It got me thinking about the standard assumption that any system limiting chars in a password must be storing passwords in plaintext and not hashing them, else there would be no logical reason to do so (since hash length is constant regardless of input length) - with the only exception being placing a really large limit (say 1024 chars) just to avoid performance issues with hashing really massive passwords.
But.. I refuse to accept that's what's happening here. It simply can't be the case that Paypal is storing plaintext passwords, can it? So there must be another explanation - but what is it?
The only thing I can think is that perhaps they are encrypting passwords, instead of hashing them, or started out doing this in the early days and have since switched to hashing passwords, but there were by then so many layers of validation cruft and/or dependent systems that somehow relied on the 20 char limit being enforced, that they were unable to remove the limit without breaking everything, and they've decided the tradeoff of just sticking with a 20 char limit is worth it.
Does anyone know of or can think of a better explanation for this?
Of course, I never was able to see their answer because I cannot log in to open the issue tracker. So, in the end I just gave up.
1) for those who want security, 20 digits of random characters using a password manager is plenty
2) for those who actually remember and type a password (i.e., just a regular password), requiring them to keep it less than 20 characters increases the odds that they can actually type it in correctly (think elderly or more easily confused people here) and that reduces calls to customer service to complain that their password doesn't work.
Reason #442 to use a password manager.
I suspect the answer to your question is that what we know as "Paypal.com" is a collection of 57 different legacy systems that were hacked together over a period of 20 years. It's not that a designer sat down one day and spec'd out the design we see. It's more like it used to be much worse, and then they fixed 173 bugs (sometimes is an overly conservative way), and we're seeing the result of that.
Unless a software team is very careful, what the users see is software archaeology, not UX design.
The British Airways site does exactly the same thing, took me about 5 attempts at resetting my password before I realised what was going on...
But yes 20 character password is infuriating. My guess is that, at some point, it's extremely hard to change the password character limit and make sure it's correctly updated everywhere at once. Passwords are used in several places and they're afraid of missing a few.
That's my most generous reading of the situation. I still think Paypal is pathetic. Their country locking is the most awful shit: you can't use a foreign phone number, it has to be one of the country you registered with Paypal. If you move country, tough fucking luck, you have to close your account and open a new one and that's "standard procedure".
My supermarket has different websites (for their card or online shopping), and one has a X-characters limit while the other does not. It has been a BIG hassle to get rid of all the problems I had (and still occassionnaly have some trouble).
So while having a password character limit makes customers angry, it is better than breaking everything.
It looks like Argon2 is newer and doesn't have a max length but still it's likely most sites are using bcrypt.
There's also a kind of handwavy "more than 20 characters is likely to be malicious input." Which is a little bit of a cop out but also probably true in general.
Bandwidth concerns finanlly brings us to the reason that paypal limits the password size to 20. PayPal uses an authentication scheme that stores the encrypted password client side and requires it to be resent with every request (or at least used to). Because the password isn't hashed before being transmitted, and is present with every request, they limited the size.
All of this was designed and implemented more than 10 years ago and even though both the bandwidth concerns and the need to send the password with every request are both outdated and paypal has likely updated to newer systems that remove these concerns entirely, companies rarely re-examine these kind of hard coded limitations unless they are legally required to.
I'm not particularly familiar with those security rules (even less with the rules of other countries) so I wouldn't be surprised if this isn't a rule in one of the countries PayPal operates in that they just decided to use everywhere to make it easier.
Mainframe.
My bank doesn't notify me about any transactions, I have to check my bank book manually. Once a mistaken transaction showed up and disappeared a few hours later, with no trace left behind at all. I just assumed it was a mistake and didn't bother getting angry.
It sounds like PayPal, or someone, made a mistake that PayPal then processed a fix on. When the guy called to say someone took money from his account with no notification, "what happened?", they said _he_ had actioned the refunding of the money. Which he hadn't.
They lied, purposefully and deliberately. But there's a good chance that the person on the phone wasn't lying IMO, instead someone altered his account in a way that didn't show [to their phone reps] in their system ... which is IMO much more messed up.
So PayPal lied to him.
Then they asked for details of the transaction that they said he had refunded and "blocked" his account for not providing them.
