Hacker News new | comments | show | ask | jobs | submit login

There are always those subtle little details that get missed in these discussion.

For instance the site is, right now, taking pre-orders, not orders. There is no published timeframe when they'll actually ship the books that I can see. Paypal only allows you to accept pre-orders up to 20 days in advance of shipping the product to buyers, and even then they can demand significant additional proof.

Because, unfortunately, pre-orders are the classic setup of too many scams (which some random agent probably won't easily be able to eliminate), and it's the domain where PayPal ends up holding the bag. 5000 people pre-ordered some cool internet controller and then maker disappears, etc.

We've been hearing these sorts of "horror" stories for years (wow do people not understand how hard and exclusive the payment process used to be!), yet despite PayPal still being relatively small -- especially compared to the banks and credit card companies -- no one is credibly doing what they do. Maybe because they're doing something rather hard?

This isn't just a PayPal problem. All of the large Internet companies have this totalitarian approach to customer service. Google, Paypal, Ebay, etc. One bit goes from 0 to 1 somewhere in their code and you are friggin screwed. Can't talk to anyone. Can't email anyone. Can't SMS anyone. Can't even send smoke signals.

It's a totalitarian hit-them-with-a-hammer approach that truly needs to end.

I don't know what it will take for this to change but it has to change. For example, AdSense alone has left a trail of destruction like no other service out there. You read stories all the time about legitimate businesses being cutoff for no apparent reason without even the possibility to engage in dialog.

This thing with PayPal is downright scary. Having done tens of thousands of dollars of business with PayPal its one of those things that can keep you up at night.

The problem isn't the suspension of accounts for investigation. I welcome a responsible approach to preventing fraud at all levels, as a consumer and a vendor.

No, the problem lies in the fact that they don't engage in any kind of mutually-constructive dialog in order to try to determine whether or not there's a real problem. By not doing so they can ruin people's lives and, because they have so much money, they don't really care because it causes them no pain at all.

I for one hate government burrowing too deeply into anyone's affairs. However, this is one case where I find myself really hoping that one day we'll see Congressional action here in the US in order to protect us from the monsters that these huge corporations have become. Remember, vendors are customers too, not just the end-users/buyers of products and services.

This, very plainly, is wrong and evil.

You are completely right. The problem is certainly not "fraud monitoring", and it's not a problem specific to Paypal either.

The problem is in the attitude. Being French, I'm well-trained in dealing with soulless bureaucracies; but with the French administration (or probably any public administration in most countries) there is always a way to escalate the issue; and if you were right, you very usually win.

But these companies are judge, jury, police and executioner. This can't go on forever.

For that kind of problem the solution seems to be forcing a fast arbitrage system.

I totally agree - there is a total lack of responsiveness to any communication or contact by all of these internet giants once their "systems" determine that you are guilty. It is a one-way, dead-end street. Surely, all of them must realize that no matter how sophisticated their pattern matching algorithms and fraud detection mechanisms, they can be prone to error. This may be by design though - these companies have no problem with systems with a high false-positive/Type I error rate (convicting innocent people), as long as they can decrease their False-negative/Type II error rates (letting guilty people go free). This is of course the exact opposite of how the rest of our legal and court systems are designed - and therefore the frustration and dissonance.

Many times, when dealing with fraud, the damage done by a false negative completely outweighs the damage done by a false positive. This is almost always the case for the company, in some cases it's also true for other users involved. Thus, companies are frequently OK with having a high false positive rate in order to get the false negative rate to be close to zero.

The company obviously realizes it has a large number of false positives, and it's probably decided that it's worth it.

There's nothing wrong with deliberately having a high false positive rate. Airport security does that too. The problem is if you treat everyone who gets flagged up as irredeemably guilty even though you know you have a self-positive rate.

This would be akin to having airport security send anyone who sets off the metal scanner to a maximum security prison without right of appeal.

Very true, they definitely should dig a bit into their margins to provide a method of appealing the decision - I think it would actually help them quite a lot on the PR front, so it might be good even from a bottom line perspective.

> This would be akin to having airport security send anyone who sets off the metal scanner to a maximum security prison without right of appeal.

Not so loud, TSA will hear you.

I too have had issues with Paypal, albeit it was just an account used for eBay purchases. Someone sent me some money, that person was somehow related to some fraudulent transaction so my account got blocked. They then wanted lots of ID and proof of my purchases for my sales... well I had only sold one old mobile phone on ebay... they repeatedly asked for this until someone with 2 brain cells had the bright idea to look up my sales history, and then they blocked my account anyway!

I try not to buy of ebay or use paypal now (it wasn't difficult to open a another account - different card/address), I would rather pay a little more and buy off Amazon who in my experience have the best customer service I have ever experienced.

"It's a totalitarian hit-them-with-a-hammer approach that truly needs to end."

In my mind, this behaviour can be explained as the one of a monopoly. PayPal is probably a great service in the vast majority of cases, but the behave unacceptably in a number of exceptions. And it would not even be very hard to solve, because it seems to be mostly about process, transparency and communication.

This is quite similar to the treatment you get from many government services, which happen to be organized monopolistically as well.

Once there is a true choice for these basic services like text ads, auctions and online payment, this would likely end quite quickly.

There is probably something in the structure of these businesses that makes them come pretty close to natural monopolies. Maybe internet users should actively start to pick always the second biggest provider for everything in this space. But I would not be able to tell you a name for payment service and auctions site that was to fit that description.

I wonder if US Congressional action would solve this? There are other options in the USA instead of PayPal, but outside the USA PayPal is sometimes the only option (if it's available at all, I wonder what Africans will tell you about PayPal). So in the USA, there is starting to be a force to make online payments better. But not outside USA. So if the USA brings in some law, will PayPal, the Luxembrugish bank, have to abide by it? Probably not.

But then, how do we fix this?

What it boils down to is the scale that these organizations operate and the limited investment in customer service means that CS operations can't spend the time to understand problems. They build a decision tree that doesn't capture the subtleties of the real world and then implement it in a draconian way giving no autonomy to the people implementing the decisions. This is how a Strad copy violin can be seen as a fake when copying Strads has been a common and accepted practice for centuries.

I always said that the service of all online companies is great until something goes wrong. How they handle mistakes and problems is the real test.

I totally agree.

I can also see why you're being downvoted here.

And that's why things are not changing.

Well, the voting system in HN is friggin broken. It's too easy for fan-boys to push you down and out of a conversation. I've experienced this many times. It's sad only because these are generally good discussions. However, if you don't tow the "company line", if you will, you'll get punished with down-votes. All this promotes is a uniform culture of fan boys or, what is worst, an audience that does not participate due to the futility of it all.

Down-vote away.

It'd be easy to implement a set of rules that could make it fair. For example, limit the rate of change on any given post so that it can't be attacked by a barrage of down votes by fan boys. This would open up a post to a wider non-ideological audience and allow it to float or sink on its merits rather than whether or not the author pandered to the fan-boy culture's point of view on all fronts.

Further to that, nobody should be allowed to down-vote silently. That's chicken-shit. If you down-vote you need to state why you are doing so and subject your view to the same peer review, if you will.

Another interesting idea is that down-voting costs you a significant amount of karma points. And, if you go below a certain number you are ejected from HN. Now people are likely to think twice before down-voting on ideological basis because they'll stand to loose something.

All said, HN is still tolerable but it really is frustrating to be down-voted when purely on ideological basis rather than on based on the merit, accuracy or veracity of a post.

Anyhow, the PayPal, Google, eBay, etc. problem is not likely to be solved by yelling and screaming on blogs and HN. I firmly believe that massive legal action, and, more than likely, in the US, Congressional action, is the only light at the end of the tunnel. They are too big and just can't be hurt or bothered with any other approach.

Anyhow, the PayPal, Google, eBay, etc. problem is not likely to be solved by yelling and screaming on blogs and HN. I firmly believe that massive legal action, and, more than likely, in the US, Congressional action, is the only light at the end of the tunnel. They are too big and just can't be hurt or bothered with any other approach.

Be careful what you wish for. Congressional action forcing PayPal, Google, et. al to provide better customer service sounds great for consumers, but unless the legislation is very narrowly focused, it will just end up being another piece of regulation that protects incumbents and punishes newcomers (e.g. by imposing an untenable customer support burden on bootstrapping companies).

PayPal is the incumbent.

Exactly my point. If we use the government to protect ourselves from PayPal, we have to be careful not to kill WePay, Stripe, Dwolla, Gumroad, etc. in the process.

Not to mention that by the time it gets through the lobbying gauntlet, the legislation is more likely to protect Paypal than to harm it.

True, people downvote if they don't agree. without even giving a reason. While downvoting should be for eliminating spam and comments that don't add to discussion.

It's insane though, I just went through an issue approving my adsense account that took over a month. No replies, info, nothing. This is the life blood of the companies and they have so much money you think they would get on top of it better.

I don't buy it. I've done suspicious transaction monitoring for a very long time, and no, it's not that hard.

Certainly not hard enough to prevent your CS people from even giving out a phone number to call for support. Most certainly not hard enough to not be able to address quickly.

Financial transaction analysis is an old science. Experienced people are hard to find, but not exceedingly hard. Systems already exist to mine the hell out of data to tell the scammers apart form the genuine people. An of course, you can build your own system and whatever analysis you want.

And how big do you have to be to be able to afford this? Not large at all. I think you overestimate the difficulty of catching bad guys.

You should note that the recurring complaint is NOT "PayPal froze my funds". The complaint is "PayPal froze my funds and then refused to communicate at all with me". This points to incompetence and lack of consideration much more so than "This shit's hard, yo!"

So, no, financial transaction analysis is not hard enough to screw over your customers.

The notion that pre-orders are scary or generally disallowed has nothing to do with "scams": legitimate people just trying to get business done, who have established names or even good track records, don't always come through on these orders. It is not appropriate for those companies to be mitigating that risk using the credit from their merchant account; in this specific issue, PayPal can even get in trouble for allowing pre-orders to happen using their card providers.

As for Regretsy's continual lack of ability to get CS from PayPal, as someone who has often spent egregious amounts of time talking to PayPal, I honestly think Regretsy is doing something wrong. I also personally feel like PayPal should just ban them from using the service: they don't seem to understand how online payments work, and their reaction to normal procedures is to raise a public shit storm... it's just lame, and it shouldn't be getting play on HN.

As for Regretsy's continual lack of ability to get CS from PayPal, as someone who has often spent egregious amounts of time talking to PayPal, I honestly think Regretsy is doing something wrong.

Customer service != fraud department. Google, Netflix & Paypal seem to have similar methods of dealing with "suspicious accounts". Those methods usually involve something along the lines of shutting the account down and then rebuffing attempts to communicate with the people who made the decision. Customer service evaporates once you've been ostracized by their security systems.

I once asked a merchant account provider how larger companies (airlines, for instance) operate by selling stuff way in the future (booking at ticket 5 months in advance, for example), when they were giving me grief about selling a magazine subscription for a year in advance.

"Big reserves on deposit" is what I was told.

It's probably not quite as simple as that, but I suspect being able to demonstrate a degree of financial solvency (airlines? really?) and having funds in reserve would go a long way towards paypal working with you more. In fact, I think paypal ends up holding some of your funds for you as a reserve against chargebacks after certain conditions are triggered, no?

i believethey actually have to put up money in a reserve account as part of the payment provider agreement..... the merchant doesnt get credit.

That's what I meant when I wrote "Big reserves on deposit". Maybe it wasn't worded very clearly - sorry.

"It is not appropriate for those companies to be mitigating that risk using the credit from their merchant account."

If I'm not mistaken, if this were an actual, say, visa merchant account, all parties would have much clearer rules laid out. The customer would be protected "they didn't deliver, I'm not paying". The merchant doesn't get "credit" per-se..... they have to deliver goods or the charge-backs start, at which point they are up shit creek, along with possibly their substantial deposit with their merchant provider.

Paypal does not work like a normal merchant account for credit cards - people need to remember that - that's why we have these horror stories. If a credit card processor tried to pull this stuff they'd have their visa contract yanked in a heartbeat and thir merchant banks would drop them like a hot potato.

Regretsy is reporting the problem with PayPal CS in this instance, not suffering from it. It appears you commented without reading the article.

The notion that pre-orders are scary or generally disallowed has nothing to do with "scams"

I rather liberally misused scam to mean "sloppy or negligent financials" -- like "let's take lots of pre-orders and with those funds maybe we'll be able to make something happen!" When businesses need to front-load financing from their future customers, the likelihood of failure increases dramatically.

I think it actually is quite difficult, nearly all of PayPal's competitors were bankrupted by fraud (early on it was organized Russian crime rings).

"The origins of Palantir go back to PayPal, the online payments pioneer founded in 1998. A hit with consumers and businesses, PayPal also attracted criminals who used the service for money laundering and fraud. By 2000, PayPal looked like “it was just going to go out of business” because of the cost of keeping up with the bad guys, says Peter Thiel, a PayPal co-founder.

The antifraud tools of the time could not keep up with the crooks. PayPal’s engineers would train computers to look out for suspicious transfers—a number of large transactions between U.S. and Russian accounts, for example—and then have human analysts review each flagged deal. But each time PayPal cottoned to a new ploy, the criminals changed tactics. The computers would miss these shifts, and the humans were overwhelmed by the explosion of transactions the company handled.

PayPal’s computer scientists set to work building a software system that would treat each transaction as part of a pattern rather than just an entry in a database. They devised ways to get information about a person’s computer, the other people he did business with, and how all this fit into the history of transactions. These techniques let human analysts see networks of suspicious accounts and pick up on patterns missed by the computers. PayPal could start freezing dodgy payments before they were processed. “It saved hundreds of millions of dollars,” says Bob McGrew, a former PayPal engineer and the current director of engineering at Palantir."


Probably the reporter fault, but this sounds like he has no clue how the system even works for real

Well, he got his info through a game of Chinese whispers. He heard it from a Palantir spokesman, who got a brief from Palantir PR, who got a brief from the Director of engineering, who got it from meeting with a dozen scientists and engineers. So you can see that along the way, stuff got simplified and bastardized to the utmost.

So how does it work, really?

And you run a bank which operates across the entire world with hundreds of millions of customers?

Don't make the mistake of imagining that because you've worked in the same space as paypal that you have a grasp on the true scale of the problems they face.

Here's the problem. The problem is not that they're freezing accounts, its' the fact that there's no bloody CS to go along with it!

They refuse to tell you why you're blocked.

They refuse to allow you to talk to someone to appeal the decision.

PayPal's CS is absolutely _horrible_. This magnifies any other issues you may have with them.

Amen - you hit the nail on the head. Their CS phone people are truly loathsome individuals, seemingly on a never ending mission to patronize the person on the other end of the phone.

No. It is ALSO a problem that they are freezing accounts. They shouldn't be doing that. It's not really Paypal's job to pretend to be policing fraud in this way.

They have no business arbitrarily freezing accounts for months. None. It doesn't matter how much or how little customer support they have. That's wrong.

It is their job. They assume the risk, they have a responsibility to their shareholders and their legitimate customers and they have a regulatory responsibility to police fraud as best they can.

If paypal was letting chargebacks run out of control because they refused to police fraud they would have to raise the fee percentage to something like 10%, assuming they could even continue to have any sort of relationship with credit card processors. If that happened their customers would be screaming bloody murder and demanding they do something about fraud to keep things under control.

Not only that, but they would be shut down in just about every country in the world for helping to support terrorism and organized crime by failing at basic do diligence in stopping money laundering et al.

Every other payment processor does the same thing, dude. Especially when you go out of your way and violate the T&C (which as a practicing business, you have no excuse not to read and understand). If they say "You can't do X Y and Z" , where X is say, "Take payments for something that is greater than 20 days from shipping", and then you go ahead and do it anyways..

Welp. It's your own fault. Read the paperwork next time.

The freezes would be reduced to an inconvenience instead of an all-hands emergency if they didn't go out of their way to avoid talking to you. I cannot fathom what kind of boneheaded moron decided that an automatic system flagging your account means you are now persona-non-grata.

Not sure why you are using the words "you" and "your". I'm not the OP and never had my PayPal frozen. I just think they are being unreasonable. :) Also not sure why that opinion is being downvoted, but hey.

I reiterate: I don't care what their T&C says. It's not good business practice to freeze an account for months with no recourse. Period, paragraph.

I read that as the royal 'you'.

I don't have a problem with them freezing accounts pending review, or with them going after fraud, etc.

What I do have a problem with is freezing accounts for 180 days with basically no input from their legitimate customers. Yes, I have had Paypal accounts frozen in the past. They are extremely trigger happy here and they do not work with their customers to unfreeze accounts or even get customer information for their review process. Every other processor I know of including ones which address high risk areas of processing (like porn sites), engages in such freezes largely on the short term while review is done in order to determine what steps need to be done in order to bring the site into compliance or terminate the account. In no case is money held for such a period of time or with so little feedback.

Hey! What's with all the down-voting in this thread? I understood HN was a place where down-voting was reserved for trolls, not disagreement ... and "good" down voters explain reasons not immediately obvious.

>Hey! What's with all the down-voting in this thread? I understood HN was a place where down-voting was reserved for trolls, not disagreement ... and "good" down voters explain reasons not immediately obvious.

It's also reserved for stupid, uneducated opinions. Saying that "no, they shouldn't freeze accounts, no matter what, full stop, regardless of how good their CS is" not only adds nothing to the discussion, it's completely silly and flies in the face of the very logical and sensical reasons why accounts are blocked.

I'll say it again here: The problem isn't the automated blocking (which all payment processors do), it's the lack of an appeals process.

Going even further, it is the stated position of most credit card companies that at the time of purchase you are only allowed to take out an "authorization" (hold) on the funds: you cannot "capture" (get) the money until you are pretty much just about to (within 24-48 hours) ship the product.

you cannot "capture" (get) the money until you are pretty much just about to (within 24-48 hours) ship the product.

I'm not sure what the general worldwide fact is for all kinds of payment processing. But it is general practice (not federal law, as I thought before editing this) in the United States that a seller can't actually get money from a transaction paid by a credit card unless the item ordered has actually entered the shipment process.


That's the way Amazon has always billed me, and I think it's the reason that Amazon sends me partial shipments even when I didn't ask for separate shipments when I order several items at once.

I think it's the reason that Amazon sends me partial shipments even when I didn't ask for separate shipments when I order several items at once.

That might be one of the reasons, but I'm sure the usual reason is that the items are coming from different warehouses and the logistics are easier (/cheaper) for each to ship to you directly than for them to shuffle their product around so they can send everything to you in one box.

Same in the UK: You cannot (legally) charge someone for a product ordered over the internet until you have shipped it under the distance-selling regulations.

Kickstarter seems to have interestingly set itself up as a workable intermediary for that: you can set up a Kickstarter that is basically a glorified way of taking preorders, people can pay for them via Paypal, and generally Paypal doesn't cause trouble in those cases.

Isn't Kickstarter sort of like an escrow service in that case? Not sure how that would work, but do know that here in the Netherlands most companies accepting payments on behalf of others (i.e payment providers), have some sort of trust/foundation that owns the company or holds the money.

Kickstarter doesn't use PayPal, actually.

Huh, you're correct. I had this memory of having funded someone via Paypal, even could visualize the Paypal email confirmation, and I go and look, and it is indeed an Amazon Payments confirmation instead. Weird lapse of memory; sorry for the noise!

In fact, it is specifically due to Amazon Payments simple mechanism for getting a pre-authorized token that can later be captured that allows Kickstarter to run that business

(PayPal now supports this through PayPal X, but did not at the time that Kickstarter was being first released. Getting access to this API from PayPal requires more authorization than from Amazon, but the result is also more powerful: you can hold tokens with no expiration and seemingly no cap.)

Looking through the AdaptivePayments API, the limits on preapproval are one year and $2000, although you can ask to raise those limits on a case-by-case basis.


Kickstarter is US-only for project creators, so it's not really an option for most people.

I know of two non-US versions that somehow manage the same thing with their local banking system:

http://www.pozible.com.au http://pledgeme.co.nz

I'm pretty sure that i was forced to use amazon payments when Tim lured me into supporting that adventure game :)

Yes, see the debable with the JooJoo successor tablet where preorders were not fulfilled.

why dont all these pre-order things sell coupon codes for the actual product? "Buy a Product X Code NOW for 19,99* *product may not ship til dd/mm/yy". wouldnt that solve the problem?

No, because then if the original product falls through, there's still going to be a metric ton of chargebacks.

PayPal has horrendous customer service even compared to the worst credit card processor. For example, if you have somebody dispute a charge with a CC processor, you have a chance to refute. Not so much with PayPal.

In fact, they might order the allegedly scammed buyer to simply destroy the thing you sold them instead of letting you refund the money and take it as a return:


Here's something else. When we were planning on setting up PayPal payments to integrate with our app, we went thru the process blah de blah, upgraded our account to Web Payments Pro III or whatever, and suddenly… we weren't able to access our money any more. They decided to hold 30% of all our revenue for 90 days. Forever.

Not just via this new mechanism. But every dollar that passed through our account.

This was after years and years of happily using PayPal and having hundreds of thousands of dollars pass through the account without incident or customer complaint.

Meanwhile when we were a brand new LLC without a credit record to our name, we had no problem getting set up with real "big boy" credit card processing, merchant account, etc., all of which deposits daily. No 30-day holds.

More importantly, if there ever were an issue, these companies have clear, firm policies, and great phone support. I loathe Auth.net for all kinds of reasons, but if you call them, they actually help you. There's none of this "No, I cannot discuss it, and no, you cannot talk to anyone else" crap that PayPal loooooves to pull.

So, while PayPal would like you to think that they actually offer better service, that their hands are tied, that it's somehow not due to them being total capricious assholes… that's just one big stinking lie.

I thought I'd have a very quick look at the claim that PayPal is particularly small compared to credit card companies.

PayPal is a direct subsidiary of Ebay Inc. which has around 11 billion dollars in revenue, so compared to American Express, which has 29 billion in revenue, it is smaller but in the same sort of ballpark.

You know, despite their tiny size, I think they might just about have the available funds and resources to work out fairly quickly if a book for a known cancer charity featuring popular authors is likely to be fraudulent or not. And to provide proper arbitration.

I still don't understand where it's Paypal's place to do fraud investigations. What happened to Buyer Beware?

Let people spend their money how they want, be it scam or not. The only monitoring Paypal should do is that accounts aren't getting hacked.

Some customer tells their bank "this charge from Paypal is fraudulent" or "this charge from Paypal is for an item that was never delivered". The bank says to Paypal "prove this is a valid charge or we will take the money back." How does Paypal not have to do fraud investigations in that case?

Even if we accept that Paypal has no place in protecting people from fraud, it's hard to accept that paypal should not try to protect themselves from fraud.

Consider that criminal gangs are huge multi-million dollar businesses that run complex scams and money routing tricks that can confuse governments[1] it's not surprising that PayPal wants to try to protect itself.


Paypal integrates with existing (non-Paypal-run) bank accounts, debit cards, credit cards, and more, and they have to work within the requirements of the integrated financial products, and those products all have fraud-related rules/clauses/legal stuff I don't understand. Paypal has to minimize their liability toward all the other financial institutions they work with. I sincerely doubt Paypal would be able to work with all those other businesses if their stated policy was to just pretend fraud didn't exist.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact