About a year ago, I bought clothes online using PayPal for my mother (and shipped to her address). PayPal blocked the transaction and temporarily suspended my account until I could verify a detail. When I logged in to verify, it was asking for the recipient's (my mother's) birth date. I thought it odd that they would ask, and also know, the birth date of someone PayPal has no association with.
I called their support (finding a human to talk to was difficult) to ask for the reason why I would need to give out my mother's birth date. I was asking for other ways I could verify and that I shouldn't be asked to give out someone else's PII. The support person started to become defensive, sarcastically asking "you don't even know your mom's own birthday!?".
I could tell this person saw nothing wrong with the ask and thought I was being intentionally combative. I ended up conceding and giving the information. Since then, I've stopped using PayPal as a payment method.
I always thought this incident strange and have wondered about how their verification method works.
> You’ll need to answer some questions to verify your identity. These questions come from a public database dating back as far as 20 years. They may be about property, places, or people you know. We don’t save or store the questions or answers in our system.
> You’ll need to answer some questions to verify your identity. These questions come from a public database dating back as far as 20 years.
Wait, I need to verify my identity by regurgitating public information about me? However PayPal scraped up that information, an attacker could as well. This is absolutely security theater.
I was the victim of identity theft in the 90s, and I often get questions based on the address, and fake credit accounts the thief opened. Super frustrating.
Similar scenario here. While my ex-wife and I were separated, pre-divorce, she thoughtfully applied for credit in my name and gave the address where she was living. Now I have to either choose to lie or fail this type of identity verification. I should really take the time to contact the credit bureaus and get it fixed.
I'm sure they are using the same type of database that the credit reporting companies provide. Not only does it often contain incorrect information, it sometimes asks me detailed financial questions about my adult siblings. How in the hell should I know what mortgage company my brother has used in the past? And it is NOT my job to contact him and find out so you can cover your ass with fake security theater.
Guess I am in trouble then if I ever get stuck into something like that. My 'public' information whenever I query it is a blend of at least 3 other people. Of which only one I know. One DB thinks I am married to my mother-in-law.
While I've seen these sorts of verification methods quite rarely, what's very frustrating about them is that in my experiences, the questions both make assumptions about what information is private for a person, and also come from rudimentary matching on public databases, which can easily result in questions you wouldn't be expected to the know the answer to.
In one case, while, I think, signing up for something that should not have required strong security, I think an online account for a shipper, I was asked for the birth date of a 'relative who lived with me'. Only, she didn't live with me: she was my ex-aunt, who had not spoken to any of us since her divorce when I was around 8, and who had moved out of the house, and out of the state, around two decades before we moved into it. The matching appears to have been entirely based on two people with the same last name having been recorded at the same address at some points over the course of 20 years, with no cross-referencing of other data or whether the dates were at all near each other. And given how common my last name is, it would not have been too surprising to have simply been asked the birth date of a complete stranger.
I actually called the company to find out how to get an account without answering this rather infeasible question, and they pointed out that if I just tried creating an account again, it would ask me a different set of ridiculous questions. I did, and while I don't recall what the questions were, I do recall they were such that a basic search for my name online would have immediately answered them, providing no identity verification whatsoever.
> Interesting. This would mean that they actually have the data to confirm whether it is correct.
I don’t find that surprising. I’ve hired a private investigator in the past. The amount of data US consumer reporting agencies have goes back decades. They will happily sell it to you as long as you agree not to use data older than regulatory thresholds. Credit reporting tends to have 5-7 year thresholds, so many people think that’s all they have. They keep it for much longer, and just make you agree you won’t use data older than the applicable threshold.
The reports I gotten from my PI have had biographical data going back to the late eighties. They’ve even provided SSNs and DOBs with nothing more than a name and general address match.
Is this database actually a thing ? A private company asking these questions is already worrying on its own but them already having the answer really feels like over-reaching. I'm pretty sure it's a US thing because there would be no way this would be legal in the EU but i'm tempted to do a GDPR request to PayPal
Do they even know your mom's birthdate? Can't you just give them a random date?
Also, if you bought something at a webshop, why does PayPal know who it's being sent to? They just need to know you and the webshop, don't they? Who the webshop sends it to is between you and the webshop.
Reminds me when I went to pick up my first UK passport when I gained citizenship. The passport office had no interest in looking at my foreign passport to verify my identity. Instead they asked me a series of question about my family, what profession they have, etc, that I know they couldn't have the answer to, unless they did some investigations that I think were highly unlikely given the volume of applications after the Brexit vote.
I think instead they were just checking if I looked like I was answering the question confidently or if I looked like I was trying to make things up.
Oh yeah, they do that all the time. I have dual citizenship and they’ve asked me a few times upon leaving the UK where I was staying, who I was with, what those people’s professions were, etc. I think it’s just random spot-checks to see if you look nervous. But if you get annoyed with them and tell them you’re a citizen they stop.
Buy item from using junk email address and shipping address of person B.
On delivery day, wait near person B's home, and grab the package when UPS delivers it. If person B manages to get to the package first, scammer is only out some time.
Junk email and 3rd party mailing address - harder to track scammer. Of course, this ignores IP address and similar - smart scammer would also use Tor and other tools to obfuscate the online transactions.
That's a good point, I don't actually know. I just assumed yes because they would ask. I also didn't want to complicate the process of releasing the funds – perhaps that was naive.
I believe in this checkout flow, it kicked me over to PayPal where I could specify the shipping address there. PayPal probably relays the address back to the merchant, akin to checking out with Apple Pay where you specify a shipping address via the Wallet app.
Sometimes when a credit card payment is handled by Paypal they ask for my first name. I enter my initials, since that's what actually on my credit card and is what I always use when making payments with it, but they don't accept it. Maybe somehow they know my actual first name, but I'm not going to give it to them so I then abort the payment.
Indeed, if you use privacy.com to get a temporary credit card (this is for totally legit purposes, folks!), you can use any name and address on the form you enter it in. Only the credit card #, expiration date, and security code are verified.
> I enter my initials, since that's what actually on my credit card and is what I always use when making payments with it, but they don't accept it
They (or probably just the form) don't like dots and/or too few characters in the field.
As sibling says you can actually enter anything you want in the "CARDHOLDER NAME" field 99% of times. For years I type "$BANK NAME" or "$BANKNAME CARD" (note the space) there and I never been denied.
Interesting. I have tried all combinations with and without spaces or dots, but I don't think I ever considered entering something not truthful, even though I have done that in other online forms thousands of times (one favourite is entering the street address of the organization I'm interacting with instead of my own when ordering non-physical goods; and fake birth dates of course). There's something about payments that apparently I consider more "holy" than other things.
Back in the day you could [sometimes] see FIRSTNAME L. in the sales receipt, but that was when the magstripe was the only option. Apparently it was a form of anti-fraud measure back in 20th century so someone could see what is printed on the card and what is written in the receipt (aaaaand what?).
With the move to teh chip cards and later to PayPass (which doesn't even transmit your card number in any meaningful way) rendered inclusion of anything viable there meaningless.
> There's something about payments that apparently I consider more "holy" than other things.
WEll there is always some idiot what would make it hard for everyone else. Like web designers who do ahve a very... interesting understanding of the outside world (people with Verylonglastnames-SometimesDoubledUp? living on Cultist Monks Revolution of May 1111 year Street? Don't kid me, they don't exist!). Or admins who made you think twice to enter bullshit in the form because the scary red letters says you would need a national ID to receive the package (and names there and in the receipt should be the same!) only for the courier just give the package and be on his merry way not even bothering to check anything (and sometimes forgetting to take money for the package paid in cash, lol).
For now I only know where you need to give your real (ie printed on the card, not your real one, lolagain) name is when the card data is processed manually. The only country where I know it still exists is US of A, last year friend of mine needed to fill out a PDF form (thankfully electronic without the need to print and send it physically!) to pay for Untappd Business.
And the UK's belief an entire street address always fits into a single short line is a bane for many foreigners. Every country seems to think they're the norm.
> why does PayPal know who it's being sent to? They just need to know you and the webshop, don't they? Who the webshop sends it to is between you and the webshop.
No, it's not, because the buyer has chosen to use PayPal's services for protection, and in order for the merchant to fulfill their end of the deal and also receive PayPal's protection (against chargebacks, disputes, etc) the merchant is required to ship to the address on the order (which PayPal has a record of for verification).
If you offer PayPal as a checkout option, you are required to follow their rules for fulfillment, otherwise you risk losing a PayPal dispute if filed later on.
This sounds awful. I honestly don’t know my mom’s birthday and perhaps interestingly she doesn’t technically know it either. Papers lost (and probably made up) multiple times when her family fled her home and then country before ending up here.
And she definitely has a birthday on her driver’s license now, but I think she might have to look at it to make sure she got it right.
I stopped keeping track after 21. I have no idea how old I am as I don’t really celebrate my birthday. All I know for sure is that I turned 21 over ten years ago…
Sounds pretty certain that you would never be asked this question, since it is not a matter of public record (or at least, not the public records these systems tend to use)
One assumption could be that there are certain products/services that have age related regulations and Paypal needs to comply. Maybe, if your product or supplier wasn't on that list but you still got asked for a birthdate there was a misconfiguration in that regulation rule set...
One should assume that while they have your money they'll look for anything to use to keep it. Companies are literally legal devices for diffusing responsibility and hiding what the right hand knows from the left hand to remove the intent from what would be fraud.
They play all the games people here report - support reps who are nearly unreachable and who all refuse to read previous communication so everything starts from scratch, randomly just closing the case, etc.
It'd be hilarious if you could torture a paypal exec with their own company's treatment. Put a wheel lock on their car because you claim a similar looking car was stolen on the other side of the country. Refuse to take the lock off their car until they can explain the origin of the car's brandname. Relock the car immediately after unlocking it because they attempted to drive away too soon. Relock it the next time because they didn't drive away soon enough. Lock all of their cars because there's been "too much activity" on their vehicles.
Most likely all of it. It is usually laundered through startups and other types with little to lose or who put little effort into reading or complying with legal agreements. These companies then sell it to more legitimate companies who don't realize where the data comes from and it all just ends up in a bunch of big databases that sell access to whoever wants it.
Was PayPal trying to verify your identity or that you know your recipient's identity (who's coincidentally your mother)?
I'm surprised if PayPal expected you to know your recipient's birthday, but
"What's your mother's birthday?" would be a common question to verify your identity. They should have moved on to another question if you had a moral objection.
On the other hand, scammers will often ship goods to a nearby address and pick them up off the porch, so verifying that you know your recipient might actually be a fraud countermeasure.
This is what likely triggered it. People that steal PayPal credentials change the shipping address to something other than the address on the PayPal account.
Reminds me of a property management company reaching out to verify some details from one of my guys, who had applied to rent one of their properties.
Did they call and ask to verify his listed employment? Naw. They sent me an email with a scan of his whole-ass rental application, complete with SSN and everything, unredacted.
I called them out on it and they completely brushed off my complaints.
I also got yelled at when trying to get a quote on auto insurance over the phone because I didn't know my dad's birthday. (Identity verification?) The man ardently supports <anti LGBT political party> and me and half my friends are LGBT, you think I buy him gifts?
I was "banned for life" about 4-6 weeks ago. No explanation given. No sketchy transactions on my record, just sending money back and forth between friends who (AFAIK) aren't up to anything suspicious. It was embarrassing having to explain to people that we'd have to figure out another way to transact going forward because I was no longer welcome with Paypal.
A week later I tried logging in again just to see what would happen, and everything was back to normal. I could once again send and receive money as if nothing had ever happened. Needless to say, I took the opportunity to transfer every last dime out of the account.
Same except I wasn't even sending money. Made an account years ago, never used it, got banned for life when I logged back in. Tried making a new account, but obviously they're able to detect that, so it wouldn't take any of my credit cards.
Probably works or doesn't. I was part of whatever small percent gets banned by mistake, whereas most people would end up using it and generate enough confidence in their algos to not get banned later.
Whatever, I can live without the ability to purchase random crafts from Etsy.
I opened a business PayPal account, and it was closed within the first 2 minutes of opening. There was no reason given, and I had provided all details necessary during sign-up. I still get promotional mails until now.
Same, I got the ban email before I was even done setting up the account:
> After a review, we decided to permanently limit your account as we found potential risk associated with it.
> You'll not be able to conduct any further business using PayPal.
> Based on this decision, if applicable, you are no longer eligible for PayPal Seller Protection as per our User Agreement. You'll also be charged a High Volume Dispute fee based on your activity for all existing and future cases you receive.
> Any bank or credit card information that's linked to your PayPal account cannot be removed nor can it be added to another account. You can still log in and see your account information but you can't send or receive money.
> If you have funds in your PayPal balance, we'll hold it for up to 180 days. After that period, we'll email you with information on how to access your funds.
> We regret any inconvenience this may cause.
No contact address, no escalation path, only vague rumors on internet forums of voodoo to get the ban lifted by the Paypal gods.
They continue to send me daily emails telling me to link my bank account. Okay!
And then a day or two later I get another email
> My name is YYYY and I work on the PayPal Business team. I am more than happy to assist you with your PayPal onboarding journey.
> So I understand the nature of your request. Could you please provide me with some additional insight to your business by answering the below questions.
And a bunch of generic business area questions (what do you sell, what's your volume, etc). Are you kidding? You open by telling a fellow to get stuffed, then talk about journeys and assisting them?
Is thin an American thing? Can they just pool money at will?
In the EU, if you revoke their SEPA direct debit permission, they are committing a fraud if they try to pull money, and 99.9999% of companies will not even try. If someone still does it, you can revoke the transaction in your online banking interface, and the company will then have to pay an additional fee to the bank.
You have a lot of time though, it's just that it gets harder to reverse.
Netflix' fraud detection is garbage and someone created an account with random letters, some throwaway email and my bank account. I didn't notice until it was like three months in. For the two later transactions, I could reverse them immediately and the money was back in my account on the next business day.
The other one was outside of that window, but my bank filed a request with their bank and it took forever, but eventually they paid it back. I believe this works for something like 13 months. Beyond that, you could still sue the person (and their bank) who fraudulently debited money out of your account, but you don't get a default win.
So at least in Germany you have about a year to notice.
Having had to deal with this is a previous job, from what I remember the rules DD are pretty strict and if you mess up as the collection agency, you have to put it right. You also don't get to just recollect - the few times we had software issues, we needed to write to all the people you are going to recollect from and inform them it will happen.
If they're large enough, they can get away with it, and the bank's insurance just eats the cost.
Experian routinely generates unauthorized credit card charges. The banks know, but they rely too heavily on the credit rating industry to stand up to them.
I've had to call my bank and they had a very hard time unapproving someone after I'd given them deposit permissions but ended the business relationship.
It was weird. They seemed very confused by the request.
There is no initial permission. Anyone with your info can pull money out of your account. A stop payment just blocks a specific person from doing it again.
[EU/SEPA Only] If you have signed a B2B SEPA Direct Debit (SDD), it's enough to revoke it on your banking portal as you have mentioned. Your bank is required for a signed Mandate to be able to debit your account. If you have been debited already for a B2B SDD, you only have 3 inter-banking business days to try to Reject the payment (if your bank offers that as a service), afterwards the bank that has issued the SDD is not legally bounded to return the money.
If it's a Core SEPA Direct Debit, there is not the concept of a "signed mandate" but according to the rulebook [1] you have up to 13 months [2] to ask for a Return.
[_sigh_] I've spend so much team reading those rulebooks
[2] "If the request for a Refund concerns an Unauthorised Transaction, a Debtor must present its claim to the Debtor PSP within 13 months of the debit date. [...]"
That's why I have no money in my PayPal account and the only payment method is a credit card which I get a notification for when it's charged.
I don't trust PayPal at all, but sadly, it's the least bad payment option in big parts of the european online shopping sector.
Yet another person finding out that Paypal is sh*t. What a world where you have to worry about four random letters in your messages that may just happen to coincidentally have terrorist connotations "Alep" ffs.
When I ran a company >10 years ago we swept our Paypal account daily to mitigate this risk.
This is not an option for the majority of businesses now as PayPal requires mandatory funds hold which may routinely be on the order of 90 days. So even if you sweep it daily, you still have 1-3 months of your MRR sitting in flight and at risk indefinitely.
I do all my business via PayPal, and have done so for 20 years. No mandatory funds hold. My account is cleared monthly, but I could have chosen daily (that screws with my own personally accounting). $200k/year transaction volume.
Too many people generalize specific stories or their own PP experience to all of PP.
PayPal offers the only viable micropayments service on the planet. Ardour.org saves 23c on every US$1 transaction we make (and there are a lot of them). There are no alternatives to this at the present time (and if there are, tell me about them).
PayPal is an enormous percent of total sales at my company. We accept all sorts of other payments types. So we drop PayPal and then what exactly? Suffer the loss of customers?
If using Paypal imposes additional operational risk, it's entirely reasonable to charge users extra for using Paypal. Offer them lower prices for using a payment method that isn't 100% shite.
As a seller, you are going against paypal TOS if you charge a fee to use it, the same way a credit card carries the risk of chargebacks but you aren't alowed to charge a credit card fee. I agree that this would be an effective risk-management tactic (less the fact that the fee you charge to mitigate the risk still gets processed by the risk factor) but it would also worsen your chances of getting banned.
This is indeed what I would do if I'd absolutely have to use PayPal. Customers can use it if they really want to, but they're the ones paying for the risk.
I pay a few companies by PayPal. I even switch to competitors if they are very similar (reputational-wise too) and one accepts PayPal while the other requires my credit card; but that doesn't happen very often.
The issue is that the credit card system is broken. PayPal is a bit less broken from the customer POV. (At least in my country, where if they just removed money from my bank account, I'd go to the police and somebody would likely be arrested - or rather, I'd report to my bank, confident they would go to the police.)
I have no good solution to this either. Fixing the credit card system requires replacing credit cards, and the US will be an enemy of anybody that tries that.
For me, it's the extra security and convenience. If the website doesn't use Shopify/PayPal, I'm trusting them with my credit card information and who knows how good their database security is.
It's the total lack of security. With the automatic consequence that all kinds security theater get imposed, stripping people of all kinds of rights, and solving none of the problems.
As a customer, I don't see the fees. But yes, by an eagle-eyes view the amount of inefficiency on the system is a problem too, as is the oligopolization. But those don't get in my mind when I make that kind of choice.
> It's the total lack of security. With the automatic consequence that all kinds security theater get imposed, stripping people of all kinds of rights, and solving none of the problems.
Not that I’m claiming that credit cards are a bastion of security, but could you be more specific?
What rights are you giving up? What inefficiencies do you see?
Have you tried promoting other methods such as standard credit card payments above PayPal? Have you AB tested removing PayPal? It could be a convenience but not a blocker.
Paypal also has massive costumer trust outside of HN. Many people would not dare enter their credit card info on a website but will happily click the buy with paypal button. It also has incredibly low friction, which makes you more money.
In europe, the UX flow for someone ordering with a credit card goes:
Enter cc info -> wait for 3d-secure notification -> click it -> enter passcode and possibly fingerprint as well -> click approve -> wait for the site to send you back from 3d-secure page -> order confirmed
With paypal, this flow, that happens everytime someone buys from your site, even repeat costumers, is reduced to:
Click buy with paypal -> possibly login to paypal again -> click "yes i want to pay this" -> order confirmed.
Some sites even make use of paypal's delivery address API and don't even require you to enter it.
It's really a no-contest that costumers using paypal will drop out of the flow at a significantly lower rate than costumers using a card. In some markets, your busines is dead in the water if you decide to not accept paypal.
As a user who uses paypal a lot, this is exactly why - I don't trust random websites with my credit card number, but I already have decided to trust paypal and given an option to use paypal vs a site's own CC processing, I'll use paypal.
I'd love to be wrong though, since after reading all this I kind of feel bad for the merchants, but otherwise I'll continue to prefer using paypal.
Lots of so called challenger banks offer virtual cards which can be used with merchants you do not trust, thus mitigating the risk of them having your ACTUAL card number which they can abuse/leak.
Yes, but if you already have PayPal, it's much easier to just use it as opposed to:
1. get an account with a new back
2. transfer funds
3. have new temporary card issued
4. use that card to pay
Me too. The issue is that while PayPal is pretty bad, I don't know of any other processors that are any better (from the customer perspective). And PayPal is universal, nobody else is. I don't want to have to manage multiple payment processors.
If I don't get the 3d secure authentication from my bank when buying something with a credit card then I don't trust this site. The places I buy from don't even offer paypal as an option, I guess they must be too expensive for the local web shops.
This isn't a Paypal-specific practice, but rather a common practice for credit card acceptance for certain types of business; if these customers go to some other bank for card acceptance a merchant account, they'll get similar conditions.
I'm pretty sure that seizing customer funds is part of their profit model. They've been doing it for a very long time, and well beyond anything that could reasonably be explained via regulatory or card scheme requirements.
> PayPal has restricted our business account because we have invoiced a license key containing the random letter sequence “ALEP”.
This makes me wonder: what's the best way to generate "safe" license keys? Binary feels like an obvious solution (binary keys surely get through virtually all blacklists?) but at the same time: binary license keys would be very long and very atypical, so maybe fraud detection systems mark them as suspicious anyway.
Maybe just generate random alphanum license keys and run them through some open source blacklists yourself? I doubt "ALEP" is in those lists though.
> what's the best way to generate "safe" license keys?
In the library (like the kind with books) field where I work, one identifier standard was devised that intentionally has alternating letters and digits, with never more than two letters in a row. Explicitly for the intention of avoiding the possibility of any meaningful words (that might end up being offensive or just off-putting in an undesirable way.)
It does make the identifiers longer for the same entropy/byte width, compared to a more normal BASE-X with an alphabet. Which mattered to me when they were going to be used in a URL, although probably doesn't for a license key. I personally in my projects stopped using this system for a more straightforward "Ascii-85" like encoding (which can contain coincidental meaningful words), because it was more convenient.
The particular system the library community was using [https://n2t.net/e/noid.html] was, I still think, over-complicated for at least my needs, but the alternating letter/number schema seems attractive to me now and perhaps worth slightly more characters in identifiers and slightly more complex algorithm for creation than a simple base-x encoding.
It sounds good, but of course for "security" it might not be enough. 626f6d62 is alternating letters and digits, with never more than two letters in a row. And it spells "bomb" when converted from hex to ascii.
Some security scanners do check for this kind of thing.
Why would you convert an identifier to ascii as if it were hex? And it seems unlikely that (eg) paypal would do so?
But, sure, it's just one idea. You can add more layers to make it even less likely something will seem problematic to someone somewhere; a 100% guarantee seems impossible, especially if you are going to allow things like above "What if we brainstorm for a way this could be a puzzle where the answer is a problematic word to someone". No "scanner" will even possibly catch every possible thing in that domain, no matter how unlikely.
I think they might. Maybe not all and always, but a thing about terrorists which can be quite mind boggling at times is that not everyone seems to agree who they are. Just look at how many countries are still doing business with Russia and other countries with less-than-stellar reputations. There may be plenty of parties who would actually not mind doing business with disreputable entities, for various reasons. I would assume they'd try to be a bit clever, but I wouldn't be surprised to see lax controls.
"terrorist" is an opinion or a judgment, not an objective fact. A better term in a KYC context "sanctioned entity" or somesuch.
If someone X is comfortable doing business with/as entity Y but a bank Z is not, it's totally sensible that X would say Y to the bank Z and bank Z would block them.
It is highly unlikely, but not impossible. Anecdotally, I did see a case of a business that put a real location of the business they are working with, which happened to be in a sanctioned country. Needless to say, it generated all sorts of questions and eventual OFAC contact.
Bottom line is: it happens, but I agree with you that people that know what they are doing are not putting "Pay for assasination by Osama Bin Laden on 03/28/23" in reference field.
Not really responding to your question, but one of my friend jokingly returned money to another friend with a bank transfer titled "for jihad". Needless to say, both banks were not amused. They both were "verified" on the phone and confirmed they are not, in fact, actually terrorists. I wonder how many people-years banks waste on pranks like this.
Many such organizations are legitimate legal entities in some country and handle purchases; and of course there are sanctioned people as well, and a payment from or to them does include their name.
If you buy multiple keys it makes life easier - you know which payment is for which key and for which invoice. This way you have an unique identifier to match them.
Without unique identifiers you have big problems.
The payment description should at least mention the invoice number or order number.
Undescriptive descriptions are terrible when you need to check / match something. Even a human will have problems not to mention autimatic systems. And automationg is something one could expect from decent systems. No manual checks. No ambiguity.
edit: Tbh. The more I think about it, maybe it is not such a far fetched idea after all with the assumption that they keys are temporary.
**
Eh. Coming from that environment, it would not be that easy for a reason that has nothing to do with technology. The lists that financial companies use are largely known ( some published by US Treasury for everyone to use ) and you can reasonably estimate a threshold most institutions will find acceptable.
However, the issue is political and not technical. OFAC itself has grown its SDN list[1] to 6300 names and that is just one list and the tool has been already severely overutilized ( in my opinion anyway, so take that with a grain of salt ), but if the trend and current geopolitical situation is any guide, this number will only increase.
What I am saying is that you have a big and very variable base to build a key from ( edit: come to think of it - not from:P ) and there is no guarantee and old key won't suddenly become 'hot'.
Here, the answer is to the problem is actually political. Affected businesses have to start really complaining, if they are affected by the requirements. I have no evidence suggesting that is the case ( based on what I saw maybe 20% of transactions face that kind of scrutiny and even smaller percentage is questioned the way the OP is ). Naturally, it does not help that this process is not standardized so every single financial institution does their own thing..
I am almost certain they violated their own policies for telling you which word triggered their filters.
Regular KYC procedure usually involves using a blacklist of disallowed words, and then if anyone triggers the filter, you block them, and ask them to submit any and all documentation they have for all recent transactions (but importantly, you dont tell them the transaction or word that triggered the check). Someone then reviews the documentation, and unless it explains the blacklisted word, the account ban stands.
And in the US that should be unconstitutional if we had a court system that actually upheld the constitution
If the Government is creating a list of no-no words (which in itself is violative of the constitution) it should be required to publish them as "Secret Laws" are defacto unconstitutional,
Further the government having a list of words I am not allowed to use, AND not allowed to know I am not allowed to use should be abhorrent to anyone the values freedom
The government hasn't created a list of no-no words, they've created a list of entities with whom US Persons cannot conduct financial transactions. I don't know what "ALEP" is but you can be sure it refers to some organization designated by the Office of Foreign Asset Control. PayPal's crappy system is PayPal's crappy system; their implementation wasn't directed by USG.
Wait a moment. While I agree that the government should be transparent generally about its law enforcement, you can't suggest that there are absolutely no secrets that should be kept confidential to enable reasonable law enforcement to occur?
If the government or some agency published all the indicators of fraud that it used to check that people were filing their taxes legitimately (and catch crooks), how would you ever conduct anti-fraud operations? Every criminal would have the manual on how to circumvent the detection mechanisms and move to techniques that the IRS doesn't know how to detect.
Should the government equally publish its root passwords because that's within your right to be able to know how the government operates also? That would be ridiculous.
The parent talked about KYC which is a Law / Regulation of the banking system. PayPal is required by law to KYC and comply with these types of regulations around governments lists of barred organizations, people, and nations
It's about paypal acting on behalf of and as an agent of the US government.
If it were just paypal they absolutely wouldn't care about the subject so much as to match random characters in descriptions, wouldn't give people zero recourse, etc.
The US government may not pass laws to achieve an unconstitutional end, even if it's achieved through third parties. If that is the effect of the law, then the law is invalid no mater how many times the "I was just following orders" trope is repeated.
It is, given they’re not classified as a bank due to their lobbying. The power of these corporations blurs the practical line between government and corporation.
That's interesting. Venmo (ik still PayPal-owned but somehow not trash (edit: yet)) seems to protect you from this by rejecting your payments early if they contain bad words. I found this out when trying to pay for a Cuban sandwich.
Interesting, on Venmo I go out of my way to put obscene and offensive descriptions since I am viscerally opposed to their stupid social network feed insanity, and I have never had a payment rejected.
>Proven to be scalable to visor applications, the laser protective filter in the Gentex spectacles utilize the latest, most advanced laser eye protection materials developed for and tested by both the NAVAIR and USAF/AFRL advanced technology development and demonstrator programs.
Quite. OP seems to have done nothing wrong but whoever at PayPal sent that message about ‘ALEP’ is skating on exceptionally thin ice with respect to sanctions laws and tipping off.
Regulatory supervisors I’ve worked with would have outright said this was a criminal offence, and I’d expect their German counterparts would take a similar view.
This is an asinine policy. Put yourself in the position of the counterparty, how is anyone supposed to resolve a disagreement using such a kafkaesque approach?
Simple! They’re not… the point is to be kafkaesque like this in order to frustrate and maximally deny anything that could potentially be a sanctions violation.
I won’t deny it’s a very very stupid design… but the madness does have a consistent logic to it. It’s very similar to the kind of logic that is involved in maintaining the no fly list.
When my wife sent me a message saying, "pick up some sea weed," T-Mobile was blocking it. Fortunately, we transitioned to using iMessages, which resolved that problem.
However, I continue to receive various spam and scam messages
- but T-Mobile is not blocking them.
I was surprised the first time that I visited the States as an adult - I picked up a SIM for the week I was there, and discovered that I couldn't visit Oglaf on mobile data.
It's quite fascinating, because I come from a country with an actual official government censor's office. But I've never been blocked from accessing a smutty joke comic here. Yet in the US a major mobile provider takes it upon themselves to do so!
I'm pretty sure the reason "verification code" is blocked is because people will buy a bunch of retail prepaid unlimited plan sim cards and use them to send A2P messages like verification codes instead of paying Twilio or someone like that. Carriers don't like this because they charge more for A2P SMS than P2P.
So if I send a message like "did you finish the essay about weed use?" or "what about going to Amsterdam next month so we can smoke weed" (which are perfectly legal) they will block it?
Good that no one uses those crappy SMS services and feed those crap carriers more data.
SMS is federally regulated, so while it might be legal where you live, there are a ton of roadblocks on the SMS side. Had to deal with this via Twilio in the past - and you can't get a list of the banned terms, just notices that messages were sent using them (including CBD which happens to also stand for Central Business District for some people). But yeah, you can have this issue on any SMS message sent in the US.
That's asinine though. It means you're preemptively blocking messages about anything from gardening to local news stories. Blanket keyword keyword filtering is an admission of having no clue, I can't understand why you would defend it. It can't be 'because it's federally regulated' because that would literally make it a 1st amendment issue.
> It can't be 'because it's federally regulated' because that would literally make it a 1st amendment issue.
thats what i was thinking as well... it seems for the us, its mostly about spam prevention and marketing messages (referred to as SHAFT in the link below)...
seems not intended for individuals but those messages intended for commerce?
Those guidelines make sense, but they're not just blanket keyword bans.
For example, it would violate their industry standards to send messages like 'Cool your thirst! No-ID beer sales in your area, reply now for $5 off your first 12-pack', sent out as a bulk message. But if I just message you saying 'wanna go for a beer later', it's not a commercial message. These guidelines are to prevent spam that might fall in one of the SHAFT categories, not to police communications between private individuals.
Facebook also blocks private chat messages with links to some cannabis-related websites (and presumably other things; it doesn't really explain what happens, you just suddenly get an error message).
Regarding T-mobile, they claim that content of the text msg must be legal across all 50 states. Not 100% sure which state and with law causes this but that is the reason they gave me.
Well the content of that message as stated by the OP is 100% legal across all 50 stays, even direct references to illegal drugs in messages is legal across all 50 states.
If that was legally required of T-Mobile, don't you think it would be likely be legally required of all carriers? If that was true, don't you think there'd be a lot of people here confirming that Verizon and AT&T do the same thing? I am incredibly suspicious of the idea that this is a legal requirement, not a choice.
Sue them for aiding and abetting any crime that happens where one of the perpetrators carried a cellphone with their service.
"No, they clearly acknowledge their service is used for crime - they block these other messages."
For bonus points, find a case where blocking the 'weed' message got someone killed. (You order drugs, the guy says 'weed on the way' but you don't get the message so you don't meet him, he thinks it's a setup and gets mad ...)
There is no law criminalizing the utterance of certain words, that's absurd. By your logic saying 'I'm going out doors to weed the lawn' or 'Our neighbor was arrested for illegally selling weed' are somehow evidence of crime.
My wife likes seaweed. I texted her the same text you used. She got the message no issues on her phone. SMS is not a guaranteed delivery service. Perhaps the message simply didn't go through? I see later in the comments you paraphrase something you said you were told by a T-Mobile representative. Perhaps the representative didn't even know if something was blocked but felt they were on the defensive?
At least they were given the reason and a chance to respond. I'm just an infrequent, individual user and one day I got an email from Paypal that I was banned for life with my account closed and the same would happen if I tried opening any new accounts. It also banned my Zelle account for life.
Thank god I never left any money in there or it would have been stolen. And to this day I still get emails from them as if my account isn't banned, but logging in just takes me straight to the ban notice and I can't actually close it or opt-out of emails.
If you can't unsubscribe and they're marketing emails take them to small claims in violation of the CAN-SPAM Act [0] if you're in the US. Liabilities are over $50k so you can easily max out the $10k limit in court with no representation. In this way it forces them to come to you and they will almost surely lose or settle before the court date.
Interesting. I don't remember the verbiage around the private right to action. It seems as though it would still be trivial to classify yourself as an ISP with respect to email. If you're running your own infrastructure for mail sending and receipt and that infrastructure is in receipt of the violating emails why wouldn't an individual be allowed to sue?
Seems as though CAN-SPAM has lost its teeth to protect the consumer through precedent if that's not a viable path.
It is because it's in their T&C's. And they fought tooth and nail for years to avoid being classified as a bank so the normal bank regulations and customer protections don't apply to them.
It is typical for large corporations to have a bunch of legal fine print. This effectively allows them to do just about anything, as long as they have a "reason".
They nominally don't do just anything (like take your money), because they want people to use their service, and if they cheated everyone all the time, you'd hope that people would catch on and stop using their service.
Having said all that, dealing with illegal transactions, fraud and scammers is tough. The corporations will, honestly, make mistakes, and having enough customer service to deal with it all properly is expensive. Hence automated bans. Often there is no recourse except moving towards a lawsuit, which may be unreasonably expensive for most cases, as compared to the money that has been lost.
I'd be curious to know what happens if you sue them in small claims court.
Jurisdiction may be an issue, but if they stole from you while you were home, then I'd argue your hometown is the proper jurisdiction. Note: IANAL.
I'd guess that they'd just not show up, you'd get a judgement, and then just have to figure out how to get it paid.
Or maybe they will show up, hire a local lawyer to represent them and point out the fine print in the ToS that forbids holding them accountable for any reason in any venue.
And with any luck, the judge will laugh at them and give you treble damages.
I saw a post on here recently talking about how they got Paypal into court. I'll have to try and find it again.
Problem is, it's not worth whatever court costs I would probably incur. Granted, there isn't a lawyer involved in small claims, but could they judge order me pay their lawyer fees if I lose?
Depends on the laws in your jurisdiction. I think in a lot of cases, small claims courts put very low caps on legal fees that can be claimed. The defendant might only be able to claim a few hundred dollars at most.
You might want to check if lawyers are even allowed in small claims. If they aren't they would have to sent a company representative, and there would be no 'lawyer fees'.
The ToS has a forced arbitration clause, so a judge would never get to the merits of the case. Any disputes must be resolved through an arbitrator that Paypal gets to pick. Judges love cases with forced arbitration, because they can just issue a summary dismissal and go to lunch early.
Yup, thx for the reminder. I had a small-ish balance sitting there and your reminder just provoked me to login, check it, and transfer it out. Can't wait for that new FedNow Service -- it should be coming soon! [0]
> And to this day I still get emails from them as if my account isn't banned
Marketing people please take note of this. It is particularly galling to be continually pestered to buy things from a company that has refused to do business with you. An Intuit company tried to sell me a home mortgage, and I applied, only to be refused because my home was manufactured off-site. OK, I moved on. But they continued to plaster me with offers for that same product almost daily for years, and now my relationship with all Intuit products is as distant as I can manage.
Is it possible your account was compromised and they closed it after someone abused it? I mean I don't know about you, but my password security wasn't exactly up to standards when I opened up my paypal account...
Companies are allowed to keep data necessary for their other statutory obligations, like taxes or KYC. Otherwise it'd be a get out of jail free card for fraudsters and sanction evaders.
Yes, but they're only allowed to use the data for the (legitimate) purpose it was retained. If you ask them not to retain/use it for marketing purposes, they can still retain it for statutory purposes but they can then only use it for that (not for sending you advertising emails etc.)
Yeah mess with your email provider by sending false reports, I'm sure they'll appreciate that (sometimes I wonder if spam is such a big issue in part because users report anything they don't want in their inbox, like a newsletter they previously signed up for, as spam or similar)
Either you're at a small ISP and paypal doesn't care about a handful of customers that need to dig an email out of the spam folder, or you're at a large one and it won't have an effect because nobody else is reporting it
This doesn't hurt paypal but might annoy a small email hoster that might have to clean up your mess.
People use Paypal because they can't get around it. If you want to hurt them, help reduce their market share. Complain to the support of the service where you needed paypal, asking for better payment options (cite articles like this or whatever). That's what I do anyway, and doubly so when I know the owner. That they need to also offer paypal to get more customers, sure that's their risk (I make sure they're aware of it), but at least offer legit payment options as well
There's a difference between messages nobody wants and messages that you don't want.
We've got problems with messages sent to literally millions of people: viagra spam, phishing scams, banking malware, you name it.
There isn't a problem with messages that you don't want to see in your inbox anymore but that are from a legit business where you can unsubscribe. Trying to unsubscribe from real spam just confirms that the email address is active and the message has been read, and now you'll just get more spam and your email address is more valuable. That's very distinct from a legitimate sender.
There's a clear distinction and I'm wondering if we'd have an easier time filtering out the actually bad stuff if people that think like you didn't muddle the data by marking normal email traffic as spam
Yes, this is a special situation with no real good options because paypal is behaving like its usual dickish self. I still don't think that it harms paypal or helps anyone to mark their email as spam. Best would be to create a rule to drop their incoming messages.
Or use GDPR or some other legal option if you have time to spare and want to cost them some time=money in dealing with your request.
Training a spam filter is not the same as creating a do-not-deliver rule for a given sender. Unless you manage to convince the filter that paypal is the same as a viagra scammer (good luck with that), you'd still get those messages from paypal.
Maybe some providers also denylist the sender-receiver pair when you click spam to combat this problem nowadays; back when I used public email services this was rarely the case. Nowadays I use a different system altogether so I don't know if this might now be common.
Either way, this is not what the spam button is for, but from this subthread I see that enough people on HN already don't understand how these systems work (and education is hard: people don't even read relevant oneliners pushed in their face at a relevant time, such as error messages), so I guess there's no hope for the general public altogether. I didn't know this is an entirely lost cause and is making me rethink about reporting spam on platforms like reddit. I guess they get so many false positives that I'm wasting my time reporting anything as spam ever.
Most of my email is on my own server, but in my experience (with gmail, etc.) marking a sender as spam will keep them out of my inbox going forward. I would personally filter the email, but for those who don't understand that process, marking as spam can be effective as well.
I mean, I agree that there are varying levels of legitimacy, but that's kind of baked into the system at this point and it doesn't help that plenty of spammers don't have legitimate unsubscribe buttons and sell your email to a chain of ever less legitimate players.
> There's a clear distinction and I'm wondering if we'd have an easier time filtering out the actually bad stuff if people that think like you didn't muddle the data by marking normal email traffic as spam
Something tells me that you missed most of the history of dealing with spam, because people used to be naive about this back in the day and spammers exploited the hell out of them by using unsubscribe to confirm that the email was live and similar tricks.
Unwanted is unwanted. It really does vary by person, that much is true, but even your viagra spam is wanted by some people. But the people sending it are very often also doing a lot of shady stuff like running botnets, so the technical measures to stop that look very different from, say, looking up the SPF record for Paypal:
So the short answer is no, people not wanting to get spammed by Paypal isn't likely to get you more viagra ads from botnets. Maybe, just maybe, it could create some small headache for Sendgrid (who is in Paypal's SPF, but is no small player), but I doubt it.
That aside, I think a few of them frequent HN and they can answer that one for themselves if they want to.
No. Spam is by definition unsolicited email (often commercial in nature) from someone you never have had any sort of (business) relationship with.
If you've used a service, even briefly, and willingly given them your email address, and then later get emails from them, that's not spam. Yes, it is super annoying that they automatically sign up your address for marketing, but there is a way to unsubscribe.
> Spam is by definition unsolicited email (often commercial in nature) from someone you never have had any sort of (business) relationship with.
Can you provide a reference to that definition?
I have checked on merriam-webster, oxfordreference.com, oxfordlearnersdictionaries.com, and wikipedia. None of them include the "from someone you never have had any sort of (business) relationship with" clause. Or even anything which could be read that way.
> Yes, it is super annoying that they automatically sign up your address for marketing
Yes, super annoying. And also spam. If I didn't ask for it it is spam. If they trick you to "agree" to it (for example by having a checkbox where checking the box means you don't want to receive emails) without you realising, that is still spam.
> None of them include the "from someone you never have had any sort of (business) relationship with" clause.
Spam is illegal, but I'm pretty sure none of the mentioned sources make the law about what is and isn't allowed to be sent. Maybe you can find the actual definition in the laws that apply in your jurisdiction.
The laws regarding spam are not the definition of "spam". Rather, the laws describe a subset of spam that can be clearly and definitively identified as "spam". It does not include cases that are just barely within a grey area, but which any reasonable person would label as "spam".
The law follows the existing understanding of what constitutes spam, just as it does for "murder", "theft", and a myriad of other cases. The law does not define these terms, only how they will be applied within the context of the legal system.
If an email address is provided for not-marketing purposes, and is used for sending marketing emails, that’s spam.
For example, I went to a mechanic, and provided my email address as a way to contact me. I started getting marketing emails from Sirius XM, despite never having interacted with them. Therefore, marked as spam. If Sirius doesn’t want their emails to be marked as spam, they shouldn’t be sending out spam.
Edit: Or, in the case of Walgreens, their "Unsubscribe" link reported that there was no subscription at the email address to which they had just sent an email. For that one, I did give a reply to let them know of the issue, and got no response. When the next one arrived from Walgreens a week later, that was reported as spam.
Do they now mark your address as "still active and being read" and send it more messages because it's now more valuable?
Or will you stop getting email from them?
That's the difference between things you should be marking as spam and things that annoy you but are legal and you'll just need to press unsubscribe on (and be careful with whom you give your data to). Write to your representative if you want the law changed on what's legal.
You can also complain to the market authority if an identifiable party sends you unsolicited commercial email outside of the law. If they're not identifiable then it's never legal, and that's what you should classify as spam because spam filters are meant to catch this. A legit business can be held accountable and has an interest in remaining in business, but real spammers aren't so simple to trace down and stop so that's what these filters are meant to do.
I get plenty of junk mail in the post. The fact that it's legal doesn't stop it being junk mail. Yes, I could take the time to write to a politician to complain about junk mail, or I could just chuck it in the trash and get on with my day.
Ditto spam. Yes, some of the spam I receive might be within the law. That doesn't stop it being spam though. I could also take the time to write to a politician to try and change the law on what spam is legal and what isn't... or I could just mark it as the spam it is and get on with my day.
What kind of junk mail? Where you gave your physical address to a third party and now they're sending you crap, but they're a legit business that you can tell to stop doing that and then you stop receiving junk mail, or do you mean they got your physical address from data leaks and the sender tries to scam you into resetting your password, sell you illegitimate drugs, etc.? You're talking as though both kinds, legal and illegal spam, are the same thing.
> Yes, I could take the time to write to a politician to complain about junk mail, or I could just chuck it in the trash and get on with my day.
What you're suggesting is messing with a spam filter designed to handle illegitimate email to get confused enough to also filter out legitimate emails based on a guess as to whether or not you might want it. You're not "just chunking it in the trash and getting on with your day" but actively harming the system instead.
> What you're suggesting is messing with a spam filter designed to handle illegitimate email
No, I'm teaching my spam filter about which emails I consider spam, so it knows to automatically filter them out in future. Which is exactly what I want my spam filter to do. That's its job. That's why I installed it.
> You're [...] actively harming the system instead.
I'd say the vast number of irrelevant commercial bullshit people get in their email harms the system more. It is spam. If I order a pair of pants from the Gap and they start sending me two or three emails a day, that is spam. If those marketing emails got marked as spam by all providers by default, the world would be better off.
Same with physical mail, which also explicitly just has an option for "bulk mail", which is even worse. If I could opt out of receiving mail from the USPS entirely, I would. (Although I consider them to be the most reliable service for sending and receiving packages.)
If I sign up for a service but don't explicitly opt in to getting their newsletter, any marketing emails I get are spam, and flagged accordingly. The whole idea that I've implicitly opted in without being asked is nonsense.
That's something to take up with your representative, because that's legal unfortunately (specifically: marketing similar products based on past purchases, and in my experience, the consumer market authority takes that definition rather broadly).
There's a second category of unwanted email where unsubscribing has as only effect that you'll get more spam because now they know that your email address is actively being read. The sender is a hacked server or a botnet, and no business is identifiable as sender. This type of illegal activity is what spam filters are designed to combat. You're not helping the designers by marking other email as spam: it muddles the data, causes legit senders trouble (like me, I don't have a newsletter but spam filters are so aggressive that personal messages sent from my server still regularly ends up in spam), and makes everyone's life harder.
I think in the Netherlands (or EU?) it has to also be one-click. It can't first give you a survey or ask you to enter your data again or other hurdles. It's quite strict in that way, but then quite loose in the way that businesses are allowed to send you unsolicited commercial (e)mail if you previously purchased something and they want to market a related product to you. Win some, lose some. I can see the point, though, that you might be genuinely interested in their new fancy better improved heat camera if you previously bought a heat camera of theirs, and the message still has to have that one-click unsubscribe link. I'm willing to accept this compromise even if I am usually not interested in those offers.
What has to die is the type of spam where you have no idea who the sender is or how they got your data. That's what spam filters are designed to filter out, since you cannot filter that by normal/legal means. It's much harder to try and make a spam filter read your mind on whether email from a legitimate business is something you're interested in reading (you may or may not care for that order confirmation, newsletter that you may or may not have signed up for, etc.).
But I've learned today (from the subthread above) that having the general public make this distinction and correctly train spam filters (such as email, but presumably also on reddit and such) together is a lost cause. We'll have spam forever, yay.
> It's much harder to try and make a spam filter read your mind on whether email from a legitimate business is something you're interested in reading (you may or may not care for that order confirmation, newsletter that you may or may not have signed up for, etc.).
No don’t be silly, if you use that button you’re actually breaking the whole system.
You’re just supposed to sit there and take the unsolicited non-spam from everyone around you and never touch that button ever, or dare call something that doesn’t fit one person’s ridiculously narrow definition of “spam” that.
And if you don’t like it, your inly course of action is obviously talking to your representatives to change the legal definition of spam. Anything else is breaking the system.
> No. Spam is by definition unsolicited email (often commercial in nature) from someone you never have had any sort of (business) relationship with.
The name "spam" comes from an old Monty Python skit about hearing the same thing over and over and getting sick of it, so this definition doesn't really respect the history of the term. The name spam started as a Usenet moniker some time after some lawyers started trying to get people to pay to enter the free green card lottery run by the US government.
This definition almost sounds like you're gesturing at "UCE" (unsolicited commercial email) which some people started trying to push as a definition for spam back in the day.
> Yes, it is super annoying that they automatically sign up your address for marketing, but there is a way to unsubscribe.
I mean, you're responding in a thread where they mentioned that's impossible to reach that page because they're banned and ignoring that people long ago found that unsubscribe was being abused to confirm (and then sell) verified emails to other spammers.
Some of us do crazy things to let us use unique emails per service, so we can find out who is selling our info.
Did you miss where the original person is unable to unsubscribe because they were banned? In this specific scenario, it is absolutely spam, otherwise known as Unsolicited Commercial E-mail (and by virtue of them being banned, these specific mails are by definition unsolicited).
I mean, I'd report it as spam rather than as 'malicious' so I disagree with the GP on that part, but...
> sometimes I wonder if spam is such a big issue in part because users report anything they don't want in their inbox, like a newsletter they previously signed up for, as spam or similar
It's been a problem ever since some green card lottery lawyers decided to spam Usenet and then moved on to using botnets and whatnot while people fought back with DKIM and SPF and such, so I doubt it.
> This doesn't hurt paypal but might annoy a small email hoster that might have to clean up your mess.
It's not clear to me why Paypal would be routing emails through a small email host and most people are using the few big webmail providers at this point.
> If you want to hurt them
I don't think people want to hurt Paypal, they just want to turn off the damn marketing campaign when they're literally banned from the service. Personally, I just set up filters to dump all the junk like the constant emails from Amazon so that I don't have to deal with it.
Horribly applied logic. While mistakes will happen, PayPal for individuals and businesses are apples and oranges because that’s how the banks work. This is a business account. This comment adds nothing to the convo. Little Snitch is amazing btw
> Thank god I never left any money in there or it would have been stolen.
That's not true. They banned my account when I was below 18 because it's forbidden to have an account for minors, but there was absolutely no problem retrieving the $1000+ that I had.
Even if the account is banned they let you link a bank account and withdraw.
> Now they ask us to provide an explanation of the reference to “Alep”.
WiseTransfer blocked my transfer because they didn't like my full name that they got from Monzo (Mozno has partnership with Wise). They blocked my transfer, hold it hostage until I contacted them, spent a few days hanging on phone, emailed them etc... they wanted to know what my surname means. I made an international transfer to buy a conference ticket. I don't remember the precise dates, but I spent full days on phone, emailing dozens of people and took me 3-4 weeks to revert the transfer. They. wanted. to know. what. my. surname. means.
Edit: I filed a complaint to Monzo and Wise, and stopped using both.
Just curious, why would you spend days resolving this? What was the amount of money here?
But yes anyone who has worked with the list of sanctioned persons circulated by the US government understands what a joke this is. Last time I looked Saddam Hussein was still on it, despite being dead for most of my life at this point. I've also been informed by at least one C-level exec that it was vitally important that we prohibit North Korean internet users from using our website.
> Just curious, why would you spend days resolving this? What was the amount of money here?
Is the implication here that the should walk away from being robbed of 170 quid? They're fighting for dignified treatment.
I know this is an example of another problem, but in the US it's easy to see someone actually being killed over attempting to rob someone of $200.
People have strong reactions to unjust treatment, especially when they believe they are dealing with a fair system. (I feel it's different when you know you just have to pay the bribe.)
>Just curious, why would you spend days resolving this?
Monzo couldn't reverse the transfer as the money wasn't in their hands. Wise Transfer customer support is just garbage. I spent 5 hours on a phone until > their side < ended my call during UK working hours. I called again and again, they never answered. I sent them emails, but each email I was getting was from another person who, like I said in another comment, didn't read previous email from Wise, so each time I had to explain the context and the whole situation. When I sent my response in a morning, they responded the next day afternoon.
> What was the amount of money here?
About £170 for the conference ticket.
>But yes anyone who has worked with the list of sanctioned persons circulated by the US government understands what a joke this is.
I already paid for hotel and plane tickets without issues. Best to my knowledge I'm not involved in any terrorist organisation, unless you account working for EU banking infrastructure company as such.
You're telling me that if I wanted to make an easy 170 quid all I need to do is scam you. You're not going to fight back.
You don't stand up to a bully just for their initial transgression. You stand up to a bully because if you don't they'll come at you again, even harder, and the world will see that you're soft, that you're a mark.
Having been scammed once out of a similar amount, yeah of course I'm not going bother. I've got better things to do with my life. Now there are many times when companies did try similar scams and it was resolved with a 15 minute phone call. But there is no way I'd spend days of my life over it. Almost all scams like this are resolved by opening a dispute with my credit card processor. That's it. I get the money back and never hear anything back.
> I've also been informed by at least one C-level exec that it was vitally important that we prohibit North Korean internet users from using our website.
The problem is, all you can virtually do is to block North Korean IP space [1], but you're still legally liable if North Korean users, say, use a foreign VPN service to interact with you.
International sanctions laws are pure and utter madness, with extremely high stakes if the government changes its course on selective enforcement, so everyone is "playing it safe" rather than "doing what makes sense and question outright bullshit".
My point is, what is the definition of "due diligence"? Who can say "yes, you're doing everything required"?
Usually, that's court cases and resulting case law, as well as executive fines... which means there is an insane amount of risk attached to everything related to sanctions, and additionally enforcement may vary between different governments.
Interpreting and complying with laws is something all business have to deal with, and not just with sanctions. I am not a lawyer, but due diligence is usually “do the best you can with the data you can reasonably get”. If you need to comply with sanctions law then you should ask your corporate lawyer.
Either way, your company is required to follow the law regardless of your opinion on it.
There are many ways. The most common are: If the users tell you they're from North Korea, you can tell that they're from North Korea. Also, if they connect from a North Korean IP, you can tell that they're from North Korea.
> And what sensitive information could they access? It’s defacto public.
The request likely had nothing to do with "sensitive information", but instead, sanctions.
> I've also been informed by at least one C-level exec that it was vitally important that we prohibit North Korean internet users from using our website.
that's an order I would break; to do that goes against the principles of the internet.
I suppose I'm not getting hired any time soon.
yea, I'm not 'obedient' enough... I have principles like open internet, shared culture, freedom, and so on.
what's worse, I feel for Korean culture, split in half by AmeriRussian "interactions".
It's not an order, embargo laws exist in every modern country. Doing business in embargoed countries just means prison time and fines. I don't know if you realize this, but almost nobody in NK has internet...
> I feel for Korean culture, split in half by AmeriRussian "interactions".
Germany reunified. Korea might have as well had it not been for North Korea's invasion of South Korea, and China's support of North Korea as a buffer zone.
And why no blame for Japan?
And what "internet principles" are you writing about? Everyone can access everything? This hasn't ever been the case. There have always been access controls.
(Of course, sometimes it takes breaking the law to change the law. Revolutions, for example, have never been lawful. Governments may even praise a revolution - especially the ones that brought them to power, - yet they would always make sure that any future revolution is illegal.)
It is unlikely an engineer decided to introduce a block list of names and this likely came from a product manager driven by compliance and risk mitigation. Problems are rarely the cause of the implementer and usually that is the side effect of layers of poor decision making in corporations. Poor because of the aggregation, not poor because of any one specific decision maker in the chain.
In a case like that, threaten to contact a lawyer because they are engaging in discrimination against you on the basis of (I assume) national origin. Unless your name is something like 'John International-Jewel-Theft,' they have no case.
Why is this included in the logic in the first place? Are terrorists sending payments via PayPal and including "ISIS membership fee, annual renewal" in the comments? It would seem to me that a keyword search like this is not an effective way to stop the flow of funds to sanctioned organizations. It's like scanning cancelled checks for the word "bribe" on the memo line.
No it wouldn't. A cursory search indicates that about 80 million people have the surname 'bin Laden.' Paypal is an international company. If a name gives you a 1 in 80 million possibility of a connection to terrorism without any other details, it's not actionable. The end.
My surname doesn't have any modern meaning, it's a middle age Slavic surname. It's pretty unique and only a few 100s people in the world have it. It's so wild to me that it got flagged by some kind of a list.
That depends on where you're from. Often in the English-speaking world, they do.
To take the another commenter's example, "Smith" comes from a word meaning, roughly, "craftsperson", as in "blacksmith". The ancestor that the surname comes from was likely either a blacksmith, or some other type of crafter whose profession can be described as "smithing".
They haven't lost those meanings at all. They may not have any special significance for you, but the meanings of the names remain nonetheless.
When I meet a "Johnson", my mind immediately goes to "John's son" even though "John" is probably a distant ancestor of the person, not their father. The name's meaning has not changed.
"Johnson", and similar names in other languages, can also indicate connection with the early Christian church, not a literal connection with a person named John. "Johnson" in this sense means someone who is a 'son' of John the Baptist (aka, a Christian). Or so I've read.
> Now they just mean you are descended from someone with that surname.
Adoption exists. I'm the first in my patriline to be born with my surname. So yes, technically I am descended from a person with that surname, but my father wasn't.
Sure, but I hope an etymological dictionary would be within the budgetary means of a bank's compliance department so that they don't have to lean on their customers for it.
This is likely cultural, but for almost everyone I know, their surnames mean something. Usually, like mine, it's the name of an occupation. Often, it's another surname with "son" added onto the end, meaning "son of x".
I've got the full extended meanings of my first, middle, and last names memorized. I'd post them but I don't want to dox myself. You can call me "Glorificus" for short though :) .
Or your surname is something like Al Qaeda (which is just "the base") or is "Ira" or any other combination of letters that could trigger very dumb 'watchlist' code.
OP and the article OP's situations are relatively easy in that the company actually told them what triggered the ban, and that presumably an explanation is all that's needed. I don't understand making a big deal about it. Tell them you don't know what your surname means and that "ALEP" is just an acronym that means "A Less Evil Product" and be on your way. Why does everything have to be a fight?
Sure, when the company says "We're banning you and not telling you why. Hahahaha!" it's infuriating, and probably worth even more than an angry Twitter rant. But "Can you explain what this specific thing means?" is not worth the rant IMO. Just explain and go on living your life.
I think this is giving the companies involved a lot of credit. I'm assuming if it took multiple days to resolve it then they didn't find "it's a name, it has no meaning" as an acceptable answer. The companies have no real incentive to be reasonable.
I’ve been using crypto and stablecoins for this for nearly 7 years now. Basically it skips international transfer scrutiny and for both the sender and the recipient we are using local banking on each side.
The exposure time is like 5 minutes, which mitigates every theoretical issue with the confidence of a stablecoin, or even the volatility of any particular crypto.
So what would have been an international transfer is converted to a scrutiny-free domestic transfer, which goes way faster too.
"HN is weirdly inconsistent about digital currencies. Generally pro encryption, net neutrality, open-source software, VPNs, etc. But mention "Bitcoin," and suddenly half the commenters lose their shit about the Four Horsemen of the Infocalypse.
Then they go back to commiserating with another Ask HN startup founder whose PayPal account was frozen."
It's not because of aversion to cryptocurrency per se, it's because the crypto space is absolutely full of blatant shills and they are extremely annoying people. A comment like 'I think cryptocurrencies help to mitigate this, but the flip side is that it can lead to money laundering' is insightful. Personal testimonials are basically just ads.
I agree. The industry needs to do a better job of weeding out the shills.
That said, every advertisement I get for a bank or financial institution, doesn't seem much different. Instead of individuals, it is big organizations trying to shill us into letting them manage our money for us.
All industries around finance attract shady actors. In Vietnam, you get the best exchange rate for VND, by going to the gold dealers. Paypal doing shady things is par for the course. Banks going under because 97% of their deposits are over the FDIC limits is normal behavior.
Simultaneously ignoring the benefits of cryptocurrencies and the problems they are trying to solve, while only looking at the negative edges that are covered by mainstream media, seems short-sighted at best. That's the inconsistency.
Yes, all industries attract bad actors. But the cryptocurrency space seems to be largely run by bad actors. Not everyone, of course, but a disturbingly large percentage.
> Simultaneously ignoring the benefits of cryptocurrencies
I don't actually see a lot of that happening here, though.
> Yes, all industries attract bad actors. But the cryptocurrency space seems to be largely run by bad actors. Not everyone, of course, but a disturbingly large percentage.
Source? Seriously. I mean, we have CEX going down with SBF and Molly White posting anti-web3 stuff. I'm sorry, but that isn't the core fundamental technology that we're talking about here.
> I don't actually see a lot of that happening here, though.
Again... media focuses on the failures and not on the successes.
ETH moving to proof-of-stake was a massive technological advancement that only happened after many years of development, and has gone off without a hitch.
While, at the same time literally decimating all of the GPU based proof-of-work mining in a single day. Not only that, but they were able to MVP release the code without even implementing withdraw! People have trusted the developers with 0.40T dollars worth of value [0]. It is not insignificant.
Next up is some really interesting work being done with zero-knowledge proofs, which will enable the scaling phase of blockchain to happen.
Please try to get past the HN trope of 'crypto has zero purpose other than number goes up or down and bitcoin mining is destroying the planet' and look at what is actually happening in the industry.
No specific source, just how it looks to me based on what I hear pro-cryptocurrency people say (mostly here).
> media focuses on the failures and not on the successes.
By "here", I meant HN, not the larger mediasphere.
> Please try to get past the HN trope of 'crypto has zero purpose other than number goes up or down and bitcoin mining is destroying the planet' and look at what is actually happening in the industry.
This comment is mis-aimed. I'm not on that trope (I see one legitimate use), and I do loosely follow the industry. I don't follow it deeply because it's not a field that is technically interesting to me, but I am interested in the ramifications to society at large.
All I'm saying is that a rather large percentage of people I see advocating cryptocurrency are not making cryptocurrency look good.
It was anecdata the first time. The second time, it became hand-waving.
> I do loosely follow the industry
You follow it closely and care enough to comment here. 'disturbingly large percentages' and 'rather large percentages'... all say it is the big bad cookie monster... but it is just that... all anecdata.
You're trying to spread a myth, without anything more than anecdata, which is the whole point of this thread. I'd love to see less myth and more research.
> You follow it closely and care enough to comment here
Yes, because I'm concerned about the societal effects of it. What I don't follow closely are the implementation details.
> You're trying to spread a myth
No, I'm simply reporting what I personally observe. I even stated where I've observed it (mostly here on HN). My observations can, of course, be incorrect -- but describing it as "trying to spread a myth" is misleading. I'm not trying to spread a myth at all. I'm explaining why it is that I view the cryptocurrency space as having a lot of sketchy things in it.
> I'm explaining why it is that I view the cryptocurrency space as having a lot of sketchy things in it.
I asked you for a source of the 'why' and you couldn't give me anything concrete. Therefore, my only other recourse is to assume you're spreading a myth. Burden of proof.
I have been very clear that I'm expressing an opinion, not stating a researched fact. You are trying to treat my statements as assertions of fact and are holding me to a burden of proof? Is it no longer possible to express opinions in the absence of conducting a research project? You are also expressing your opinion, but have offered no evidence either.
In any case, since you brought up burden of proof, it's the cryptocurrency world that is presenting the new thing, so it's on them to prove that what they're offering is an adequate substitution for what we currently have. I am the potential customer that has to be assured about it. So, in the larger sense the burden of proof is on the cryptocurrency people.
> Is it no longer possible to express opinions in the absence of conducting a research project?
What I'm reacting to is your inability to quantify your opinions. Specifically, 'disturbingly large percentages' and 'rather large percentages'.
> it's the cryptocurrency world that is presenting the new thing, so it's on them to prove that what they're offering is an adequate substitution for what we currently have.
"for what we currently have". See, that's the thing, we had newspapers and tv before we had the internet. The internet came along and gave us an entirely new medium. It took a while for people to get used to that. You're in that phase now.
While millions of other people are off experimenting with these new things (and effectively using as part of their daily lives). Nobody forced anyone to use the internet. People gravitated to it because they found value in it.
Just because you have come to the opinion that it has 'large percentages' of grift, doesn't make that opinion true.
> People have trusted the developers with 0.40T dollars worth of value
And that's the thing that causes the most cognitive dissonance. If you're going to trust someone, why not trust entities that have had hundreds of years to work out the kinks?
> that's the thing that causes the most cognitive dissonance.
The road is literally being paved and is being done so iteratively. I'm ok with that as that is a standard way to develop things over time.
> why not trust entities that have had hundreds of years to work out the kinks?
Simple. Because they are not acting in your best interest. We've been sold on the idea that money is scary and we shouldn't touch it ourselves. We should put it into 401k's and forget about it until we retire. We should 'trust' people who know these complicated finance things better than us. It is a self fulfilling prophecy.
> We've been sold on the idea that money is scary and we shouldn't touch it ourselves. We should put it into 401k's and forget about it until we retire. We should 'trust' people who know these complicated finance things better than us.
For 95% of the population (including me) crypto is the same trust system. I can't audit a smart contract and the underlying virtual machine it runs on. I would have no clue whether my transactions can be front-ended by bots that take all of the gains I expected, and then some.
I do have a general idea what happens when I use a credit card to make a purchase, and what to expect. I also have a general idea that if I put money into an investment account what fees will be deducted, and what stocks and bonds are being bought and sold.
And if I make the horrible mistake of sending money or NFTs to the wrong account, I know it can at least theoretically be reversed in non-crypto systems (and that often the reversal costs will be eaten by the bank, not paid by me). Whereas with crypto I have no expectation that the validators care about me to do a MakerDAO reversal on my behalf.
You obviously have some understanding of the system if you can speak about bots and front running. Fact is that front running exists in all markets, not just crypto.
As for reversible transactions, that's something done with smart contracts and escrow services. We are not there yet in terms of development, but it will happen eventually. Today, people actually appreciate the immutability of transactions. It enables the effective store of infinite wealth as a basis.
Credit card companies are providing the reversal business, which is paid for by the people who are borrowing money at insane interest rates... no reason why it can't be replicated once there is enough demand for it, but honestly, I'd rather move to reverse the model.... over collateralized loans. This is what is done in countries without the whole bogus credit rating systems.
We did not have an alternative to electricity for all of the things electricity could power. For some of the things alternatives to electricity continue to be used (e.g. oil, gas, or wood heated homes; windows for light; combustion engines and fuel cells for automotive power).
> You obviously have some understanding of the system if you can speak about bots and front running.
What I've read on crypto skeptic blogs. So basically my understanding is equivalent to the understanding that anyone gets from reading news articles written by content-expert journalists. From what I understand the front-running in crypto can have pretty egregious effects, and can occur with simple monetary transactions, not just the crypto equivalent of stock market transactions. (Yeah, sure, front running can occur in currency exchanges in non-crypto, too, but as an individual, when you go to a currency exchange, or make a purchase overseas, you know the exchange rate before you trigger the exchange.)
> Today, people actually appreciate the immutability of transactions.
I don't. And I don't see how this follows: "It enables the effective store of infinite wealth as a basis." Infinite wealth cannot exist. And how does immutability facilitate this? And how is a blockchain that can technically be rewritten at non-infinite cost immutable (i.e. the MakerDAO rewrite, or any Sybil/51% attack)?
> Credit card companies are providing the reversal business, which is paid for by the people who are borrowing money at insane interest rates... no reason why it can't be replicated once there is enough demand for it, but honestly, I'd rather move to reverse the model.... over collateralized loans.
From what I understand, the interest rates go to the issuing banks, and the credit card companies take their profit from fees. Credit cards (and payday loans) exist for people who lack the collateral for a non-signature loan (without having to collateralize their freedom, aka debtor's prisons or endenturing). The only way to do this in crypto is to trust a third party lender such as Voyager or Celsius.
Front running a transaction is essentially a sandwich attack. It primarily happens in illiquid markets where someone sees a transaction in the mempool, does a large flash loan borrow to affect prices, then your transaction executes at a poor price point, and the loan is paid off. All in a single block. 1) Typical transactions are not front run. 2) There are ways of preventing front-running. This is not really an issue for the majority of users or a design flaw.
> you know the exchange rate before you trigger the exchange
You know this in crypto too. The issue is that the market depth might not be large enough to support your transaction. That will change over time, or you just stick with the basics... BTC/ETH/Stables and ignore the rest of the stuff.
> how does immutability facilitate this?
If you know that it is impossible to double spend, you can trust the math.
> And how is a blockchain that can technically be rewritten at non-infinite cost immutable
This is well covered in Andreas Antonopoulos videos on YT.
> Credit cards (and payday loans) exist for people who lack the collateral for a non-signature loan.
In Vietnam, there is no credit reporting agency. You don't get a credit card from a bank, but you can get a MasterCard/Visa "credit card". The thing is, they are effectively debit cards because you have to time deposit collateral in order to use them. People still get to shop online, but they are limited. This is honestly a far better system because it encourages people to spend what they have, not what they don't have. I also prefer to cut out the middleman who's generating all those fees for both the merchants and the end users.
> The only way to do this in crypto is to trust a third party lender such as Voyager or Celsius.
Bad examples given that Celsius was a ponzi. There are decentralized lending protocols. AAVE is a good example.
> We've been sold on the idea that money is scary and we shouldn't touch it ourselves.
We have? I guess I was passed over when that sales job happened.
> > We should 'trust' people who know these complicated finance things better than us.
That's not how I look at it. How I see it is that when I'm operating in the established monetary system, I have some amount of protection and recourse available to me if/when things go wrong. With cryptocurrency, I have none.
To me, that's a really significant difference, and is in the top 3 reasons why I avoid cryptocurrency.
It has nothing to do with "trusting" financial institutions, or feeling like money is too complicated to understand.
> I have some amount of protection and recourse available to me if/when things go wrong.
We just literally witnessed several banks fail in the last few weeks, along with a litany of startups freaking out about how they were going to pay their staff. The government had to step in to prevent things from going totally ape shit and we are still on the edge of things getting worse by the day. All because people had some sort of belief like you do.
> We just literally witnessed several banks fail in the last few weeks, along with a litany of startups freaking out about how they were going to pay their staff
We did, and those startups got into the state they were in because they chose to avoid getting insurance on their deposits that exceeded the FDIC limits. That's not the fault of of the financial system. And the financial system protected them well over and above what it had committed to do.
> All because people had some sort of belief like you do.
Not at all. If I had a large deposit like them, I would have actually used the services that would have protected my deposits.
> That's not the fault of of the financial system.
Hilarious. On one hand, you're saying that cyrpto is this big mess full of bad actors and on the other hand, placing no blame on a financial system that can just blow up in a week because of poor design and oversight.
Just like it isn't the fault of cryptocurrencies that there are bad actors. It is just intrinsic that there will be issues in any functioning system.
> What protection is there?
You said none, but I can provide you with at least 3 different decentralized insurance protocols with proven track records. Here is one: https://nexusmutual.io/
More will come over time and demand. DeFi is still quite new.
> On one hand, you're saying that cyrpto is this big mess full of bad actors and on the other hand, placing no blame on a financial system that can just blow up in a week because of poor design and oversight.
You've taken my stance on both counts to an extreme that mischaracterizes them. I never said cryptocurrency was a "big mess", and I never said that the established financial system is some paragon of virtue and perfection.
What I said is that the financial system did what it promised to do for those people who were affected by the bank failures.
> You said none, but I can provide you with at least 3 different decentralized insurance protocols with proven track records.
And yet, until now, you didn't actually mention any of them. I can't read your mind.
The one you link to doesn't seem to cover the most important protection (to me), though. I could be wrong -- the website isn't exactly clear. Does it offer the same coverage as I can get through chargebacks on a credit card? Does it cover me if I accidentally send money to the wrong destination?
> What I said is that the financial system did what it promised to do for those people who were affected by the bank failures.
Wait, there is a law that says that when a bank fails, the government has to step in and bail them out? Wrong. Otherwise, all banks would get bailed out.
> Does it offer the same coverage as I can get through chargebacks on a credit card? Does it cover me if I accidentally send money to the wrong destination?
No. You're asking for a credit card product. I don't believe that crypto has to be a credit card to be effective and useful. A good analogy is Zelle, which allows you to transfer money, but they don't bail you out. I'll tell you... even with bank wires, you send money... it is gone. Our finance department got phished last year. They didn't get the money back.
I'm curious when the last time you accidentally sent money to the wrong destination though. Is that really a common use case?
> I'm curious when the last time you accidentally sent money to the wrong destination though. Is that really a common use case?
With crypto it doesn't matter whether it's you sending the money to the wrong address, someone who has hacked your account sending the money to the wrong address (and if you have insurance to protect against this, you'll have to prove it wasn't you), or a smart contract that someone slipped you without your knowledge sending money to the wrong address. You're out the money regardless. The last case isn't possible in non-crypto, and in the middle case you're protected by depositor's insurance in the US.
And yeah, I'm not using Zelle or a wire transfer unless I know who it is and what it's for beforehand.
It is almost like people think that crypto's whole purpose was to solve their inability to protect themselves from theft and that it has somehow failed in this regard and should be cast off as a worthless toy as a result.
For this reason, the choice is to only use credit cards where merchants have to pay exorbitant fees and end users have to pay massive APYs for borrowing.
If only someone could at least try to come up with a better system.
> If only someone could at least try to come up with a better system.
Payday loans and cash purchases? We have a variety of "systems", each with pros and cons. And hopefully that kind of diversity will continue into the future. For daily consumer purchases most crypto systems seem to have more cons than pros. For investment purposes I really don't know. And as a store of large chunks of value, maybe crypto will have an important role at some point.
That's the one use case that I think almost everyone agrees is valid, so it may be that people react that way because it isn't really educating anyone. It just feels more like evangelism.
Just speculating. I'll never downvote or argue against anyone pointing out that use case, personally.
To be fair here, they are handy if the bank wakes up one day and decides you are a wrong 'un for no good reason.
Or if you are transacting with someone with a funny sounding name, or who lives in a developing country (especially in MENA).
You can conduct your business without worrying about intermediary risk.
Hell, I've had bizarre issues in the past trying to make transfers between some large American banks and a number of European banks, the transactions just get "stuck" for a couple weeks, then get refunded, because somewhere in the middle something goes tits up.
I hope all people here who love AML/KYC and hate crypto and believe it is only for criminals and current legal system is absolutely fair will wholeheartedly approve this lawful decision.
In this particular case Paypal is acting stupid, but crypto still has only one valid use case and that is for criminal activities. Current legal system may not be absolutely fair, but it does not need to be replaced by a vastly inferior, slow, planet destroying ponzi.
> but crypto still has only one valid use case and that is for criminal activities.
Many years ago, I used bitcoin to pay for web and e-mail hosting. Heck, there were several pubs in town offering the option to pay with crypto. I was paid for remote freelance web development work using bitcoin several times, none of it criminal (one example: a car dealership sales portal customization). All of that was above board, reported to government, taxes paid, etc.
Providers moved away from it because of sentiments like this becoming prevailing (lots of people used it for illicit activities of course) which is a shame.
Public sentiment has nothing to do with what the tech can actually be used for.
That said, the environment impact caused is the larger concern to have IMO.
I would say people moved away from accepting bitcoin for beer because it's wildly fluctuating value made it unsuitable for use as a day to day currency, and because they realized it was a gimmick whose inconvenience (for the vendor) was not worth the limited interest in using it as such.
> it's wildly fluctuating value made it unsuitable for use as a day to day currency,
Coinbase has the option of immediately converting crypto payments into fiat, eliminating that problem.
> and because they realized it was a gimmick whose inconvenience (for the vendor) was not worth the limited interest in using it as such.
This is the bigger issue.
Even if it's an online vendor where having to wait an hour for the transaction to get 6 confirmations isn't a problem, they still have to either integrate with another payment processor like Coinbase to accept the payment, or spend money building their own. In any case, it's cost and infrastructure to setup and they're probably unlikely to see RoI.
> Coinbase has the option of immediately converting crypto payments into fiat, eliminating that problem.
Sure. You want to update your bitcoin prices what, hourly, to make sure you are charging what you meant to? I'm not sure that coinbase service exactly eliminates the problem. But I'm sure that is a useful service for some!
But yeah, we're on the same page. Overall... it is not a convenient thing for an ordinary business to take as payment for ordinary daily things.
> Sure. You want to update your bitcoin prices what, hourly, to make sure you are charging what you meant to?
That's one way to do it.
The other is to charge in USD just like you normally would. When the customer opts to pay in Bitcoin, they get sent to Coinbase which will convert the price into Bitcoin immediately and tell the customer what the balance is in Bitcoin. The exchange rate won't favor the customer, as it will include some amount extra to cover the possibility of the value dropping before the transaction is confirmed.
Providers moved away from it because it became unstable due to rampant speculation, wash-trading, and market manipulation, combined with the fact that hardly any customers used it.
Why does an Ethereum L2 have to be slow or planet destroying?
IMHO most Eth L2s already show more promise than PayPal as a future payment rail tech, despite them all basically being in beta state. Much lower fees, faster transactions, permissionless withdrawals, fully programmable, negligible energy usage now thanks to PoS.
PoS violets one of the fundamental tenets of crypto/blockchain - decentralization. Bitcoin uses PoW because it at least had a possibility of avoiding monopolizing by ensuring that no single entity will ever come to own majority of processing power of the network. That PoW is slow and expensive is a feature, not a bug. It's a different matter that Bitcoin eventually became centralized in the hands of a few whales who work as a cartel, but PoS makes it all the more easy and ensures that those who have more tokes, will accumulate even more tokens.
All being said and done, all the L2 are just centralization projects. These chains and tokens will always be controlled by a small number of early movers. Eventually, it doesn't even fulfill the very purpose of all these tokens - being peer to peer money.
Do you recommend any "Ethereum L2"s? I'm only vaguely familiar with the concept, and didn't hear about a single Ethereum L2 in the wild. Quick google led me to Arbitrum, Optimism, and Boba. Do you honestly think they may compete with PayPal in terms of usabilty, fees and transaction speed in the near future? Are there any caveats (other than their immaturity)?
If “near future” is 3-5 years then yes. Four interesting protocols in early development: Optimism, Arbitrum, zkSync, Scroll. These already all compete with PayPal in fees & transaction time, but not in UX, features, and widespread use. In theory they could provide similar frontend web UX, but with the option to hold tokens non-custodially so you could withdraw & exit the protocol without having to ask permission.
(IMHO it’s likely that other tech/protocols will emerge in 3-5 yrs that supersedes the protocols in development today.)
Lots of typical crypto caveats - eg: USDC on an L2 is centralized around Circle’s ability to redeem. Protocols can have bugs that make coins go poof. Non custodial ownership is harder for many users than asking PayPal or a bank not to lose their funds. L2s specifically are typically run by a single sequencer who could potentially disrupt your ability to use the network smoothly (but then you could use an escape hatch to permissionlessly get your funds out if that happens).
Fees and Transaction speed definitely - with new upgrades coming out in the next year (EIP4844) L2s can handle thousands of transactions per second.
The UI is really up to the apps, the good thing is there are many teams working on payments so there will be plenty to choose from to find the UI you like, and people will be able to pay via the same wallet. Stripe already has USDC payments on crypto rails and Visa is working with Starknet to integrate with these L2s too.
All the L2s with their usage, security, speed and tradeoffs are at http://l2beat.com
L2 shows promise, but I don't believe it works till I see it used at scale. Sorry but there's just too much hype, and I often say the same thing about other tech like Tesla FSD, the Metaverse, or all of Google's side bets.
Bitcoin does not have any intrinsic value or utility. The only reason one would buy it so that it can be sold to someone else for a higher price and that person would buy it hoping to sell it at an ever higher price. It's a game of finding a bigger fool, classic ponzi. But the world has finite supply of fools so the chain eventually breaks and the last ones to enter end up holding the bag while the early adopters make the bank. Bitcoin has entered that stage where not much new money is coming in. It had its peak in the 2020 and 2021. General public is now donw with it. All the pumps are now just wash trades by whales to suck as much remaining value our of existing faithfuls as possible because it goes bust.
Can we say the same thing about gold? It has no value and almost no use (it can be replaced by any similar looking metal for use in jewelry), but is very expensive and people are more than willing to buy it. Banks set high commissions for operations with it and governments impose high taxes.
Because crypto is not money. It was envisioned as a peer to peer money but it quickly attracted scamsters and it became a speculative instrument. Besides, most of the world has alternatives to PayPal that work just fine and most of the time free.
Stablecoins are money. PayPal also quickly attracted scamsters. Some of the world doesn’t have alternatives to PayPal, and sometimes they are not free.
> Casinos at least have equivalent cash on hand to encash them. Stablecoin issuers are printing them out of thin air.
I'm sorry but you have no idea what you're talking about. I bet you couldn't even name three stablecoins and describe how they maintain price stability.
Hint: There are three main backing types (tradfi-backed, overcollateralized, algorithmic), and two peg types (fixed, floating).
There are far better options, though admittedly not as widely supported as they should be. In Netherland, there are a lot of ways to simply use direct bank transfers. You can buy at a webshop using iDeal, which handles the payment through your own bank. You can send someone a payment request that will simply transfer it straight from their bank to yours. All of these are far superior options to relying on either an unreliable third party, or a slow, expensive payment system using its own wildly fluctuating currency that consumes the energy of a small country.
> slow, expensive payment system using its own wildly fluctuating currency that consumes the energy of a small country
You don't have to use Bitcoin, you can e.g. use a stablecoin on an Ethereum roll-up.
It's not slow; transactions finalize within 1 minute (and soon, less). It's not expensive; it costs less than 10 cents (and soon, less). It doesn't fluctuate wildly, because it value is stabilized using one of several mechanisms. It doesn't consume the energy of a small country, because it does not use proof of work.
Unfortunately, Visa, PayPal, banks, and more are not required to accept all payments for all legal activities. Instead, they are permitted to block users engaged in legal-but-risky behavior. Typically when they do so, there is no serious right of appeal (to an external body). Thus, there are plenty of valid use cases for crypto payments for services that are legal but too risky for banks.
For a list of examples, see the categories used in Operation Choke Point:
So calling it 'acting stupid' totally negates the stranglehold that Paypal and Stripe have on a majority of online commerce and payments and totally liberates people from their unregulated tyranny then...
...
Things dont change their nature by 'rephrasing them differently'. Unregulated private tyrannies that dominate people's lives are still unregulated private tyrannies.
There is a time and place for each argument and there is a time and place for conceding the argument. This is one of them:
No one can ban anyone from crypto. If your business wallet gets stolen, you suffer some losses, but you can create a new wallet, add it as your payment option in your business or personal account at your site or wherever, and just continue your life.
With these unregulated private tyrannies, you cant.
> planet destroying ponzi.
2010s called. They want their proof of work back. What decade are you living in. Dont keep repeating invalidated arguments. That looks like religious zealotry.
This isn't a particular case, it's how all payment processors work under the same regulations. Planet-destroying is a valid concern, and that's why there's proof-of-stake.
> In this particular case Paypal is acting stupid, but crypto still has only one valid use case and that is for criminal activities.
Just no. PayPal has always acted like this and shut down people's accounts for vague reasons. Stop cheerleading for them.
Criminal activity on a public and traceable blockchain makes crypto worse for criminals to use. That is why scammers and criminals are using Zelle and the banks for their criminal enterprise. [0]
> crypto still has only one valid use case and that is for criminal activities.
Sometimes, criminal activities are justified when all you do is to protect yourself. For example, when you live in a lawless area, and you need protection against bigger criminals. Peaceful countries with overall working systems are just one side of the world.
If Little Snitch accepted crypto, and people paid with it, then they would not be facing this problem. How is Little Snitch accepting payment for its services not a valid use case?
The more I dealt with PayPal, Stripe, and other payment processors at my job, plus my personal bank and Venmo, the more I appreciated Bitcoin and Ethereum. Takes a while to realize the full scope of control the governments have via money alone, both as a currency and a payment method. And the abuse of power. That PayPal rule against "misinformation" is the reddest flag.
Maybe cryptocurrency isn't the best answer in the end, but there needs to be some alternative even if only to pose a threat to the status quo.
Yes...one false positive on transaction screening certainly justifies replacing the current banking model with a payment system almost exclusively used by scammers and criminals.
You can go back to forum posts from >10 years ago and paypal locking accounts with funds in it was a common problem even back then. Even if you had 50k$ in your account, they would reply to you with a one liner saying they can't discuss the ban. The only to get your cash back was to sue them. A lot of people were speculating that they were intentionally locking accounts with the intention of stealing the funds.
Yeah, this is almost certainly some AML provision that has gone amuck, but they'd rather inconvenience you in a silly way to prove that they were "doing their job" than to get themselves shut down due to sanctions.
My friend had an account with Isis in the username because she learnt about the Egyptian god in video games. She was panic about that a few years later
That was the original name for what eventually became Google Wallet. It was launched as Isis, then promptly rebranded to Softcard before eventually being bought by Google.
Surely Aleppo. Financial institutions are responsible for making sure their customers don't circumvent sanctions, don't launder money etc. If PayPal would not stopped this transaction, it could be a huge liability for them in regards to financial regulators.
Unfortunately, I do not know of a better solution than "match transaction data on this list of regexes" that would scale for the millions of daily payments that banks are processing.
The real bank that I use in the UK cares about what you put in the reference field. Putting something like "AK47" as the reference quickly results in a phone call from them telling you to not do that.
Yes, but transaction screening should rely on information about the accounts involved, and not the descriptions on the payments. Because those mean nothing.
Come again? Just to make sure we’re on the same page, your opinion is that terrorists should be free to use existing financial instruments (bank accounts, PayPal etc.) to transfer funds for their terrorist needs? Or am I misunderstanding?
Wouldn't it make more sense to allow these transactions to proceed but report them for investigation?
Aiding terrorist organizations is a crime. Wouldn't it be better to know who's doing it?
It feels like it would make more sense than automated block lists and account closures.
It's sort of similar to how bone-headed the shutdown of Backpage was. Backpage actively and willingly worked with the police to investigate human trafficking etc... It was basically a giant honeypot. From what I've read, when they were shut down the government lost a valuable tool and ally in the fight against sex slavery.
Yes, because the cost of pretending to “do something” is far too high (unbanking unprivileged people and a huge % of the world just because they aren’t born in the ‘right’ country or with the right name) for absolutely no result!
By analogy, would members of the KYC/AML cult have the opinion that terrorists should be free to use roads for their terrorists needs?
The solution is police roadblocks and checks every kilometer or so?
> Unfortunately, I do not know of a better solution than "match transaction data on this list of regexes" that would scale for the millions of daily payments that banks are processing.
I think it would be reasonable to ask you, and other supporters of this, to provide emperical data of the positive law-enforcement impact that grepping transactions for "ALEP" has had, so we can weight it against the human cost (capital and time spent across all sides, including legal departments in financial institutions, Google Docs written, impact on affected customers).
Because the default assumption of a normal person is, of course, that this is ridiculous.
Answer Paypal with:
Unlock our business account within 24h. Failure to comply will trigger Little Snitch firewall rule #X, completely blocking traffic to *.paypal.com on all X million devices.
I honestly believe this is not only a valid response but should occur anyway.
Paypal is a dumpster fire of scummy business tactics. Their emails don't even properly go through paypal.com and are filled with all kinds of phishy tactics.
Not a good idea to make andvance confession of intent to commit tortious interference against Paypal and anyone who didn't consent to Paypal being blocked.
What's insane is still trusting PayPal at this point. They've had this tendency to randomly block accounts for over a decade now. I wouldn't want to have them as a payment option at all, but I definitely don't want them as my only payment option.
Counterargument: As a customer, I much prefer PayPal (or Google Pay, or Apple Pay) over some random integration where I need to enter my credit card.
It's not a dealbreaker for me, but if the PayPal integration exists, I'm using it 100% of the time. I'm already logged in, it has my payment instrument saved, and I don't have to worry about security as much.
Counter-argument: as another customer, I much prefer anything but PayPal, which even pretends to offer guest checkout that you'd think might be no worse, but then actually creates an account 'for you' and emails you forever.
It might be a deal-breaker for me, and if another option exists, I'm hsing it 100% of the time. I don't need to log in, password manager or browser has my payment instrument saved ready to auto-fill, and I don't have to worry about security or privacy as much.
Your metric is asinine. I use PayPal only when absolutely necessary and/or basically low value items where I don’t care too much. I have a Facebook account too, doesn’t mean meta still isn’t screwed.
And why is this a popularity contest or that the uniformed public’s (or your) opinion matters? People do dumb financial shit all the time. In the US at least, PayPal puts you at a disadvantage from a fraud protection standpoint since they are yet another unfriendly, large essentially unregulated middleman to deal with.
They also conflated PayPal, Apple Pay and Google pay, so I’m not sure I agree that what they were saying is “most people prefer PayPal”. PayPal has a tremendous market share - not sure I’d agree that it’s really a preference.
If it's the first option, it's probably cause it's preferred by customers. It doesn't do anything good for the seller. Little Snitch in particular has credit card on the LHS and PayPal to the right, which kinda suggests PayPal being secondary.
Sure it does. It gives them relatively more chargeback protection at the expense of the consumer. And yes I’ve heard all the seller griping that this isn’t the case - as if it would be expected that they could shield them from 100% of chargebacks - it doesn’t make it true. It’s relatively harder for a customer to even get forward in the dispute process with PayPal in the mix. These sellers often aren’t evening seeing these killed disputes.
I was always under the impression that PayPal sided more with the buyer, but I'm not so sure. Hard to tell either way. At least they support a wider range of disputes than a CC would, question is how many customers can get that far.
> Your "emails me forever" is not a real concern for 99% of users.
I'm not saying that is itself much of a problem, just that it isn't a guest checkout. It's not the accountless WorldPay/SagePay/Stripe/... alternative it presents itself as.
(As a result, more people have a PayPal account(s) than know it or want one. They refuse to delete mine without proof of identity, which I certainly didn't provide during checkout when it was created 'for me', so is not warranted and I'm not going to provide to allow my 'delete' request to result in net more of my data held...)
Count me among the many who prefer the superior UX that PayPal provides.
They're also excellent as a singular source for managing my subscriptions. If I ever forget what I'm subscribed to or want to cancel things, you can do it all in one place with PayPal just blocking further payments from processing from that business.
If people want PayPal to stop being used, then update your bank technology so the UX isn't so ass. Then perhaps we'll switch.
Also the fraud management is great, so if you do get cheated on paypal then you can near always get your money back. I would never start a business on it but as a paying customer it just works for me.
Credit card is also bad. That does not make PayPal acceptable.
It's frankly ridiculous that these are the only two widely supported options for international payment. It's easy to make something better, but somehow much of the world seems stuck with the two worst options.
It's not easy to make something better. Electronic payments are gonna be regulated and tracked to the fullest whether it's PayPal or someone else. The only digital solution is cryptocurrency, and love it or hate it, it has big hurdles.
I haven't seen anything better that fulfills the same purpose in the US. You can't use Zelle like PayPal. If you use Venmo with a business, it's basically the same as Paypal (besides being owned by Paypal). Stripe has similar rules around credit card payments. This is because of regulations, not technical issues.
Maybe the situation is better in certain countries, but who knows how long that'll last.
Yeah, if the US supported something decent, I'm sure most of the world would soon follow. Netherland unfortunately doesn't have that kind of pull. But the Dutch iDeal system for online payment is, as its name suggests, pretty much ideal.
When I buy something (on Steam or GOG, for example), I select iDeal as payment method, then select my bank, then the shop redirects me to my own bank's website which processes the payment, and then redirects me back to the webshop which knows that the payment succeeded. The webshop doesn't have to know anything about me except which bank to redirect me to.
Unfortunately it only supports Dutch banks, and lots of international webshops don't support it. To my bafflement, even lego.com doesn't support it, which is just plain weird (they intend to, they say, they just haven't gotten around to it yet in the 18 years that iDeal has been around).
For interpersonal payments, rather than from a shop, you can send someone a payment request. The brandname that named the idea is Tikkie, an app from a major Dutch bank, but I think it can be used by anyone no matter what your bank is, and it uses iDeal for the payment. But every bank now has its own payment request system. You just send someone a link, and they can choose how to pay it. It's ridiculously simple, and it's all done through your own bank. No need to trust any third party with your payment information.
If domestic payments in the US use a similar system, can we please make this work across borders? Because everything from the US seems to work with credit cards or PayPal instead.
Thats not the only reason, if you never get your stuff you can handle that from paypal UI, you cant do that with alot of CC companies and have to phone somebody that might or might not respond in time, this is the sole reason why i prefer paypal over CC.
Every single financial company that facilitates transactions does the same thing. They all use the same backend products to do AML, and comply with the same laws.
It’s not like they do it for fun. The denominators are whether those companies implement decent recourse if you’re flagged. Stripe does; PayPal doesn’t.
Same thing happened to me. I tried to Venmo request friends for "Habana Outpost" and it got flagged for review. I just withdrew the requests and resent them as "Outpost"
It's interesting how these money laundering checks works flawlessly for regular people and businesses but always seem to fail when there are hundreds of millions of dollars involved.
Optimistic explanation: businesses that handle millions of dollars probably have way more transactions than regular people, and thus have a higher chance of triggering a false-positive on some random blacklist.
> The problem was named after an incident in 1996 in which AOL's profanity filter prevented residents of the town of Scunthorpe, North Lincolnshire, England, from creating accounts with AOL, because the town's name contains the substring "cunt".[1]
Lesson 1: Never tell your payment provider anything about your transactions beyond the legal minimum. All line items on invoices should say "Payment for computer services".
This opens very fun avenues for naming yourself if you ever start organisation branded as terrorist one. So many fun 3 letter names and acronyms you should make. Maybe VAT or TEL. Or just pick something existing USA.
This is horrifyingly bad. I have yet to this day read anything good about paypal. They provide a “free” service with the option to rob the user of their money at any random moment. What other options are there out there that provide similar services? Are all modern banking services this bad at their core or is paypal by far the worst?
There has to be options that are at least partially run by sane humans.
PayPal and it's ilk are worse. At least with regular banks there is regulation against this sort of stuff. That is they can't just confiscate the money for long periods unless there is some external decision.
PayPal and the others like it are not banks, as such they play by different rules worse for consumers. What is kinda horrifying is that nothing has been done about this despite PayPal doing exactly these things for entire history seemingly it has existed.
European here. Happily never been a customer of PayPal or used harmful stuff like Bitcoin (ponzi-system). “Here” was never a need for them.
Why?
The banking system in Europe relied for long time on federated and regulated wire-transfer/direct-debit.
More than a decade ago SEPA made cross-country transfers easily. And the instant-transfers are great! Little to no fees for transfers itself. Downsides? Both should have been added much earlier! Especially instant-transfers. Most Europeans don’t value that.
I’m always baffled by differences, especially using checks. And yes, we rely on cash because…you’ve seen PayPal? And fragile infrastructure.
The US direct transfer system is supposed to launch later this year. If it works out, it is going to absolutely crush PayPal, and Roundrect Cash or whatever they call themselves these days. I can’t wait.
FedNow is between banks, though, not an end-user service. Assuming it is as awesome as Zelle is, I don't think it'll crush my habit of using Venmo (which is a PayPal subsidiary).
Even as a European, there are times when paypal is the only viable solution. Though, they have been become less and less over the years, but they still are there. For example, looking at Humble Bundle just now, there is no SEPA-Option. It's paypal, credit card, Klana or Alipay. And I trust Klana and Alipay even less than paypal.
This is a good argument for BitCoin - no one can ban you from the blockchain.
It's extra work and expences, but it's worth supporting at least two payment processors.
Keep in mind that some people can't pay with PayPal - e.g. register a credit/debit card with PayPal, PayPal account gets locked - you can't pay with that card any more through PP.
It's a good example of how cryptos have managed to get an absolutely terrible reputation amongst potential users, even the users worst served by the current financial system. It's not entirely undeserved: the sheer quantity of grift and hubris in the crypto ecosystem is absolutely harming it, and I don't blame someone for not wanting anything to do with it, even if it would solve problems for them. The same happened even more with NFTs: they were supposedly aimed directly at artists and yet because the first most artists heard of them was other people ripping off their art to sell at inflated prices because of the hype cycle (and the most valuable NFTs being shitty paper doll generic art) it 100% backfired and now most of the artist community absolutely hates NFTs and anything to do with them (this poll happened at the peak of that, as well). If you manage to make most of your potential users despise you and your product then something is seriously wrong.
It wouldn't. At the end of the day you need to pay for stuff in your life: food, rent, clothes. None of those things are paid in crypto. All of them are paid in actual real money.
When the price of crypto can go up and down hundreds of percents per day this makes it a very bad substitute for money.
But we could take past year as a whole. Fluctuations from 47k to 16.4k (3 times drop) then 27k (1.6 rise, still 1.7 below the high). There are drops that go to a price 1.5 lower in just a week. Imagine you need to pay rent on that week.
Food, clothes and all the other stuff can be paid with crypto. Rent is probably harder, but I guess when you live in a place like Dubai that also won't be a problem (houses are sold/bought with crypto there).
If you want you can also get paid in crypto, so it's not as hard as you might think.
Several countries classify cryptocurrency as property subject to capital gains tax, making it more complicated than cash for ordinary uses like buying goods and services.
> Yes, Patreon creators, where a lot NSFW content comes from, voted against cryptos.
This is a gross misrepresentation.
Quoted from your link:
> In the Census, 68% of visual artists and 50% of writers were opposed to creators having the ability to accept payments in cryptocurrency on Patreon, while 39% of image, 34% of audio/music, and 31% of video creators indicated it would be a “crucial” or “nice to have” capability. Across creator types, about a third say they “don’t care.”
If you're opposing the "where a lot of NSFW content comes from" part, I apologize for the wording, but it's true. I just said a lot of NSFW content comes from Patreon. I didn't say they're the majority.
If you're opposing the "voted against cryptos" part, then:
That is both funny and interesting. But I suspect it also says more about starving artists' political opinions/financial savvy than what the future looks like. Making it easy for people to send you money seems like it'll be the winning equilibrium long term.
If Patreon doesn't do it, someone will. Probably a porn site somewhere underdeveloped accepting Monero or something. Cutting power away from financial intermediaries just has to be better for other market participants long term and that makes the shape of the future easier to guess at.
Many reasons, but no one mentioned one that I think is probably the case for many of them: many cryptos, including the most popular, Bitcoin, are a complete disaster for the environment. At a time when everyone wants to do their part in combating climate change, I would oppose the use crypto for this reason alone, even to my own detriment.
This particular one: because it would 100% get used for money laundering, which would get the platform cut off from traditional banking and could make it extremely difficult to get a paycheck.
It's not fearmongering to point out that association with crypto can be detrimental in itself, especially back then when every brand was trying to get onto the crypto and NFT hype train.
Features are never purely additive, they can also be transformative or even detrimental. Adding crypto support to Patreon would have changed what Patreon is by attracting different people. Regardless of whether any of the people already using Patreon might have benefited from crypto, it would also have attracted people who would specifically be interested in Patreon because of the crypto support.
Like it or not "people whose adoption of Patreon hinges on it adding support for crypto" is a very specific demographic and mostly people they probably didn't want to be associated with. You can call it guilt by assocation or digital NIMBYism but it would have changed a lot more than just having another option for payouts and donations.
I pay for my food in dollars. For my rent in dollars. For my clothes in dollars. For my equipment and supplies in dollars.
What would I do with crypto?
Okay, let's say I get paid in crypto. I still need to convert that to dollars. Price fluctuation of bitcoin is such that if I was paid 1 dollar worth of bitcoin last year, it would be less than 50 cents by the end of the year.
If you need stability in your FIAT of choice just liquidate it as soon as you receive it. It won't lose or gain 50% of its value in a matter of minutes. In the case of Patreon they could even do that for you since they are the middle man.
Also, note that you'd probably receive more donations if accepting crypto currencies, so even if the values of these were to fluctuate (which they won't, cause you can sell) you'd still be making more money overall.
> It won't lose or gain 50% of its value in a matter of minutes.
If someone sets up a recurring payment of X bitcoin it means that on any given pay day your actual money is X*(absolutely random number). Minus the fees for converting to fiat.
> Also, note that you'd probably receive more donations if accepting crypto currencies
The fees for converting to fiat are generally _smaller_ than the fees MasterCard or Visa for instance will grab from credit card transactions [0][1]. If you are refering to the fees from the blockchain, note that L2 options exist, and not all cryptocurrencies have the absurd fees L1 ETHR would have, for instance Litecoin fees can be as small as 1 cent.
Relating to the varying amount monthly:
1 - It's a donation, not your source of income. If you really on that money that's your issue not of anyone else's.
2 - The platform such as Patreon could simply quote the value in dollars instead of BTC or whatever cryptocurrency. Recurring payments with crypto will have to be done manually anyways so this is a non-issue.
> And the dismissive tone about donations in general... well, I won't comment on that
Why not?
> Or they could just not bother.
That's true. The creators have the option of creating their own cryptocurrency wallets and accepting the donations without any middleman. They could also choose a more libre alternative to Patreon such as OpenCollective [0][1] or Liberapay [2].
> Ah yes. The great digital system of the future where even such a simple thing as recurring payments must be done manually
I see that as a plus personally. Recurring payments are so hard to cancel at times with credit cards I'm at the point I create a new virtual credit card for every subscription I create. Theoretically you could also setup your wallet to automatically transact, it's just that's not a functionality of your cryptocurrency, just as recurring payments aren't a functionality of the dollar but rather of your bank/credit card provider.
Because a lot of people live or earn a lot of their living through donations, and quite a lot of opensource you're using would actually be helped with more donations.
> The creators have the option of creating their own cryptocurrency wallets and accepting the donations without any middleman
Except, you know, all the actual things that those "middlemen" do like provide verification that it is the actual artist and not a rip-off, provide hosting for their content etc.
> Recurring payments are so hard to cancel at times with credit cards I'm at the point I create a new virtual credit card for every subscription I create.
Yes, dark patterns around subscriptions are a problem. However, subscriptions and notifications about whether a person has canceled their subscirption or became a subscriber is valuable information to, you know, actually be able to plan ahead, and not wonder whether that person who did something manually yesterday will be there tomorrow.
Edit
> They could also choose a more libre alternative to Patreon such as OpenCollective [0][1] or Liberapay [2].
The could skip all the middlemen, or could chose these middlemen that I personally like and call them "libre" just because they accept cryptocurrency. And LiberaPay is literally a middleman with exactly zero additional value
So, as always every discussion about "but crypto" almost immediately devolves to "not crypto, but a very specific coin that seems to be more-or-less okay at this particular point in time"
> or pay people directly with it
Which people? The dozen or so places in the entire world that accept crypto?
Its US dollars and you can transfer it to anyone that is capable of downloading a wallet app. If you want to spend at stores you can use any number of debit cards or just wait till visa integrates it which is coming soon [1]
I don't understand why you want to be so hostile towards it, it's literally the solution to this problem.
So let's just skip all the unnecessary useless steps and intermediaries in between, and let those cryptoi holders that are so willing to pay those artist just use those debit cards and visa integrations to pay the creators in actual dollars.
What's the point of a hard drive? You're only uploading and downloading from the internet, why not just keep all your data in the cloud?
This is essentially your argument just using money rather than data right?
Can you think of any reason someone might like to hold their own data? Perhaps they don't like being at the mercy of a company that can ban you from accessing it at any time like the OP? Perhaps they like the freedom of choosing where they send and receive data from instead of only using the provider approved services?
Crazy that so many people still don't get this and give all their power and control of their money away to providers because it's slighty more convenient.
But not as strong an argument as you think it is because you're still ignoring the reality of paying for food, water, rent, and the need to host your content.
Oh look, when we don't ignore reality, you yourself are immediately suggesting those creators use intermediaries.
Perhaps the concern that they'll be compelled (by user demand) to use the facility if present whether they want to or not? Not that the question is “creators having the ability to accept payments in cryptocurrency on Patreon” and not “Patreon accepting payments in cryptocurrency” – it would be something the creators would need to implement and manage. They might not want to be exposed to the volatility of cryptocurrency values.
The problem is regulation, or at least the interaction between strict KYC/AML regulations and a business model that allows basically anyone to accept electronic payments. Banks and money transmitters are substantially deputised to enforce a raft of laws regarding the conduct of their customers. Either you're choosy in who you accept as a customer, or you're liberal in who you accept as a customer but have a hair-trigger response to any transaction that looks even vaguely suspect. Any alternative strategy will eventually lead to jail time.
Payment processors also don't usually hold funds on your behalf. Visa can refuse to process your transaction, but they can't hold your money hostage because they never have it the first place. IIRC, in order to avoid banking regulations, Paypal claims that legally the balance you hold with them is owned by them. So if they want to close your account and just keep your money then they can (and do). Which is bullshit and a state of affairs should absolutely be regulated out of existence.
That's the theory. In practice, if your wallet address gets marked, nobody will want to deal with it anymore; exchanges won't accept transfers, and any other address you transfer to will get marked as well. See e.g. https://www.bbc.com/news/technology-60661763
The way Bitcoin works at least, you don't just have one wallet address. You can generate new ones whenever you want, and nobody else can predict what they'll be. But yes it's generally more traceable than something like Monero.
Or at least it would be, assuming you didn't care too much about its fluctuations and had the ability to use it directly to pay for most goods and services in your daily life.
Interesting fact is that a wallet like https://www.bbw.sv/ allows you to sent payment requests in US$ denominated amounts, not even in bitcoin amounts.
In the background, the payment rails are bitcoin and lightning, but all the user needs to see is US$.
But any big player can certainly just confiscate your coins once they hit their own address. Or any coins that seem tainted enough... And you do not really have much recourse...
If you have coins in your own wallet, no one can move them without the secret keys. US sanctions work by tainting and tracing wallets, they've been proven useless against monero.
For Bitcoin payments, the equivalent of Paypal or some other payment processor is not the blockchain but the entity where you convert Bitcoin to actual money, as on-chain BTC is not practically usable for your business expenses without that. And that entity can ban you and restrict your payments, so you have pretty much the same considerations.
I think that Bitcoin has many similar issues in the real world, though you might argue that these are more under the user's control.
For example, it seems like most people don't hold their own keys. I know, "not your keys, not your coins," but it does mean that Bitcoin doesn't provide that kind of safety for most of its users. Even if you do hold your own keys, there's a decent potential that you'll lose your keys. I've known people who have lost Bitcoin that way. If you're holding your keys yourself, how are you keeping them safe? You certainly need off-site backup and probably a weak enough password protecting them to be sure that you won't forget the password. People have those key safes that only allow a certain number of tries: https://www.bbc.com/news/technology-55645408. That guy has $240M locked away. Sure, PayPal feels unaccountable when you're a tiny player who uses PayPal for thousands of dollars, but a lawyer would be able to get that $240M.
From that article, "Currently, about $140bn worth of Bitcoin is lost or left in wallets that cannot be accessed, according to cryptocurrency-data company Chainanalysis." Given that Bitcoin had around a $700B market cap back then, we're talking about 20% of the total Bitcoin out there simply being lost.
Yes, in theory, these are things that you as a user have control over. But human life is tough. If you get in an accident that impacts your memory, do you lose access? If there's a fire, do you lose access? If you die, have you prepared a way of transmitting those Bitcoin to your heirs - and a way that doesn't give them access currently? How would you do that? "Here's how you access the private keys, but pinky swear that you won't until I'm gone."
> no one can ban you from the blockchain
I'm not so sure about that. Bitcoin are traceable. The government could blacklist certain coins they determine are the proceeds of criminal activity. Sure, the person holding those coins could still transmit them to others and then those people could transmit them to more people, but if the US/EU blacklisted certain coins, people would refuse to take them as payment. For example, Mt. Gox froze accounts that deposited Bitcoins that were known to have been stolen.
Let's say that the US says, "no business under our jurisdiction can do business with any wallet that has held Coin-X after today." The value of that coin becomes much lower than any other coin. You can't accept that coin as payment if you're looking to change it (or any other Bitcoin you own) into dollars in the future. Coinbase and other companies couldn't do business with you. Let's say the US takes it one step farther and says "any coin held by Wallet-X today is tainted and any wallet that accepts any of the coins held by Wallet-X (no matter how many transactions removed from Wallet-X) is also tainted along with all their coins." That means that everyone in the Bitcoin network needs to treat the coins in Wallet-X as radioactive. If you accept payment from Wallet-X, you now can't convert your money to dollars at Coinbase or similar companies. Even if you accept payment from Wallet-Z who got the coin from Wallet-Y who got it from Wallet-X, you're still compromised. There'd need to be an updating blacklist of coins that couldn't be used by US companies - a list that would expand over time. If Wallet-X had Coin-X and sent it to Wallet-Y, it would taint Coin-A and Coin-B in Wallet-Y which means even more Bitcoin are now blacklisted by the US.
Even if you never want an off-ramp from Bitcoin, others do. Maybe you dream of making every transaction with Bitcoin for the rest of your life. Still, the value drops hard if others don't share that dream. Even if you never want US dollars, let's say you want to buy a house with Bitcoin. The US sees the purchase and seizes the home as the proceeds of illegal activity.
The Bitcoin network generally treats all coins as the same kinda like how we treat all dollar bills the same, but our dollar bills all have unique serial numbers and similarly different Bitcoins can be differentiated from each other. If the US government starts blacklisting coins, they aren't technically banning you from the blockchain, but they kinda are for all practical purposes. Sure, there are ways to get US dollars that don't involve Know-Your-Customer US-jurisdiction rules. However, the value of Bitcoins that are blacklisted like that, especially if they taint your other Bitcoin, goes way down.
Sure, you can't be banned from the blockchain. However, if the US government bans all coins in your wallet, you're going to effectively lose those coins since others aren't going to want to accept those coins.
I've recently had friends over for a weekend, the most convenient way they could send me money was through Paypal. I've made sure to transfer the money to my bank account as fast as possible, because I don't trust them anymore. I got a notification as well that they needed additional verification (it was a big group and we shared the cost of accommodation that I paid), that one already gave me The Fear. Although the verification went pretty smoothly, it used a system from my bank to verify identity.
So because a random identifier contained a four-letter-long substring of the name of a city in a sanctioned country the whole thing was flagged. Makes perfect sense.
As I said in another comment: You're being sprayed with weed killer. It doesn't matter to the farmer that a few flowers are killed, it just matters that the weeds are kept down.
I avoid PayPal completely. I've had experience with them charging twice and pretending it didn't happen (never got a refund), being charged secret "fees", exchange rates 2x the market rate (which I only found out after completing the purchase). All sorts of actions which we'd usually call "scams" but legal department has probably signed off that they can defend in court.
Additionally, *a lot* of scams operate exclusively with PayPal, because PayPal doesn't care as long as it's profitable for them. There's no risk of a bad reputation because you can't have a reputation worse than PayPal anyway.
Oh, and PayPal has also many times banned activists because of simply disagreeing with their cause. Not because required by law or any similar obligation, simply their own will.
We really need decent payment providers; it's sad how many have to rely on this kind of business because they don't realistically have a choice.
My late wife set up a PayPal account that we both used.
When she died I wanted to change the name of the account from hers to mine.
PP asked for a Death Certificate, which I provided.
They then said that I needed to PROVE THAT SHE WAS DEAD.
I even went an spoke with a lawyer about it.
He too was pissed off. Alas there was no money in the account so he said there was no point in dealing with these morons, just open a new account.
PayPal NEEDS TO DIE!
What are the viable alternatives for international transactions?
Ones that don't want my Social Security Number as part of the sign up process (I've had issues with identity theft and give my SS# to no one)?
> PP asked for a Death Certificate, which I provided.
> They then said that I needed to PROVE THAT SHE WAS DEAD.
You'd think that a death certificate is literal proof that someone had, in fact, passed on from among the living. I'm sorry you had to deal with such algorithmic bullshit for such an emotional circumstance.
One point that makes this important for me: this is not a random guy with a questionable business trying to smear paypal, as far as I can tell, these are the real developers of LittleSnitch, a well known, established development team in the EU.
Paypal is also registered as a bank in the EU (in Luxembourg), and as such is liable as a bank for such things. I just don't think someone bothered to take them to court over it.
I wonder if this could be weaponized: Get the PayPal accounts of enemies, competition or those you want to bully banned by somehow "injecting" forbidden words like "ALEP" or "NS" in the transaction.
A small independant record label I'm involved with had its Paypal account shuttered with around £2500 balance because "reasons" and they've basically stolen it. Fuck Paypal.
A friend of mine once got his PayPal account suspended (and never got it back) because he transferred money to another friend with the title "NS" or "Money for NS". The NS referred to "Nobelhart & Schmutzig", a Michelin-star restaurant where the two went for dinner and one of them paid. It obviously had nothing to do with National Socialism, but PayPal did not care.
I'm confused why I don't see any calls here for regulation. It seems like an obvious area to turn to when established companies are either (1) stealing your money or (2) banning you for no reason.
It seems like there should already be regulations in this area and (in the US) prosecutors willing to pursue companies for the fame or a portion of the payout.
Is this area of finance really totally unregulated?
I once tried to make a Venmo account to donate $25 to a friend. PayPal immediately closed my account and demanded ID because they thought I was money laundering.
I was never able to unlink my personal phone number from that account. Worst mistake was ever trusting PayPal with it.
Just got an email from them saying that they will hold my money for 21 days unless I do some other stuff, like linking a credit card to my account or something like that. Thank God I don't need them anymore as my main source of international payment.
It's interesting how inclined is PayPal to ban users for insignificant reasons, often without any appeal opportunity.
Two years ago when I was 21 I was asked to provide my ID for account verification/AML purposes, I sent everything they requested and then got banned because when I opened my account without lying about my birth date I was under 18. Support just told me to open another account under a different email address.
I can not be the only one who is aware of the "Paypal Mafia" and hear tales of their giga brain level collective and induvidual genius and success - yet use their product and see only a total and utter failure.
So what's the problem? Handling any kind of payment dispute should be part of regular operations. So, when your payment provider has a complaint, handle it, instead of running to Twitter/HN for validation.
This seems like a common thing across all payment processors, though. People know the pain of dealing with Stripe too, especially for C2C. Pretty sure government pressure is behind it all, with KYC being the tip of the iceberg.
Their European branch, PayPal Luxemburg, has a European banking license. The US company maintains that they are not a bank. So it kind of depends on where you are, or which arm of PayPal we are talking about.
I don't think they do any fractional reserve banking though (at least they didn't two decades ago), so there shouldn't be any liquidity risk. All dollars in deposits should be backed by real dollars.
Paypal has fought very hard not to be classed as a bank (which comes with regulations and certifications).
As far as I know, paypal doesn't do fractional reserve banking (because it's not a bank and that would be illegal), it just collects a fee on the seller's side for each transaction, so everyone pulling out all of their money at once would probably not be that disastrous, supposedly they do have that money just sitting in an account. It would be disastrous to paypal as a business, and they would probably use fine print to keep that money, but out of greed, not out of lack of liquidity.
Why would they have liquidity Crisis?
Are you picturing Paypal customers holding in Paypal considerable Balances?
99% of the customers use it only as an Intermediary. Money goes in : Money-Fee goes out.
Unless they are doing scetchy things in the meantime there is no risk of liquidity here. Maybe I'm mistaken and nowdays People are keeping huge Balances in Paypal but that has not been the case in the past afaik.
In NZ we can transfer money willy nilly between different bank accounts. Hell even to aussie accoubts i dont think its too hard. Could start with getting that implemented.
This is normal in the SEPA zone too. Within some countries (at least the Netherlands) there are apps that make it easier, but all they're basically doing is putting the transfer behind a slightly more convenient link that doesn't require typing in an account number.
The problem with SEPA is that is does not work at night or over the weekend and even during normal business hours it might take a day for the money to arrive (depending on some specifics of the banks involved).
This is fine for many use cases, but totally different from the paypal experience.
* Association of Leasehold Enfranchisement Practitioners
* association of employment and learning providers
* Aboriginal Landcare Education Program
* Acute localised exanthematous pustulosis
Seems to be the Romanian name for Aleppo too.
And of course it's 4 random letters, which if random in say 32 character code would have 28 attempts to get. If those characters are letters without IOQZ it would show up once every 8000-9000 codes generated, 12k for a 24 character code.
Does anyone know what (presumably conspiracy theory) this refers to?
It's also a kind of artisanal soap, not surprisingly from Aleppo and therefore named after that. It's all over the internet, are they going to ban all those hipster, new-agey cottage industry websites? Stupid computer... stupid
Actually paying for goods and services with crypto is garbage though. I can barely stand the 3 seconds it takes for my credit card chip to process, meanwhile crypto is somewhere in the range of a couple of minutes to a couple of hours to confirm. Random chance how long it'll actually be. And if it goes too long then likely the payment has timed out and now you're in the hellscape that is trying to resolve that.
> crypto is somewhere in the range of a couple of minutes to a couple of hours to confirm
That's absolutely untrue unless you think "crypto" is only bitcoin. Ethereum block time is 12 seconds, polygon is 2 seconds. And not random in both cases (because no mining).
>> Having no KYC process is "building useful stuff"?
> It is the payments are in XMR.
If you mean Monero, isn't that just asking for trouble? As in, you'd be supporting a cryptocurrency that has a history of often being used for illicit purposes (as many unfortunately are), with no KYC processes in place, non-compliance for which has historically resulted in some pretty hefty fines by the powers that be as well: https://shuftipro.com/blog/record-breaking-fines-on-banks-fo...
Assuming that the protocol/platform works out and assuming that you don't attract the attention of neither nefarious individuals, nor regulatory bodies, nor media that would lead to one or both of the former, it would probably be fine, but that's a lot of "if"s.
It makes me feel dirty that nowadays the choice is between large orgs that can ban you and kill your business with a (possibly automated) wave of their finger, and between oftentimes shady platforms, using which is just asking for trouble.
On one of the Reddit book subs with a lot of vendors, I made a nasty remark about PayPal and got downvoted and condemned for it. A lot of people still depend on it. I guess if you never get on PayPal's bad side, you're OK, but woe betide you if you do.
If there is one single thing I would absolutely give to crypto (in its essential form, not through centralized, heavily regulated intermediaries like Coinbase) it's that something like the above and the many stories in this comment thread can be circumvented if one is relatively careful about managing transfers, keys and basic use.
Excepting truly major state-level interventions, almost nobody can stop you from collecting a payment from a third party or sending it to them, or keeping your payments collected secure from some bullshit arbitrary KYC corporate freeze. It works internationally, it works 24/7 and funds received are funds that are yours.
Sure, the space as a whole is loaded with scammers, collapsed exchanges and etc, and its more technically difficult than using things like Paypal, but the essence I describe above is wonderful and should exist on a much broader scale as a basic right for people wishing to move funds and hold them. How you later convert them to fiat cash for daily spending is a separate debate.
I can already image many people here in their bubbles of privilege decrying much of the above, or companies and governments not being able to randomly freeze funds and block their flow for individuals, but I invite you to deal with a corporate freeze of YOUR money, or simply live in a place where state-level corruption is endemic, frequent and hard to escape by any conventional means.
Finally, Paypal truly is a hideous dumpster fire and deserves a slow, strangling corporate death. I look forward to a day in which that happens.
> If there is one single thing I would absolutely give to crypto (in its essential form, not through centralized, heavily regulated intermediaries like Coinbase) it's that something like the above and the many stories in this comment thread can be circumvented if one is relatively careful about managing transfers, keys and basic use.
That’s a very big “if”
Cryptocurrency trades one set of problems for another set of problems. If you’ve ever seen the analytics for password reset at a large website (general, non-tech audience) and looked at the support statistics for account lockout help requests, you’d see why self-managed crypto is infeasible for any general market operations
Tech people look at their own usage patterns and see that they can manage passwords and private keys just fine, but the same is not true for the general population. It’s not even close.
Crypto also lacks one of the big selling points of credit cards and PayPal: Disputed transactions. Disputes are terrible when misused by lying customers, but disputes have also saved me from some sellers who never shipped the items I bought. With crypto, my money would be gone forever. Other scammers would see that there was no recourse and would start running more scams. Buyers would notice that crypto transactions have higher risk and would lower their purchase price tolerance. Sellers would notice and would offer alternate services at higher prices. And we’d be back to everyone using PayPal and similar services.
Well put. As great is the current financial system, seeing legitimate people and companies left on the sidelines for basically no reason aside factored in cost of applying the current regulation efficiently is quite maddening.
Also well summarized by patio11 with [1]:
> The actual probative value of SARs varies wildly; at the top of the spectrum, they can include sufficient investigatory work and documentation, produced by the analyst at the financial institution, to lead to convictions for e.g. human trafficking.
> Across the financial industry, that SAR is wildly outnumbered by “Mohammed tried to do something, we didn’t let him, and when we told him that he became agitated.”
> An example from here in Japan: an immigrant attempted to wire the equivalent of $600 to his cousin in Africa. He was asked the purpose of the wire and said it was for a tuition payment. Bank staff asked for supporting documentation like e.g. a tuition statement or student ID card for the cousin. The customer refused to provide that documentation. The bank refused the wire. The customer accused the bank staff of racially profiling him and raised his voice.
> I was not a party to that transaction and, for clarity, it did not involve any employer or business partner of mine. I winced when reading a news report about it, because this is practically ripped from Compliance training. The customer is absolutely right and they are very likely getting a SAR filed on them.
I have opposite problem. I am trying to deactivate paypal account or get banned. They keep sending me spam.
I stopped using paypal long time ago. Phone number I used expired when I moved countries. Paypal somehow activated 2FA authentication and I can not login.
I called their support (finding a human to talk to was difficult) to ask for the reason why I would need to give out my mother's birth date. I was asking for other ways I could verify and that I shouldn't be asked to give out someone else's PII. The support person started to become defensive, sarcastically asking "you don't even know your mom's own birthday!?".
I could tell this person saw nothing wrong with the ask and thought I was being intentionally combative. I ended up conceding and giving the information. Since then, I've stopped using PayPal as a payment method.
I always thought this incident strange and have wondered about how their verification method works.