Government financial services should impose heavy fines on things like this, not informing a creditor when debits are made on their accounts. His PayPal account should have a user traceable error (with doubled entries in the other relevant account entries) -
money paid from $ACCNUM with $ACCID
money paid due to PayPal error and refunded to $ACCNUM
If they could do accounting properly then they wouldn't have to implictly accuse him of fraud (demanding the transaction details).
My experience of PayPal has in general been pretty good, but I did have a person pay for something from eBay, then when I was sending it - like just about to head to the post office I realised I'd not checked the payment. On checking the transaction link in eBay the transaction didn't appear on PayPal .. uh oh, so I checked PayPal and I couldn't find a transaction for the amount in my account list. So I checked eBay and the buyer had asked to cancel the completed transaction ... so I said yes, very begrudgingly. Then a few days later the buyer asked for the money back, but I never had it, and they (assuming they weren't lying) had a transaction for paying me ... which should be impossible with proper accounting because that transaction should include an entry in my account ledger too his payment and my receipt are one transaction.
My suspicion is that their database processing is lacking and their account ledgers as displayed to users don't properly demonstrate the status of accounts.
I had an unexpected deposit show up in my bank account last year and then disappear a day later. The bank sent me a letter in the mail explaining what happened.
Maybe you need a better bank.
so, i deposited a $1000 paycheck (was working for a local guy, fixing computers) once and did NOT notice that i actually ended up with $2000 in my account. This went on for at least three months, when all of a sudden I lose $1000 from my account. Apparently Wells Fargo had figured out about the bug and found all the accounts that had gotten double deposits and 'fixed it'.
All without notifying me.
...I don't bank with Wells Fargo any more.
When the bank corrected it the transaction completely disappeared, apart from the screenshots he took there was no trace of it whatsoever.
No need to get angry, but you might need to get careful. It's a bit like seeing a single cockroach in a restaurant; you can't just kill and remove it then declare that everything's fine.
Contacting them and confirming that it was a mistake is basic CYA, it establishes with them that it's not your transaction and hopefully gets something on file.
(I've just got off the phone with EE after a mysterious charge appeared on my account. They couldn't tell me where it had come from or even when it was applied, so after putting me on hold for a while they agreed to just take it off again. But I only spotted it because I'm checking my bills carefully after a previous dispute ...)
In his case, he just got suspended and asked to provide documents he is physically unable to produce (contrary to presumption of innocence).
the next day, and after almost two weeks since the refund to place (but only one day after the long phone discussion) my account was blocked as "suspicious" activity and in order to unblock it I will have to provide original product receipts of the product I was "selling", something that I do not have as I do not even know what I was selling!
I suppose the key is if Paypal put it in the wrong account then cleared up after themselves, I don't think that's a refund as such, you should be telling the account holder when they ask though. The other option is the payer paid money to the wrong account, in that situation this guy should be getting notified.
This isn't just an issue of 'not his money'. How are you supposed to know if your account is hacked, or some weird fraud is going on, or even just a straight forward, he sold something and thought he got paid for it.
In many (all?) countries, your bank would've acted criminally. If money has been deposited to your account, only you or a court order can get it out again. If somebody "just does it", they are on a similar legal basis as somebody that forgot a jacket in your house and decides to break your lock and enter your house without your knowledge or authorization to get it back.
Requiring a court order to correct simple bank errors is entirely infeasible and, frankly, pretty silly.
https://digital.wf.com/treasuryinsights/portfolio-items/tm31...
>A payor can attempt to reverse a payment made with an ACH credit only if the payor claims the beneficiary was already paid by a previous ACH credit entry, or the beneficiary was the wrong recipient of the funds, or the original ACH payment was in the wrong amount. Otherwise, the credit is considered final.
> When you notify your bank or building society that you have made an electronic payment to the wrong account, your bank will commence action on your behalf within a maximum of two working days.
> Where your bank finds clear evidence of a genuine mistake, they will contact the receiving bank on your behalf with a request to prevent the money being mistakenly spent. As long as the recipient does not dispute your claim, you will subsequently receive a refund of the protected funds within 20 working days from when you notified your bank.
http://www.fasterpayments.org.uk/press-release/new-help-cust...
Well, you clearly aren’t a lawyer (anywhere).
Yes that’s normal for PayPal.
Getting a the runaround about how and why it happened?
Yep, that’s expected too.
Actually getting a non-form letter response of any type?
That’s just lucky. We couldn’t get an account rep on the phone for almost 4 days when ~35k was suddenly deducted from the account. Nor when they accidentally cancelled all of our customers subscriptions while working an an unrelated fraud incident. Of course in both of these instances the customers blamed us for not being able to process refunds and being unable to reactivate their subscriptions.
PayPal, working as intended.
Imagine having PayPal place a hold on the funds in your account to make sure refunds/fraud can be handled. Then when a customer does request a refund you’re literally unable to process the refund because it won’t take it from the funds you just received that are held. So now you automatically lose all disputes and they just start raiding your linked bank account. So why did they hold the funds in the first place?
PayPal needs to end IMO.
Really the only thing to do, as soon as you see a "pay with paypal" screen is to go away screaming.
Here's the anecdote: I had had a company with a bank account and PayPal account, then dissolved the company and closed the bank account. Months after that, a former supplier of the now nonexistent company who had PayPal authorization deducted funds fraudulently from the PayPal account, claiming they had rendered services that were never rendered to a company that obviously and provably no longer existed.
PayPal sent the account into overdraft. When they couldn't deduct payment from the bank account that no longer existed, they started sending threatening communications to get me to settle the balance. I took things up with their fraud unit to get the transaction cancelled. Their fraud unit dismissed my case without looking into any particulars regarding the services that the vendor didn't render or the company that should have received services that no longer existed. To them the only thing that mattered was that, years ago, I was, in actual fact, stupid enough to click on "Pay with PayPal", the ramifications being that vendors are entirely within their right to use PayPal as an instrument of fraud and legal intimidation against me. It's your own damn fault, sir, for being so stupid and using PayPal.
Knowing that taking the legal route would have been way more costly than the amount of the transaction, and wanting to sleep soundly again against the backdrop of PayPal sending threatening communications, I wired money from my personal account to settle the balance and jumped through a shitload more hoops to make sure the PayPal account was properly closed and couldn't come to haunt me again in the future.
I think that's how they get away with it: Since the transactions they handle tend to be small, no one will take legal action.
This is what happened to me:
I got an eBay order and shipped it out, transferred the funds out of PayPal.
Buyer sends me an eBay message saying "OMG I'm so sorry but my eBay account was hacked." I believe them because when I googled the shipping address the package went to a foreign freight forwarder.
I don't worry because the address was "confirmed" in PayPal, so I'm protected from fraud. I always make sure to ship only to confirmed addresses.
eBay account owner initiates fraud investigation.
PayPal refunds buyer while the investigation is pending, I have several linked bank accounts, they didn't touch them, my PayPal account just goes negative.
PayPal sends me an email telling me I can't have a negative balance and I need to fund my account to get my balance to zero, against their TOS to carry negative balance. No biggie, I fund it. I think I was even able to fund it with a credit card.
Fraud investigation proceeds. I have to provide a tracking number to verify I actually shipped the item.
A few days later PayPal decides it's fraudulent, but I'm covered under their seller protection.
PayPal refunds me the money, I transfer it back to my bank.
I'm perfectly happy with how it was handled.
I guess that doesn't make a good blog post though.
What i would love is for these services to require ID for opening account, not after depositing over $250 (when you have skin in the game and have to verify your id or lose the $), they won't though because they would have a 95% churn rate on registration.
You say that but it's literally the only way to counter scamming sellers on the internet. PayPal needs to stay, at least until there are viable competitors.
Never had an issue with PayPal debiting funds though, in 10+ years using them.
What would be an alternative solution in your opinion?
I never got actual confirmation that paypal is really as bad as some people casually mentioned
I can confirm that PayPal is horrible to legitimate merchants. One would expect better fraud protection given the high fees they charge. I never expected they would simply “freeze” our funds without explanation.
I’ve been using PayPal personally for 10+ years without issue. I also own a company and have processed hundreds of transactions and withdrawals through a business account with them without a single problem. I’m not saying that dealing with PayPal is without risks, but it’s also possible that we’re hearing a vocal minority here.
Then you won't mind if I borrow the keys to your account. You'll never notice a thing.
Even if PP is just covering their embarrassment over a mistake, it is still nonsense on stilts that they stonewall and bullshit about transactions flowing through your account. Who knows if they're even legal transactions? Someone could be playing a game.
Before you assert the belief that Paypal would never risk laundering money, you maybe want to look at Wachovia, HSBC and Deutsche. And it doesn't have to be "Paypal" in some formal sense; it could be employees there.
It is incredibly naive to play "what, me worry?" about sketchy things going on in your accounts.
It happens ALL the time, and you'd never notice or be notified.
On top of that the vast majority of people don't get a notification every time a transaction happens on their checking account. Some banks are implementing a notification feature for some transactions nowadays, but it's rare, new, and opt-in. The general case is money just flows in and out without much fanfare.
Some banks show you transactions that are pending. If a transaction never goes from pending to settled then it literally just disappears without a trace. Standard behavior.
You’d expect that Paypal would notify him of the reversed transaction. Or would at least be able to tell him it was reverted instead of accusing him of refunding it himself.
Proof a ruthless focus in the right place can overcome almost anything.
They've been shit forever.
> PayPal survives because they keep end users happy, we (the people using PayPal to take payment or integrating it) aren't the end user.
Yeah as long as you just use PayPal once a year to make some payment through your debit card it's okay, but any advanced user who use it more often will eventually get in trouble.
Ultimately if you get into a bit enough dispute with Paypal you have to consider using the real courts.
Now, an aspect of running even a small business is that I have some cash on hand, and a profit margin to cover the cost of eating one or two disputes if necessary. If a $100 sale goes down the toilet, I don't lose $100, but only my original cost of goods.
Where I read about horror stories is individual sellers who are selling things like a second hand electric guitar. In those cases, the buyer and seller are probably both not swimming in cash, so having their money tied up in a dispute is in fact painful. And that entire economy is rife with fraud and outright theft. Also, electric guitars are a case where there is extensive room for dispute about the provenance and condition of each piece. This gives the buyer an easy way to claim "item not as described."
In my view the hot business model for using the small payment services is selling an inexpensive physical good with a generous mark-up.
I think this is almost exclusively small, inexperienced merchants.
Paypal is used in about 40% of our sales and we didn’t have any issues in about a decade. Even from personal experience as a buyer I can‘t report any major issues.
I keep my eye out for alternative services because like many others, I've heard horror stories, and would not mind having a backup. So far I haven't found anything.
A possible reason for my good luck is that I run an "analog" business. My product is a physical good that I make and ship, so the customer gets something tangible and that's the end of it.
I don't want to cast aspersions, but the horror stories I've read are either one-time incidents with eBay sellers, or complex digital services where the product is an intangible.
Turns out, 15 years ago when I signed up, I was 15 (I am 30 now) and that is against their terms of service. So my account is permabanned and they said to make a new one with a different email.
I can understand they don't want people under 18 to sign up, but for fucks sakes, it was 15 years ago, this feels like a fairly stupid policy.
I would like to add that the customer service experience in this instance was pretty good - they had a queue system where you can leave your number and they call you back instead of keeping you on hold forever, and they representative was helpful and professional and told me straight up that I could make another account.
I've been fighting a similar issue. I woke up one morning to an email that my account was permanently suspended, along with several family members' accounts that don't live with me. All of our accounts were shut down at the same time, with no reason given. None of us had used Paypal in months, and I haven't received money on Paypal in years. We can't get a hold of anyone to find out what happened.
Notification of deducted money is something that is quite reasonable to expect.
In this case he was trying to figure out what to do, it was handled by others, and a notification would have let him know that it was handled.
You choose to say it like that. "Notification of deducted money". The money was first added, then removed. It would have been different if it was first removed, then added. But it wasn't.
Would you let some 3rd party use your PO box or parcel locker as long as "it was none of your business"?
It's not his account. It's a service paypal offers. They own the service, the bits, everything. He owns the money. Paypal added some money that was not his, and then they took it away. Nothing of his was touched.
Note this isn't a snark at paypal specifically. I'm just interested if anyone with an economic background has an opinion to share.
What he got was a counterfeit, a fake that was broken.
He started the refund process, but I was pretty miffed that my reputation with my kid got mixed up in these poor business practices. So I emailed management and asked that they apologize to the kid.
It took almost forever to get them to figure out that I was not asking for a refund. I was asking for somebody to explain what happened, apologize, and take steps for it not to happen again.
He finally got a refund, although whether it was from my actions or his nobody knows. He said it came in three chunks, as if various departments were each pitching in a bit.
I thought my point was pretty clear: as leadership, when you take your company and allow its reputation to suffer like that, this is something you are responsible for and need to take action to fix. The money has nothing to do with anything. But they only have certain predefined channels that they seem to be able to communicate through. Anything outside of those channels causes a weird org fault.
I've worked with call centers before, and it continues to amaze me the strange place we are putting humans. They're paid to answer the phone, but after that? They're basically little robots, paid to execute a predefined program, adding in a bit of human-sounding noises now and then to make things slightly more palatable to the person on the other end.
> Inappropriate automation and human/machine confusion bedevil call centres. If you could solve your problem by filling in a web form, you probably would have done. The fact you’re in the queue is evidence that your request is complicated, that something has gone wrong, or generally that human intervention is required.
> However, exactly this flexibility and devolution of authority is what call centres try to design out of their processes and impose on their employees. The product is not valued, therefore it is awful. The job is not valued by the employer, and therefore, it is awful. And, I would add, it is not valued by society at large and therefore, nobody cares.
How true is this of the general population? I suspect that a significant fraction of call centre volume could be dealt with through a web form.
That said, the rest of the point is true: the lack of agency in call centre employees likely results in a huge amount of wasted time and frustration both for the customer and for the company.
I remember the first time I saw the computer-controlled voice-directing picking. You wear the headset. The computer tells you what to do. I see this way of working eating up more and more workers.
One economist put it this way in a recent column I read: robots aren't taking your jobs. Robots are becoming your bosses.
This is not the payment processors job, this is the merchants job. Instead of PayPal you could just as well have contacted Visa/MC/Whoever or your issuing bank, they wouldn't have been able to do much for you either.
E: Yeah, I guess I misinterpreted the parent.
-I had an old eBay account that was closed through inactivity
-I wanted to buy some headphones so I decided to create a new account
-When I went to eBay it had already given me a username through some sort of linked google account feature that used the google account I was logged in to
-I tried to buy 2 $40 headphones and it wouldn't let me, saying I was over my temporary purchase limit
-I figured maybe you can only buy one item at a time as a new user so I tried to buy a single pair of $40 headphones and got the same response
-I thought it might be my VPN, but my VPN was off at the time.
-I created a normal account linking it to my normal email and everything seemed well. I purchased the headphones successfully
-A few minutes later, I got an email that the first account had been suspended for suspicious activity. I first thought this was fine, until I read that I was not allowed to use any other eBay account ever again in my entire life. There were no options listed for recourse. Reading internet threads suggested that they were serious about this and that even if my other account still worked, they would eventually find it and close it.
Eventually I called and got a rep. I got the feeling he didn't believe me, but he fixed the issue so now I can use eBay again without worry. The whole experience left me a bit shaken though that triggering some automated flag nearly resulted in being cut off from one of the largest marketplaces in the world for the rest of my life.
I called and spoke with them for an hour and they would not tell me why they suspended the account, other than "I have reviewed the information and have decided the suspension is correct. But cannot tell you why it is being suspended." they kept repeating that she personally reviewed and therefore suspension must be legitimate. I said to her that her review of the account sucks.
And I had my pitchfork out to sue because they should not be doing that.
Second, I realized how powerful these big platforms like eBay are. I looked around for alternatives in case I did get permanently banned and I sure didn't find much. What was particularly creepy to me was how being an undesirable to eBay could potentially spread: they track your account, name, address, credit card number, IP, and so on and seeing any one of these can lead to bans on other accounts. In a lot of ways this makes sense, but in theory, if I happened to log on to my banned account at my mom's, it could match my account with her IP and ban her account as well. I doubt this would happen in eBay's case as support reps would probably help her if that happened, but it definitely brought to mind the Chinese social credit system where linking to an undesirable can make you an undesirable yourself.
Third and most important was personal. I'm engaged to someone who is planning to use eBay. I wouldn't care too much about being banned off of eBay but I would hate to see her life become any harder just because of some weird glitch.
I don’t know why companies do this but I notice that companies that don’t compete with Amazon tend to have horrible customer support, but as soon as Amazon enters the market suddenly everyone picks up the phone second ring, has chat, and sends out hand written e-mails.
I got the exact same feeling when talking to them. It sounded like they understood my problem, but the proposed resolutions were obviously not a match. Reasoning about it with them got me nowhere, they clearly had no other options.
Except if you asked the bank, they'd say there was a system error we had to correct, sorry for the inconvenience, please take our survey. PayPal will say you sent/refunded the money, we never touched these funds and can do no wrong, and if you can't produce documents that never existed related to this transaction that was entirely in error you can kiss your account goodbye.
- There was no merchant contact info. They managed to upload Google's logo and use Google Account as the merchant name. Isn't PayPal doing any basic blacklist check, etc. or check against stock logos (there are tons of companies now, which provide logo by provided company name).
- There's not way to report the invoice as scam attempt - I can only "cancel" or "archive", which sends the "merchant" an email and they can know that my email belong to a valid PayPal account after that as the email is sent by PayPal.
In general, after so many in business, PayPal is a lazy, slow, and stupid company. I am sorry to say that, but it's the truth. Their developers are a bunch of old timers, who have entrenched into the company and there's no innovation going on. There are many, many, many complains about PayPal, which I can list here. Most of the are very simple to spot and fix by PayPal, but, no, they are untouched for years.
I feel like their dev teams is maybe a dozen people who just do maintenance of critical issues and that's it. Their recent interface upgrade took years and it still sucks and feels like in the dawn of DotCom. Compare PayPal to Stripe, let's say - there's no room for comparison! Stripe innovates at a huge pace, they provide a much better DX (Developer Experience), and are so much nicer to work with!
PayPal recently acquired Xoom - a very expensive and shady money transfer company. Compared to TransferWise, they are a total joke. In general, I think PayPal is managed by technological morons!
P.S. PayPal Here is also a disaster compared to the rest. I bought the device (as PayPal gives nonprofit discounts like Stripe but unlike Square) and many of our transactions failed, so, we switched back to Square. Now we're integrating with Stripe's reader, so, we'll get the best of both.
Google, Facebook, PayPal all rely on their automated systems working perfectly and handling as much as possible. But there's always edge cases where things don't go as planned, and they require human intervention. But big tech wants max profits, so they try not to hire anyone, and those that they do hire are as poorly paid as they can get away with.
So you get very uninterested and unmotivated people handling customer support.
This was about 15 years ago, and back then this was the first Google result when you searched for "Paypal complaint".
It's like living with a drug addict. They may be family but you sure as hell dont leave cash or valuables laying about...
Great analogy! Despite enjoying a long relationship, Paypal will very possibly stab you in the back and rob you blind in a blink of an eye then become incommunicado.
"Oh, yeah, don't worry, 3D secure can't be forced for all payments, but we got you, we'll enable it when we think it might be abuse. Also, our seller protection covers you."
All the time: "Here is a customer that made 12 purchases during the last 13 months. We took the money, but you have to prove that the card wasn't stolen and that the customer got what he paid for. We didn't enable 3D secure for this transaction, so please fix this for us and we'll give you your money back. Also, if you don't we'll take some more money from your account. Seller protection does not cover this as services are in a gray-zone."
240K frozen and taken since 2012 and still counting! At least I've started to win all the cases, but it takes a lot of time. Time to switch to stripe where I can force 3D secure...
PayPal is a joke. A bad joke.
PayPal charged me £400 which I was lucky I spotted. Eventually after a week got the money back.
I never got an explanation why it happened or how I or they would prevent it in future. I prevented it by leaving eBay and Paypal.
I find this the best way to deal with them :)
Long story short is that someone I'd previously transacted with owed them money so they determined that they would take it from my account and recover it from me.
I complained the Financial Ombudsman in the UK. They agreed with my position that it was unreasonable for me to be held financially accountable for people I've transacted with indefinitely.
Paypal stuck to the line that "You cannot close your account in order to avoid a debt". Despite the fact that I had no debt, except the one they assigned me several months after account closure, out of nowhere.
I've found a few sites over the years which only supported Paypal as an option, in every case I've chosen to buy elsewhere or not at all. Paypal is not a company I could support.
And sellers on larger sites like eBay can't easily use a competitor. It's a classic anti-trust pattern and should be treated as such.
How come most of these stories seem to involve obviously incompetent merchants?
I expect them not to hide it though, i.e. I expect to see the transaction log to say "+1000 deposit -1000 correction", and I expect them to be open about the mistake IF I ask. I do not expect them to give me a call to explain what happened, however.
This is behavior I expect from any entity where I have an account with a balance, whether it's a commercial bank, PayPal, or anyone else.
There are many situations in which a person could receive money and genuinely think it was theirs to spend. Some of those situations could be ones in which the spending could be extremely detrimental.
Other than that I agree.
But can I close the account? Nope! I have to send official paperwork to prove it is a valid seller account before I can close it.The only reason I want to close it is so I can reuse the email address. But you can't even change the email address.
Their process is flawed and lacks common sense.
When you call support, either in the original or the new country, they both offer the same thing:
- change your password (I know my password, and though they seem to understand, their script seems to tell them to offer this)
- close your account (what, after telling you my email address and the last 4 digits of my bank account (not even a credit card)? That's password-equivalent?!)
Support tells me it's not supported to login to your paypal account from another country. Don't thousands of people do this every day? On holiday, while traveling for work, or moving countries like me... doesn't this happen thousands of times a day? I live an hour driving from five different countries, it's not uncommon for anyone here to be somewhere in, y'know, the EU.
A few years ago I remember being locked out of a PayPal account (which I just forfeited) for not knowing my security questions. Like, duh, you think I answer truthfully what my favorite food is for a payment account after I (the 13 year old leet haxxor) 'hacked' a classmate's Hotmail by guessing a very common favorite food? They still use security questions, but these days I enter my current password there so I can at least answer when prompted.
Yeah, exactly. I had the same thought when support told me to open a new Paypal account from the country I live in abroad and only use that account when I'm abroad.
Wait, what? Their official policy is to use a different account for N countries you spend any time in?
To link my new US bank account to my Paypal account, I ended up using a US VPN and then gave Paypal my friend's US telephone number so that he could feed me the security code.
It made me suddenly feel very precarious about how I currently use my Paypal account. I would've thought international-use was one of Paypal's main marketing bullet points.
Though, to keep things in perspective, Paypal does let me do things that my bank certainly doesn't, like send and receive money for free internationally and work remotely for anyone with a Paypal account. I can't complain too much and I'll give them the benefit of the doubt that they are hamstrung to some degree by psychopathic anti-laundering/KYC bullshit.
I hope Facebook's Libra will be more polished and be built on the expectation that people ever leave their country of origin.
This is the primary reason I, and I assume a lot of others, use PayPal - not because of their amazing customer support, but because of their customer protection which works just fine in 99.9% cases - which is still a lot better than 0 customer protection.
Paypal is a well-oiled machine until you trigger some exception that creates a case with their legendarily incompetent support - at that point, the results will be essentially random and often apparently malicious, no matter the facts of the case.
Reading this post has given me the final nudge I need to look into closing both those accounts.
It just isn’t worth the risk, IMO. At least with Stripe I know I can talk to somebody if a problem arises.
However, the concept of explaining to a customer why they did something is utterly alien to them. This just does not seem to be part of any process they have. It bewilders them to no end if you ask them for an explanation of anything.
So I end up opening a new Paypal account -- which must use a new email address, and can't have my old credit cards added to it.
Now I'm stuck in a situation where my newest account doesn't accept the credit card from my local bank because
This card is linked to another PayPal account.
Please remove the card from the other account
or try a different payment method.
Oh well, whoever are still using Paypal should know by now what they are risking.
Planet Money just had a story from the other side, one of the producers made a payment on another service in error, and tried to get it refunded.[0]
[0] https://www.npr.org/2019/06/26/736352315/episode-922-the-cos...
You could read one of these stories and come away passionately more pro or more against chargebacks, but the real solution for both situations is just more transparency and communication.
In SG's case, if they're right that the money ended up at the right place, fine, just let everyone involved know what happened, how PP came to that conclusion, and what options there would be for the parties to appeal in the case of fraud or mistake. It sounds like in the PM story that that approach would have resolved everything faster there too.
Transparency isn't going to kill you in this situation. You may be worried about privacy risks, but just make a clear policy as to what you can and can't say during the initial phases of disputes.
Transparency will resolve the easy cases, but there are real dilemmas here between buyer and seller rights. I feel like some of the tech that is taking over the roles of payment systems are just pretending these dilemmas don't actually exist. eBay definitely stumbled through buyer vs seller rights for a while, maybe still doesn't have it right.
Cryptocurrency is an interesting spin. In some ways its stance is that chargebacks are so anathema that they will design them completely out of consideration.
1 - Bought tickets for a show via twickets.live 2 - Seller (supposedly) sent a transfer request to me via the ticketmaster portal. 3 - I received, nothing, tried to contact seller, got no reply till after event. 4 - Open a dispute as I paid for something and received nothing. 5 - PP sides with the buyer citing ‘evidence’ the tickets were sent to me 6 - PP won’t share ‘evidence’ with me, wont reopen my dispute, no option to create a new one.
Now I’m down a wad of cash, didn’t go to the show, and got no opportunity to do anything about it. Closed my account immediately afterwards.
They are simply the biggest name in the business and have been around the longest. There is absolutely no other reason they deserve the market share they have.
They keep trying to balance this with good customer service, but I'm not sure you can do any better ... and I hope nobody thinks that cryptocurrencies are the answer.
Maybe I am in the wrong here but my approach each and every time to a project where I deal with someone elses' money is to try and figure out the most secure and most informative way to do everything, afterall it's one of the biggest responsibilities you can take on as an online service provider.
That is the story of the whole western world at the moment…
I now pay with credit card.
Once you have a very large organisation, consisting of many staff handling cases, all of whom need to be acting consistently, you face the real statistical likelihood of fraud within the company itself. Any sufficiently large company will have employees that try to defraud it.
The upshot of this is that large companies handling many transactions like this, especially ones that will often be disputed, must implement security not just to prevent fraud from outside the company, but also inside.
Such security measures are often very difficult to work around by employees trying to do the right thing by customers who are in the right, but where something unusual has happened that those security systems didn't anticipate. I can imagine this often frustrates the intention to have a smoothly working system.
You also can't easily make changes to accommodate such corner cases without opening other security holes, both within and without the company. And it takes a long time to formulate and disseminate new protocols that your employees should work to. And then you have to communicate any changes in the way you handle things to your customers.
Running a company like this must be an absolute nightmare of logistics. And it is surely made worse in that Ebay seems to have the ability to authorise chargebacks and refunds in disputed cases that can then be appealed to PayPal itself.
But the alternative is in my opinion worse. As a buyer, you must pay for an item before receiving it. I am aware of so many complaints online of fraudulent sellers making off with tens of thousands from fraudulent sales, and there being nothing anyone can do about it because of banking privacy laws. Having a service like PayPal seems essential to reducing fraud in such online transactions.
In summary, I can perfectly understand PayPal wanting to perform a security check for every long time customer for whom a flag was raised by some security protocol.
And naturally, there are going to be many false positives, and many unfair decisions taken at such scale.
Independent arbitration would indeed seem like a good idea. But who is going to pay for independent arbitration for potentially millions of disputed transactions? The reality is, almost every single transaction that has already been appealed to PayPal that can be appealed easily to an independent arbiter, will be. So you simply double the (already high) cost of such a service.
Paypal makes it very easy for subscription services to keep sneaking those charges in.
Closing my Paypal made it very easy to stop that nonsense.
It's comforting to know that other people feel the same way.
(Yes, I know that's impossible. My point is PayPal is effectively a monopoly.)