s actual damages - including, but not limited to, internal administrative costs incurred by PayPal to monitor and track violations, damage to PayPal’s brand and reputation, and penalties imposed upon PayPal by its business partners resulting from a user’s violation - considering all currently existing circumstances, including the relationship of the sum to the range of harm to PayPal that reasonably could be anticipated because, due to the nature of the violations of the Acceptable Use Policy, actual damages would be impractical or extremely difficult to calculate. PayPal may deduct such damages directly from any existing balance in any PayPal account you control."


You don't generally actually pay for PACER unless you are using it at a professional volume.

I've never actually paid for PACER. They waive the fees if you're below $X every quarter. And it's a generous enough $X.

The problem is that usually anti-money laundering laws give the operator and the compliance officer an infinite protection even on a suspected money laundering. As long as the compliance process is followed, no matter how stupid the process is, there is no legal basis to go after account freezer and the company is protected. Thus, the company has no incentive to be reasonable with account freezes.

PayPal has worked hard to not be a “bank” so they are long overdue for being sued about this. I know countless vendors who have had their funds stolen.

It's really and outrageous that this open stealing of customers' hard-earned cash for minor perceived user agreement violations is so freaking rampant, with PayPal. I wouldn't be surprised if it turned out that this literally was a strategy cooked up by the higher-ups at PayPal to buff up the company's gross profits.

I was thinking of that too. It’s gotta be quite profitable for them.

It’s probably one of those things which is never explicitly written down. Like, the CEO says ‘we have to double down on our “fraud” account seizures’ and they smile when they say “fraud”.

Or simply those that understand and play along get promoted and those that start asking questions are pushed out due to “restructuring”.


Freezing the account or booting the user from the service is one thing, but seizing the money as a result without any due process seems pretty messed up IMO

AML/KYC laws are a travesty to a free society. Wealth transfer shouldn't be illegal. Prosecute the underlying crimes and let the judicial process seize proceeds of crime after due process. In the meantime, various electronic systems continue to provide adequate avenues for those seeking minimized exposure to KYC/AML.

On top of all that (with which I fully agree), it's not even effective, in any plausible sense of that word.

If this analysis[1] is to be believed, AML laws recover less than 1% of estimated laundered funds, at an explicit cost at least an order of magnitude higher than what is actually recovered.

That's not even including the implicit costs, e.g. when innocent people get caught up and lose their accounts or even their funds.

Travesty doesn't even begin to cover it.

[1] https://www.ledgerinsights.com/anti-money-laundering-has-les...


> an explicit cost at least an order of magnitude higher than what is actually recovered.

The goal is not to make money with AML laws, but to deter and prosecute crime (which has huge externalities itself). Is it effective at that? Your comment doesn't address that.


If it's only capturing 1% of the dirty money it's not effective at deterring nor is it an effective part of the prosecution.

That poses the potential problem of circular reasoning. How do we arrive at this estimate of 1%? Maybe it is more than 1% of the actual value because the estimate is wrong.

Consider this scenario: current AML practices catch 1% of laundered money, but deter additional money laundering 100x. In effect, this means nearly all money laundering is stopped because of these practices.

That seems extreme to me, but it does seem possible.


> Prosecute the underlying crimes and let the judicial process seize proceeds of crime after due process.

At least a basic identity check (that's the "KYC" part) must be part of bank account onboarding for that to work though. Otherwise, how would a government be able to seize the bank account of a convicted criminal if they had no way to tie the bank account to a criminal?

As for the anti money laundering regulations: these are a very fine line to balance. Personally, I'd like for these to go away the earlier the better since I agree with you that the potential for dragnet-style abuse is way too high, but on the other hand, terrorism financing is a present and clear danger worldwide.


I'm supposed to give up my anonymity because of an entirely different person's crime? No thanks, I'm not a criminal. I'll keep using monero or whatever other systems limit my exposure to these unreasonable search without probable cause/warrant of my identity. I believe KYC is violation of 4th amendment, and that the government's ability to seize proceeds of crime is a lower priority than civil rights.

Congrats. You and your provider of conversion from Montero to fiat are criminals for not adhering to Electronic financial services regulations! If you don't report the income, you're a tax evader!

Isn't having so many selectively enforced laws grand?


ha, yeah. Fortunately there is at least one FinCEN registered money business in US trading fiat/XMR pair, so there's plenty of plausibility it was obtained in a way adhering to regulations.

AML/KYC is just the financial version of global mass surveillance. They're bad for society and freedom for exactly the same reasons. I truly hope that some cryptocurrency like Monero will succeed.

ZKs, bulletproofs etc are going to be working their way into btc and eth in the next year or two and i would expect to be ported to competitors. it will be impossible to prevent strong anonymity in transactions on any of the major chains in short order. even LND offers very good privacy advantages.

Yeah, that's totally cool. I'm doubtful that something like this will ever make it into Bitcoin but I'm really hopeful for what Ethereum could achieve in the long term. If these solutions prove to be better, I hope Monero will adopt them as well.

yes, i didn't mean this in a way that was dismissive of monero, only trying to convey my excitement about privacy tech becoming an intrinsic part of crypto as a whole

I didn't read it as dismissive. It's totally exciting to see privacy technology spread all over the cryptocurrency space. I think this should be the default.

Monero is pretty amazing but I've read some fair criticisms of it's privacy guarantees. New technology is always good and we'll get to see first hand which one is better.


KYC laws are a tragedy that perpetuate the unranked I the digital age. without an ID you don't exist to the global financial system. Nevermind that some countries are too poor or lack the infrastructure to provide all of their citizens with IDs. Not to mention poor citizens in wealthy countries who don't have ID.

I agree, which means electronic money transfer should be a utility offered by the federal government.

That reminds me on how ironically the shipping company with lowest exposure to having your package snooped on is probably USPS. Since they are bound to 4th amendment, generally probable cause is necessary to open your package.

agree with the overall conclusion, have to ask for some reason in the expression of it. That is, there are legitimate reasons to Know Your Customer, yet, those the least in control are unendingly required to jump through ever more hoops. It is easier to exert control on the defenseless, and they do it. Meanwhile, professional money handlers are seriously considering negative interest rates, since there is just that much money being moved around. A requirement for cell phone numbers closes the connection graph, and a reporting requirement of "every transaction USD$600 or greater" (less than one month rent in most places), to my mind, is the straw that breaks the camels back.

I consider KYC violation of 4A. It's an unreasonable compulsory search to ascertain my identity devoid of probable cause or warrant of a crime.

What are legitimate reasons? Other than to ensure your money is yours?

Am at paypal this is every year in compliance videos, there must be terrible and inept bureaucracy - not sure what is that side of the story. but i can see them no wanting to invite ire of regulatory punishments. go to small claims court if its a small sum. you should not keep large sums at any online outfit, paypal, coinbase or others. Even bank account is a suspect space, better stow money in money market funds for quick liquidity, its super easy to defraud it.

I went to visit the US and transferred just 500 Dollars to a friend for our shared Airbnb. The account got suspended because of "unusual activities" I called them and told them it was myself transferring funds and it still took them two weeks to reinstate the account...

I paid my PayPal credit card with my PayPal balance (which was "cleared funds"), $700 or so, and that triggered a three week hold on both my card and my balance.

They hold people's money a lot. Very profitable as they are essentially free overnight loans. Fuck PayPal. Anyone who does business with them is captive.

When a bank places a hold on a transaction or account for compliance review, the law state that those funds are to be held in an interest-bearing escrow account to be returned to the owner when the hold is lifted.

It’s illegal for PayPal to treat held funds as an overnight loan— that’s a gross misunderstanding of what is going on.


As many others have pointed out, PayPal goes out of their way to make sure they are not a bank.

It doesn’t matter. If they aren’t holding your deposits then the underlying bank would place the hold and they must follow the banking regulations.

If PayPal isn’t holding deposits and doesn’t forward the hold to the underlying bank, then go get your funds from the underlying bank or sue them.

FinTech is a stack of companies operating as veneers on the underlying, heavily regulated banks.


Good luck with that. Any links to stories of people who have successfully done that?

https://www.paypalobjects.com/marketing/ua/pdf/US/en/synchro...

Look through the disclosures and agreements you signed on account opening and find out which banks PayPal is using for your account. The linked one above is for a deposit account at Synchrony Bank.


Never signed anything.

Do you have a PayPal account? If so, I assure you that you signed an agreement. The complaint in this class action lawsuit says that the agreement is a 65-page PDF. You would likely have signed it electronically by clicking an “I agree” checkbox.

They sure didn't give me a penny more when they froze my account.

Hmmm...there is no bank holding those funds which is counting them as reserves?

I had a CC lock my account once when I went on a trip to several places in a quick amount of time. I called them and worked it out. Their algos thought it was someone had stolen my card.

Now, before I go on vacation or make a large purchase, I call them and tell them what I'm going to do. I've never had a problem since doing that and it's a very quick call, actually.

I wonder if anyone has tried same with PayPal.


These "unusual activity" detecting algos are a menace. If I use a VPN to access my account, blocked.

Had this issue with Paypal & Digitalocean. Reddit shadowbans accounts made with VPN.


At least the 'unusual activity' should block the transaction not ban the account and you get notified on the spot.

I mean that's fair enough because that (payment methods being stolen) happens frequently enough, but it should be just as easy to clear it up again.

Over here, banks have set things up so that by default you can't get money from foreign ATMs - you have to activate that first. Because lots of people got their bank card stolen and PIN code skimmed, only for the card to pop up again in eastern Europe or wherever to drain the account.


I have had a situation where I called my bank to let them know I was traveling overseas so this wouldn't happen, and it still happened. It's utterly ridiculous.

I used to travel a bunch and never informed anyone. Then one year I decided to inform my cc. That was the first time my cc was blocked because it unusual activity.

With my bank I explicitly have to announce in advance if I am going to use my card abroad and can enter specific dates and times online. It's quite easy to do. You can also call if you forgot but then you will have to go online and add days if you want to use it for more than one/a few if I recall correctly.

All I had to do was login to be suspended a few minutes later for "suspicious activity". Fortunately I didn't have any money in my account. Fuck PayPal.

Recently I've been suspended from an "online bank". It's a traumatic experience, especially if you need the money held in that account.

Fortunately the amount I had there was not that big but the abusive procedure is trumatic. I can't imagine how someone would feel like to have all his rent money blocked in an online bank.

Basically you are told that unless you provide whatever documentation they want you loose the access to your own funds. Of course providing them documentation is no guarantee they will lift the restrictions. The support is via email only. The boarding and verification process it's really just a bite and switch scheme. I don't know how someone would feel safe to keep money in such a bank after they put your account/transactions on hold for days.

I start to like the "crypto currency" concept of owning your money more and more.


Your "online bank" does not sound like an actual bank (much like PayPal isn't one).

Revolut, Monese and others claim to be online banks...can't tell you exactly what makes an "online bank" an "actual bank" but they provide you individual bank accounts (unlike paypal).

I'm surprised they don't do KYC before taking your money. You always have to sit through that first with brick and mortar banks...

It's part of their strategy to maximise the signups and force you do the KYC when you are vulnerable(i.e you need your money to pay the rent). They are pretty evil.

To rephrase for clarity, I'm surprised they're allowed to delay KYC until you decide to withdraw the money. The evilness was never in doubt!

In Revolut's case it's the banking license that makes them an "actual bank".

send photos of your passport etc and and append a form filled out saying that you are filing a complaint with FDIC, they wake up real quick, fines are substantial there.

Very good news, especially the potential class action.

Something that I find very interesting is how the individual lawsuits will end. I remember (but can't find) a David vs Goliath case from some time ago, where a user brought Google to the small claims court. He won the case in that venue, but subsequently lost when Google followed up an brought a huge amount of documentation and won. The guy's conclusion was that Google knows _a lot_ of stuff and can leverage it; I think that the events could play similarly, here.


When I worked at PayPal, some of the execs would say "we don't make money by giving it back to people". These were the execs that worked directly with Theil and Musk and I'm sure they're long gone, but it was definitely Theil and Musk who pushed for these types of policies right from the start (well Musk agreed when he showed up, he wasn't a founder of PayPal despite what he wants you to believe).

Well there it is, Netcraft confirmed it.

I've been battling dumb Paypal problems both on the end user and the merchant side so often that I'll never again use it if at all possible, especially in shops. It's just not worth the time and effort to try and trick them into doing their job.

“using PayPal to buy and sell clothing on eBay, to exchange money for a poker league she owns and for a non-profit that helps women with various needs. “

I can see one of those things causing an issue (poker league)

We use PayPal for membership fees for our nonprofit. This year they’re limiting us to 2000 a month transfer out which is annoying to us, but we’re small enough to get by.


If they don't like that their service is used for poker activities they are free to dump the customer.

What they are not free to do is to freeze his account and just keep his money.


For two of the three cases mentioned, I'd tentatively agree, but in that particular user's case they probably are free to keep the money for several months to a year after they freeze the account because she was running a business in a field that has a high chargeback risk.

Someone has to pay for the high level of consumer protection that people who pay with credit cards receive. Every entity that is in the chain between the issuer of the credit card user and the merchant that receives the payment arranges it so that responsibility of this falls on someone farther down the chain than them. There is no one farther down the chain that the merchant, so the merchant ends up being the one who has to pay for chargebacks.

There is nothing further down the chain than the merchant so it ends up on them. But a merchant that ends up incurring a lot of chargebacks often also is a merchant that ends up not having the money to pay for those chargebacks, and in that case the entity that the merchant was dealing with for accepting payments ends up having to pay.

Thus that entity will almost always have in its contract with the merchant that they can keep some of the funds the merchant earns in reserve to cover chargebacks. I doubt any court will find such terms invalid. They have a legitimate purpose of risk mitigation, the companies will have the data and actuarial analysis to show that the amounts held in reserve are reasonable for the level risk, and the ultimate purpose is to support the strong consumer protections that credit cards provide.


> Someone has to pay for the high level of consumer protection that people who pay with credit cards receive.

I, the consumer, does, every step of the way. If I understand their fee structure, Paypal takes about 3.5% of any transaction I make with them. (They show this to the merchant, but any merchant is going to have to consider this part of their costs. Some just directly pass it back to the customer. The point is: they make money from the good transactions, and should plan appropriately to deal with the bad ones. And there is CC & interchange fees, too, at those levels…)


>What they are not free to do is to freeze his account and just keep his money.

If the poker league is being run illegally, not only are they free to freeze it, they are required to.


It’s not PayPal’s job to investigate whether a particular game of poker is legal or illegal. That’s why they just ban all transactions peripheral to gambling. If you’re going to use PayPal for poker night, just don’t mention that word anywhere in your use of the application.

A lot of PayPal’s complex enforcement algorithms seem to be merely word matches. Someone I know as a joke said “Kim Jong Un” in the message when he paid for his half of dinner and got his account insta-locked for weeks just like that.


Illegally in what jurisdiction? Paypal's? This client's? These details matter.

Are they required to steal money that was generated by a crime instead of handing that money over to law enforcement? How does that make sense?

Well if that's in their T's and C's that's fine, to a point, but they can't just silently close an account and take money from people. They need to return the money - it's not their job to play police and judge and seize illicit gains, a court has to decide whether it IS illicit and what happens to it first - and to give an explanation as to why they no longer want to do business with them.

I mean not wanting to do business is every business and person's right. But taking someone else's money without a court order or mandate is theft.


You should look into OFAC. They'll freeze your account for withdrawals, but not deposits, and no one is allowed to tell you it was an OFAC hit.

Make no mistake, financial service in the United States is heavily tilted against the consumer, and your service provider should be considered an actively hostile entity.


Every time I've read about someone making a fuss about PayPal freezing their account, as you get into the details of their business, it quickly becomes apparent that knowingly or otherwise, they're doing something risky enough that it triggered something related to terms and conditions that they didn't bother to read. I realize that's just my anecdote, but when you're working with money, there's a lot of boring reading you should do. Quickly becomes apparent why that opportunity to fill a seemingly obvious hole in a market isn't the opportunity you thought it was.

So they’re preventing you from accessing your own money?

For a time they are limiting our ability to transfer money out. We talked to support so we'll see what happens . We only open registration once a year for a month. With our event being canceled (pandemic) we did have a lot of refunds. But we've been using them 10 years prior without issue.

We are Europe's largest site for RFID and pentesting hardware (lab401.com)

We are in the exactly the same situation. PayPal has conducted a personalised, manually executed war of attrition against our company and shareholders.

Eight months ago, PayPal froze our account, seizing 15kEU. They refused to give any justification for the action, despite discussions with C-level staff.

After the 180-day "withholding" period, we were informed that they would not release the funds, for undisclosed reasons.

We immediately engaged legal counsel. PayPal refused to interact with our counsel, and so a C&D was issued. Within one week of the C&D, PayPal did the following:

- Froze the account of our sister company (in Hong Kong), seizing 35k EU

- Froze the personal accounts of all shareholders of the EU and HK corps (~1,5k EU)

- Froze the business accounts of all shareholders by name search (different corporate entities, different businesses) - 5kEU

- Froze the business accounts that the shareholders held (again, different corps, different businesses) - another 5kEU

Our policy is to empty accounts on the 28th of each month. PayPal froze and seized funds in all accounts on the 27th of the month. Based on the time-stamps of the emails, and the order in which the accounts we closed, it's obvious that it was a targeted, manual process (2 - 3 minutes between closing each personal account, 15 minutes to find the next company account, 3 - 5 to close the personal accounts, and then 10 - 15 minutes for the next company accounts).

We engaged secondary legal counsel in Luxembourg (PayPal's EU headquarters). Again, PayPal refused to disclose any reason, justification or proof, replying with typo-ridden copy-pasted document from a low-level legal peon, concluding that no funds would be returned, the businesses and personal accounts were deemed 'illegal', and as such, PayPal would confiscate all funds.

All KYC was performed. All accounts had been "audited" by PayPal (when you reach the 5k, 50k, 100k+ processing tiers).

Needless to say, operationally - we have shipped 50kEU of hardware to customers, and face losses of the hardware, and costs of replacing stock. I agree with the standpoint: this is purely racketeering - an online equivalent of Civil Forfeiture.

For extra context, as the points have been raised in other comments:

- In a perfect world, no merchant would use PayPal. In our experiments, disabling PayPal cuts revenue by ~30% in our industries.

- Pentesting products could include illegal products: keyloggers, etc. We sell no such products for obvious legal and compliance reasons. All the products we sell are sold by countless other resellers that use PayPal. We have processed Visa/MC with Stripe for over 6 years with no problems (legal, chargeback, etc)

- We empty accounts regularly, to minimize fallout. However, you have to keep a healthy minimum in accounts when dealing with large volume, or accounts get limited automatically (presumably to avoid merchants pulling cash to avoid chargebacks / refunds)

- We have already 'invested' over 20k in legal fees. I justify this cost in (perhaps falsely) believing that we could establish some case law that could benefit other merchants.

It's unfortunate that we cannot join the class action in the US, or we'd be into it. With that said, if anyone merchant in the EU has similar issues, it could be interesting to investigate if a similar action can be mounted in the EU. Feel free to reach out: simon at sn dot cm (not a typo).


> We immediately engaged legal counsel. PayPal refused to interact with our counsel, and so a C&D was issued. Within one week of the C&D, PayPal did the following:

- Froze the account of our sister company (in Hong Kong), seizing 35k EU

- Froze the personal accounts of all shareholders of the EU and HK corps (~1,5k EU)

- Froze the business accounts of all shareholders by name search (different corporate entities, different businesses) - 5kEU

- Froze the business accounts that the shareholders held (again, different corps, different businesses) - another 5kEU

how can any of this be legal? aren't there laws prohibiting such actions from PayPal?


Based on the advice given from our French, Hong Kong and Luxembourg lawyers, it's not legal. But the barrier for _proving_ that it's not legal is very high.

PayPal don't reply to account holders, and they don't reply in any tangible form to lawyers. PayPal forced us (and our lawyers) to sign three rounds of paperwork before they would even acknowledge correspondence from our lawyers, despite the fact that our lawyers were obviously retained and representing us.

Likewise, the delay between each step averaged 1.5 months.

At the end of all of the hoops, they gave a copy-pasted letter that said _exactly_ the same thing that their initial "You can no longer do business with PayPal" emails said.

They know that legal representation is expensive. They know that you'll have to get representation (at least in the EU) in multiple jurisdictions. They know that by drawing out the affair over months, you'll bleed money, and at some point, you'll end up saying: We've lost more money on lawyers than PayPal seized, and you'll give up.

The only recourse that appears to remain for us is actually going to court (and our claims won't fit in the small claims court). At which point, while they'll possibly return the stolen money, they won't re-open the accounts, so we still lose.

In any case, I feel we have a moral obligation to force them to court, with the hopes of establishing some case law for other merchants.


> how can any of this be legal? aren't there laws prohibiting such actions from PayPal?

laws are only as good as the legal enforcement.


When you don't need to justify your actions and are allowed to stay vague, everything is permitted.

> - Froze the business accounts of all shareholders by name search (different corporate entities, different businesses) - 5kEU

> - Froze the business accounts that the shareholders held (again, different corps, different businesses) - another 5kEU

Shareholders? Not execs, but shareholders?

If true, this is one of the worst things that I have ever seen a company do, and this should probably be the top comment.


For clarity, we are not a publicly held company, the EU corp is owned by two entities 50/50.

The business accounts of the shareholder companies (in unrelated industries) were frozen, the personal accounts of the owners of the shareholder's companies were frozen, and any other account related (via email, name, passport, credit card, bank account, domain or corp name) were frozen.

We woke up to 6 "you can no longer do business with PayPal" emails, sent over the space of 30 minutes. You can clearly see the trail: corp one, shareholders of corp one. Corps of each shareholder. Accounts with the same email domain. Accounts of permutations above.


> In our experiments, disabling PayPal cuts revenue by ~30% in our industries.

I’m curious- have you considered adding other third party gateways (Apple Pay/Amazon Pay/something else)? I personally try to avoid entering my card number, so my general order of precedence is Apple Pay > Amazon Pay > Paypal > card entry.


We have Shopify's "Pay" and Apple Pay, crypto and regular Visa / MC gateways (Stripe). We haven't tried Amazon pay - I'll try it as an experiment to see what happens.

However, the fact remains that removing PayPal means losing business. Consumers are shielded from (most) PayPal's horrors, and just see the advantages: ease of use, ubiquity and "guaranteed win" claims against the merchant.


Dang. I try to avoid PayPal as a consumer because I'm familiar with these practices (I use services like Venmo but always withdraw immediately upon receipt). But if the only other option is sending my card number on a less reputable site, I'll pick PayPal over card entry every time.

Google Pay might be another gateway to consider as well. While I prefer to always use Apple Pay, it's not available in Chrome, even on a Mac or iOS device.


Paypal no longer gives users guaranteed win - I had a highly documented case of a seller refusing to honor their warranty, and Paypal stiffed me. Paypal is just toxic.

I'm happy that this is happening. Small buisness owners, Twitch streamers etc. can get their PayPal account locked pretty easily for "suspicious" activity (i.e chargebacks or a few thousand dollars). Then PayPal locks their account for 180 days with little to no recourse. The big Twitch streamers register an LLC which PayPals gives more leniency to AFAIU.

"AFAIU" stands for "as far as I understand".

(So those who have never seen this acronym do not have to google for it.)


Yeah... I've been hearing these horror stories about paypal for a very long time now and it makes my blood boil knowing that nothing's ever been done about it. I really hope that a big change is about to happen.

This has been happening to folks for ages. I'm looking forward to understanding why Paypal thinks it can steal from it's customers without facing repercussions. I wouldn't do anything serious with Paypal for this exact reason.

Because they've been doing it since last millennium, and the competing services that didn't steal from their customers went bankrupt because of fraud and reversed payments.

I've heard about their ‘freeze and seize’ business model in mid-late 2000s, so it's been going on for almost fifteen years already, maybe more.

Meanwhile Paypal's early top execs are icons of US business and techbros. This Musk is probably a really solid guy, what's not to like!


Hearing the stories in this thread makes me wonder if anyone has ever tried to get a decree that PayPal owes them the money, and if PayPal refuses to pay show up to confiscate their property.

I know things like this have happened to banks[1]. That would probably get them to start paying attention.

[1]: https://abcnews.go.com/Business/bank-america-florida-foreclo...


Great to see this! Not to the same scale as seizure but using buymeacoffee.com for OSS donations PayPal would lock my account every month or two until I uploaded a bunch of documents (which were always the same docs each time). Each time it was a little uncertain if I'd be able to get my money out or not. Meanwhile PayPal would happily continue to receive money in my name that I didn't have access to.

That took way way too long... How is it possible that this happens only now and not shortly after PayPal launched?

I can recall reading many PayPal horror stories, but as I recall, they were all accounts frozen and then usually closed and paid out 6+months later. This story and others in comments suggest PayPal has decided not to pay out the frozen accounts anymore. Damages from freezing the money for 6 months are real, but may not be realistically legally actionable; damages from not paying the funds are clearly actionable.

Before Paypal launched, only companies had relationships with payment processors and could directly accept major credit cards. Individuals had basically nothing.

Paypal was a huge catalyst for online auctions and small business, and it took took time for behavior like this to develop. And as others have said, they worked hard to not be a bank.


I refuse to use paypal for any nontrivial amounts of money for this exact reason. I once had $10k frozen for no reason at all. I really needed that money back then. Was an absolute nightmare and took weeks to unfreeze.

The only thing I now trust for "quick" payments of larger amounts of money is bank wire.

Cryptocurrencies don't exactly solve this problem since you need to convert back to the fiat currency and you then have exchange rate volatility + withdrawal delays (and crypto exchanges also are notorious for freezing withdrawals).


PayPal refuses to let heirs access, or even know if there is a balance on accounts after people die, regardless of death certificates. I wonder how much money is being held by this tactic?

Thing that amazes me is that people leave huge amounts of money in their PayPal instead of withdrawing it regularly. Why not just withdraw it, and then PayPal has nothing to seize!

Paypal still makes it hard for you to automatically transfer out money, so you have to remember to do it manually every so often. And then they'll block you anyway because you tried to transfer out

- too much

- too often

- too seldomly

- too little

Or any combination thereof. The only winning move it to not use it in the first place.


Merchant accounts have a feature called auto leveling to automatically move money to a bank account that can be enabled with a phone call.

It's trivial set to up automatic payout. The only issue with it is that you can only get daily automatic payout, which for some of us is not desirable.

I manually move $15-20k out of PayPal on the last/first day of every month, and never have an issue with this. Could be because it's a merchant account.


In the past at least, PayPal has also been known for simply taking funds from your linked banked account.

So maybe it's better to not link a bank account at all, which means leaving funds in your PayPal account until you can spend them (since you have no way of withdrawing).


I'd just go to my bank and tell them to reverse the transfer. Thanks to SEPA for that one.

Or link a bank account in the middle, between your primary one and PayPal, that exists solely to receive and pass along your funds.

I do this, but not specifically for PayPal. I have a checking account solely for using with third parties, writing checks, debit card transactions, account linking, etc. It has overdraft protection disabled. All my bank funds are in a “private” accounts that aren’t linked anywhere, don’t have checks, etc.

Surely dropping PayPal would be way easier?

On the consumer side, I'd much rather use PayPal than put my card number into a potentially dodgy site. Protects me quite a bit, and with a easier UI.

If I can't PayPal or Apple Pay, I've at times gone elsewhere.


All banks I've using have strong 3D secure. One of the banks require biometrics approve with installed phone app. I have no issues directly use credit card on random merchant sites for years. Especially when most of them use one of the popular payment aggregators.

> All banks I've using have strong 3D secure.

I've yet to see any bank in the US implement such a thing.

Citi, Discover, American Express, Chase, and my local credit union all lack such a two-factor setup for charges.


Biometric approve sounds pretty cool, but I'm personally not going to install some untrusted proprietary app to find out.

you have it backwards. 3d secure is not protection for you. it's for the merchant. it protects them against chargebacks. the merchants decides if it enables 3d secure or not, transaction by transaction. Most of them are using an external fraud risk assessment service. Accertify is such an example.

My credit card provider allows me to create unlimited virtual card numbers with any expiration date I want, that way every transaction can be its own number and any fraud is extremely easy to detect and prevent.

Cool, but mine doesn't.

Check out https://privacy.com/. Pretty neat and gives similar/better features.

Tried it, but I'm giving up serious credit card points that way.

You could look at the Citi Double Cash card, it's 2% back on everything and they support "virtual account numbers" directly.

You have zero risk in this situation so I'm not sure why you feel protected.

It's not zero risk; changing my card numbers after a compromise is an annoying process given the number of places I have to do it. Not having to provide that number to the random e-commerce site I'm trying to buy something unusual from is helpful, and reduces the risk of me having to spend an afternoon making sure I switched cable, internet, Github, Patreon, Heroku, kids' school lunches, music lessons, and fifty other recurring payments over to a new card number.

(I also get to skip entering card and billing details every time. Given the number of sites that see fit to use a special non-standard widget for the state field, that saves me time and annoyance on every transaction of this nature, too.)


Wait so merchants can just pull funds out of accounts without user authentication? This seems tailor made to facilitate fraud.

Not universally but a lot of the ACH agreements you consent to have a clause allowing drafts to be initiated on-demand until you revoke that consent. This isn’t necessarily bad and can often be desirable, but then it’s often up to you and the withdrawing party to settle your disputes about what is authorized and what is not.

Paypal will issue physical checks if you want to withdraw funds. They charge $1.50 for this service, but I use it since I refuse to link any of my bank accounts directly. I have a credit card linked, but that's a safer (in my mind) way to deal with any PayPal shenanigans.

That is crazy to me. Could you at least link PayPal to an account which you do not leave funds in?

Yes, that seems like a good option, provided you can find a bank account that's free with no hoops to jump through. KeyBank offered one at some point, not sure if they still do.

Might need to use a credit union instead of a traditional bank.

Sometimes PayPal institutes transfer limits on accounts, so its entirely possible that they don't let you transfer out the money fast enough.

They offer the worst currency conversion rate imaginable when you go to withdraw to your non-US bank, so some people prefer to keep it in PP as a USD spending account i guess.

True, if I have to pay in a foreign currency I let Paypal charge my cc in that currency, so that the cc company converts my currency instead of Paypal.

I don't recall the difference, but I believe the cc company gave me more than an order of magninude tighter spread on the conversion, perhaps even two.


If you move 50k a week it could still be a problem.

If you move 50K a week you can engage a payment platform to accept other means of payment in addition to Paypal, then reorganize how people pay so that paypal is de-emphasized in favor of more secure, lower cost, etc means of paying you.

Hell, for that kind of money you can hire an accountant or a full dev team to do it for you.


This is devastating to those users affected by this, but I believe that the blame doesn't lie solely with PayPal. Unfortunately there are many laws they must comply with that delegate enforcement to private companies like PayPal rather than where is belongs - the government.

From the article: PayPal allegedly sent his wife a letter that says she "violated PayPal's User Agreement and Acceptable Use Policy (AUP) by accepting payments for the sale of injectable fillers not approved by the FDA."

If PayPal DOESN'T freeze the account and hold the money, they can get in far larger trouble with the government. Why should PayPal be involved in this enforcement at all? If the FDA doesn't like what this seller is doing, let the FDA themselves go after the seller and leave PayPal out of it. But the law doesn't work that way.

I had $10k's in an account with BofA that was frozen and nearly killed the closing on a house I was buying at the time. Because they had a mailbox address on file for me, rather than my home address. It was horrible for me, but that's what the says that they had to do, and if they didn't the could end up in trouble with the feds facing huge penalties.

Let's try to empathize with all parties and think rationally about the incentives and constraints that they face.


I have (almost) no issue with accounts being frozen. At the end of the day, it's a private company, they can chose if they want to do business with you or not. Likewise, holding for 180 days is aligned with most credit card chargeback limits, so they protect themselves. (There are other ways to go about this, which most other processors handle in a frictionless fashion, ie Stripe).

Having an account frozen is more than annoying, but it's their choice.

However seizing (stealing) funds is completely unacceptable, no matter how it's dressed up. Hell, even if they gave seized funds to charity it'd be slightly more palatable than lining their pockets from proceeds they deemed as "risky".


> It was horrible for me, but that's what the says that they had to do, and if they didn't the could end up in trouble with the feds facing huge penalties.

Except that most likely isn't true. The law does not require banks to have your home address. The law does require banks to verify your identity, but there are many ways to do this without requiring a "home address".

The "home address" rule is self-imposed by banks and is yet another way that our country makes life unnecessarily difficult for homeless or itinerant people.

Edit: This is regarding USA law, and I realized I am not where you reside. I assumed USA because of the FDA mention but I realized that was referencing the article so may not be a good clue.


No sympathy here. They've been steali..err..seizing funds for decades, and dodging the lawsuits by leveraging their clout. Sure, maybe they have some regulations to follow, but they willfully choose to ignore the folks they're stealing from, instead of helping them to understand the process of getting their stolen money back, and prevent money from being stolen from them in the future. I hope they're squeezed hard on this one.

> think rationally about the incentives and constraints that they face

The incentives never justify unethical behavior, ever.


In my (quite extensive) experience with the company, one should only ever use PayPal as an extremely temporary means to accept payment for clients who can’t pay any other way, and then immediately withdraw the funds to a real bank account.

The company absolutely cannot be trusted, and will do everything in their power to take your money and not give it back. I do not know a single person who uses PayPal regularly for a business who doesn’t absolutely hate the company, because they do this type of thing so regularly.

Recently, when you log into a business account, there is a giant alert that looks like an important warning, that actually says you’re “eligible for a business loan”. You have to dismiss it every single time with the little non-default no thankyou button. And then beg them to give you access to your own money, because apparently you can’t be trusted.

I for one would love to see a lawsuit like this land.


I would add that folks should have a bank account connected to PayPal (etc) that is separate from your day to day accounts.

Not only will it localize any problems[0] but it will limit snooping[1].

[0] If PayPal wrongly deducts money from an account that has basically no funds in it you’ll be able to deal with the problem without having your actual funds locked up.

[1] Seems like basically every non-bank is switching from ACH deposit verification to a service called Plaid that requires your bank username & password, which then screen scrapes your financial details. There’s no reason to hand over your real life financial data when you can just use a dummy account.


> Seems like basically every non-bank is switching from ACH deposit verification to a service called Plaid that requires your bank username & password,

Why would anyone EVER do this. That has to be the most insecure and possibly catastrophic possible way to verify information.


Handing over your bank username and password to anyone would be a breach of the banks terms. So no, never do this.

I've been wondering about this as more and more services are asking me to do it via this same "Plaid" service. (I don't do it. I can't use some services. Cashapp mobile didn't want to let me withdraw cash without it; I figured out a way to on cashapp desktop).

Plaid is a company/service literally built around asking people to supply their bank username and password to a third party. (who then stores them (in cleartext, right?) for continued use!) I find it pretty astonishing.

(It's also literally training users to be phished, no?)

I'd be curious to see an article about it, with some details and context.


Here's a StackExchange discussion on it, and what a nightmare it is https://security.stackexchange.com/questions/198005/is-plaid...

I see a link to a lawsuit against Plaid in that discussion, but it's from 2020.

Interestingly, this page has someone claiming it's possible to register on Plain using ACH info https://teslamotorsclub.com/tmc/threads/for-those-hesitant-t...


This method is sometimes allowed, sometimes not. I'm not certain if it's an option the client who is using Plaid sets or if it's sometimes available based on the financial institution.

>service called Plaid that requires your bank username & password, which then screen scrapes your financial details

That is hefty accusation. Wouldn't doing that be illegal?

Edit: Looks like they have an entire controversies section on their wiki page and banks are suing them over said sketchy practices. Classy stuff.


Not if it’s not otherwise illegal and disclosed in the terms you agree to. As part of a settlement they now have a “privacy-centric” portal so you can manage what they know about you, ostensibly. But it’s difficult to find, and I would wager that most people who use the service don’t understand what they’re getting into.

Everyone seems to use it now, and it’s increasingly difficult to link accounts using ACH micro deposits because Plaid can be configured to disallow manual linking if the routing number corresponds to a bank they support logging into.

I simply don’t do business with companies that use Plaid in that manner, it’s a hard stop for me. My bank’s customer agreement specifically prohibits disclosing user credentials to any other party, and when support is confronted by that, they typically have no idea what to do with that other than say “Plaid is secure”.


I've never heard of this before, who's everyone? Which country are you talking about?

I’m not sure if they’re in other countries, but I’m referring to the US. As for who uses them: off the top of my head, for well known services: PayPal, Coinbase, YNAB, Truebill, Acorns, Venmo, Stripe has an integration, I think Mint?, the list goes on.

More often than not I encounter them when trying to link bank accounts to anything now, except with other banks.

They have a history of imitating bank login screens and not disclosing that they’re not your bank. They settled a few lawsuits about that in the past few years and are a little more upfront, but I wouldn’t expect the average user to reasonably understand the situation.

Visa tried to acquire them back in 2020 but dropped the plan.


Visa probably got a look at their infrastructure, and saw liabilities that could expand to consume all of Visa.

Prior to going to work for a direct competitor (which I was also a heavy user of), I fed my family out of a Paypal account for approximately 10 years, and had good experiences throughout. Total processed through Paypal on order of $X00,000 mostly in $30 chunks; I don't own the business anymore so can't SQL the breakdown by processor.

The one time my account was limited was after moving $3k immediately following a new apartment move in Japan. Total time to resolution: 2 minutes after calling them.

There, now you know one.


two good anecdotes vs over a decade of non-stop abusive practices.

2 white sand grains on a black beach count for very little.


Honestly, it is almost certainly the opposite. The vast majority of people use PayPal on a regular basis to pay for things they buy online without handing over a CC number. Those people generally have a perfectly fine experience and they never post about it. When people do post about their experience with a company, they are far more likely to post negative experiences than positive.

Putting that aside, I think PayPal should absolutely get reamed for this behavior. Even if they're only fucking over one out of 100k customers, it is still completely unacceptable and I hope they suffer for it.


I don't believe PP taking money is the outlier here. I know far too many people in real life who have had funds seized and never returned. I imagine it's happened to more people I know but who haven't spoken to me about it. I have had PP close one of my early accounts and keep the money.

As much as I hate Visa/MC/Amex et al they have never just stolen my money, or even left me holding the bag if someone got ahold of a number (as opposed to banks which have always left me hanging a la PP).


Very similar position here. $X00,000 for 10 years or so, payments generally in the US$1 - US$50 range. No specific complaints other can a couple of API breakdowns over the course of a decade.

So now they know two.


> and then immediately withdraw the funds to a real bank account.

If you link your bank account, you're at risk of them pulling funds from your bank account due to [reasons].

There's been such cases.


Governments need to ban 'shotgun KYC', which is where they let you put funds in the account before they freeze it and make you do KYC, rather than making you do KYC directly on sign-up. You're effectively forced to give away your info or lose the funds. Sites like Paypal don't want this to happen because registrations would drop off majorly if you had to KYC on sign up.

Governments encourage and are the ones pushing shotgun KYC so I would maybe phrase your comment more like "Citizens need to rebel against 'shotgun KYC'.

The concept of directly paying someone from your bank account seems completely impossible in America. There always has to be some middleman parasite- who conveniently charges a nice transaction fee for the privilege.

The payment volume over Zelle, which is instantaneous, free, bank-to-bank transfers, was about $307 billion in 2020. For ACH transactions, it was about $62 trillion (not a typo). Wire transfers are also a thing. So are, for that matter, checks, which by ancient custom are free for all parties but the banks (at least for retail users).

That the payment industry exists when all of the above is true is a fascinating topic. I should probably cover it in a newsletter sometime.


Yes, why doesn't the US have something like our SEPA where we can just transfer money to someone's account?

Because the U.S. financial system, and access to it is a very powerful tool in terms of international diplomacy, and a crucial source of evidence/intelligence for law enforcement.

Trivial abilities to move money around and an inability to lock out financial endpoints would completely neuter it's utility as sanctioning measure.


The funny thing to me is that you can't always even pay money to the government itself without involving some middleman parasite that takes 1 or 2% for themselves.

A UPI like system would completely solve these problems.

They did this to my late wife's account. They demanded that I prove she was dead, as if I didn't already have enough grief. See the documentary Pain Warriors about that saga.

How do I sign up to be part of this suite?


Did they ask for something more than a death certificate or something similar? That should have been enough, right?

I don't recall what all they wanted, it went well beyond the death certificate, which I had already supplied them. I had no issue with that.

I went and talked to a lawyer about and even he was pissed off about such treatment. Alas the amount of money involved it wasn't worth bothering.

This is truly how PayPal makes there money, by taking it from people, even dead ones.

I'm hoping to find good alternatives in this tread...


PayPal has the fraud problem. Every next payment platform who aims to become the next PayPal also suffer from it.

That a problem of any banking institution.

Differently from Paypal though, the last time that there was a suspected fraudulent transaction in my bank account, I had a physical and factual meeting at a bank branch, rather than having my account frozen and given a stock answer.


And this is the problem for PayPal. They seem to freeze accounts for arbitrary reasons, and way more frequently than banks.

If you are a business, the ability to transfer money without getting all your funds locked up is important. I genuinely believe they are doing it for reasons other than fraud and money laundering.


PayPal has lot of third party data than most banks, but they stuck at decision making process.

"Shoot First and Ask Questions Later"


Sure, but it's not up to paypal to decide what's legal and what's not legal. Definitely not their responsibility to seize money from locked accounts. That’s plain theft.

IF they choose the path of not having humans interact with their customers, and give bot replies, then yes, such platforms will suffer from it.

If they want to invest in proper human customer service, at the cost of decreasing their margins, then maybe part of that problem will be solved.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: