Paypal is less of a tech company and more of a finance company.
This kind of behavior is caused by rules that put the cost of fraud on the payment processor rather than the customer, even though the payment processor's primary tools to prevent it basically involve locking the customer's account based on vague suspicion and hearsay.
When someone has stolen your identity, there isn't really anything you can tell someone to prove you're you. Having your password or SSN or access to your email or the answers to your security questions tell them nothing. The perpetrator could have those things. Your account may have been created by the perpetrator to begin with and the person whose name is on it has never even used their service. How are they supposed to tell? Even if you're you, the perpetrator may still have access to whatever method was used to access your account to begin with and if they turned it back on there would be more fraud (which causes the payment processor to lose money instead of you). So your account is locked forever and you can pound sand.
The alternative to people getting locked out of their accounts is having accounts without reversible transactions. You don't want this for your brokerage account, but you do want it for the account you're using to buy things with petty cash. Because then the account never has more than $1000 in it to begin with, which limits your losses to that amount, but then the payment processor doesn't have any incentive to ban your account because the losses are yours. If you're careless and reuse passwords, you might lose the $1000, but you don't get banned forever from making financial transactions. Then you learn your lesson and do better next time.
That would also result in lower transaction fees, because most of the transaction fees go to paying the cost of fraud protection. And it would reintroduce the incentive to prevent fraud to the people best situated to do that (stop reusing passwords, people), so there would also be less fraud, which is better for everybody.
PayPal is the worst - a couple days ago they disabled my password (including both 2FAs) and sent me an e-mail asking me to reset it. The only way to reset it is via SMS which I don’t do. I’m locked out of my account now and also support now since the only way to contact them is by logging in. I’m hoping Synchrony has an in with them because I have balances on PayPal MasterCard and PayPal line of credit that can only be accessed by logging in.
It's really the same problem. As soon as they suspect your account could be compromised, they can't trust your authentication methods anymore and the risk calculation favors losing your business over reactivating your account and then having fraud losses on it. It's a math problem, not a customer service problem.
Granted it's obviously bullshit if they try to keep the money when your account had a positive balance.
What I love is when they refuse to help you except by talking on the phone. As-if somehow my speaking to someone who has never met me and is completely unfamiliar with my voice is more secure then when I log in to their "secure message portal" and leave a message. Too bad there is no Tony for security theater. ;)
Plenty of countries already do, but at least judging from reading about America on HN its much more difficult to do anything like that in America because of distrust in government. You even vote without ID which is extremely weird for the rest of the world.
> You even vote without ID which is extremely weird for the rest of the world.
The system they use actually works pretty well. They have a list of registered voters and when you vote they cross your name off the list. You have no way of knowing who has already voted, so if you give someone else's name you risk their name already being crossed off, and then you may be in for some questioning.
If you want to do something that would actually impact the election results (i.e. vote thousands of times and not just twice) then you would also have to come back in over and over using different names, which creates the obvious potential for the poll workers to recognize you. Avoiding that would require some kind of large conspiracy so that each person doesn't reappear enough times to be recognized or use the same names as one another, which then makes it much more likely that you're caught because one of your co-conspirators turns you in.
So the risk of getting caught is pretty high even without ID, especially if you're doing it with enough scale to really matter. Meanwhile the penalty is typically something like a year in prison per offense, which is a pretty high price to pay for one extra vote.
Here are several reasons why we should never do that.
The first reason is that those IDs would then become massive theft targets. Because they're uniform, it provides economies of scale for criminals to figure out how to extract the private key from the ID, then pickpocket IDs and extract the private keys from them (or worse, figure out how to do it from across the room when it's in your pocket) and then we're back to square one.
Associating public keys with names, which is in general completely unnecessary (the key itself is the identity), also becomes a separate centralized single point of failure. Anyone who compromised that system could associate their own public keys with your name, and the more centralized the system is the more powerful the likely attacks against it would be because compromising it then has a higher payout.
A large centralized system like that is also inherently slow to change, which would result in a catastrophic failure if a vulnerability was ever discovered in the cryptosystem it uses or its implementation, because not only would every system relying on that system become simultaneously vulnerable, they would all have to be updated, which for a large bureaucratic system could take months or years. In the meantime you're forced to choose between continuing to operate the vulnerable system and being subject to an unlimited amount fraud, or shutting it down and having systems across the country offline for a lengthy period of time while everyone reimplements their interfaces with it.
A universal public key is also itself a huge privacy vulnerability. We already have this problem with social security numbers, which were never intended to be used outside of social security but have already entered use as a means to correlate surveillance data about a person. But social security numbers at least are considered sensitive data because they're used as shared secrets. A public key authenticates by use of the associated private key, so knowing the public key doesn't impair its security properties which would almost certainly lead to relaxed security requirements for their disclosure, and thereby further enable problematic public and private mass surveillance by using the public key as a universal database index.
The far better solution is to use public key cryptography, but have a separate keypair for each relationship. So you have a bank card and it has your private key associated with your bank account, which allows you to authenticate to your bank. Your employee ID allows you to authenticate to your employer. But then nobody can steal money from your bank account with your employee ID or break into your office with your bank card. And a general compromise of the security used by the DMV doesn't allow criminals to break into power plants and airports and banks and police stations, because they're not all using the same system. This vastly reduces the scope of compromise.
> figure out how to extract the private key from the ID,
I never said the private key would be embedded inside the ID. In fact, I would think a paper copy at home would be most appropriate.
> Associating public keys with names
DMV, Passports, Banks, RealID already get our fingerprints. In fact, these could be SALT to the private key kept separate.
I hear your argument about centralization, but that genie is already out of the bottle. Making it better is a good idea, no? Also, if any vulnerability occurs, I can go back to DMV and register a new PP pair.
Still, I do like your idea of having PP pairs beyond just centralized entities.. start using them everywhere you have an account.
> I never said the private key would be embedded inside the ID. In fact, I would think a paper copy at home would be most appropriate.
As soon as such a thing existed, people would want to start using it for everything, and nobody is going to want to do cryptography with pen and paper. It would end up in a card or device people would carry on their person so they could use it and then it would be a huge theft target.
> DMV, Passports, Banks, RealID already get our fingerprints.
It's the same problem, you'd have a central database mapping public keys to fingerprints and then it's a single point of failure/compromise. The attacker could get your fingerprints from the DMV, associate their public key with them and then start impersonating you using two factor authentication because they have your fingerprints and the corresponding private key to the public key the DMV has on record for you.
Let each entity maintain the mapping themselves. Your employer has a computer that says the ID badge with public key 1234 is yours. You don't need the DMV to do anything there, and then nobody can cross-correlate anything and if anybody breaks it they only compromise one system.
> I hear your argument about centralization, but that genie is already out of the bottle. Making it better is a good idea, no?
Getting rid of it is a better idea. Or start by making the centralized system worse and more restrictive so people use it for fewer things and replace existing uses with decentralized alternatives, and then get rid of it.
> Also, if any vulnerability occurs, I can go back to DMV and register a new PP pair.
They stole all your money, broke into your company and stole the trade secrets, filed separate fraudulent claims against your home, life, car and medical insurance policies, took out a second mortgage on your house, sold the title to your car and gained access to your computer where they found some information they're now using to blackmail you.
You can go to the DMV and change your public key, but that's closing the barn door after the horse has bolted. Better that only one of those things happen than all of them, no?
This kind of behavior is caused by rules that put the cost of fraud on the payment processor rather than the customer, even though the payment processor's primary tools to prevent it basically involve locking the customer's account based on vague suspicion and hearsay.
When someone has stolen your identity, there isn't really anything you can tell someone to prove you're you. Having your password or SSN or access to your email or the answers to your security questions tell them nothing. The perpetrator could have those things. Your account may have been created by the perpetrator to begin with and the person whose name is on it has never even used their service. How are they supposed to tell? Even if you're you, the perpetrator may still have access to whatever method was used to access your account to begin with and if they turned it back on there would be more fraud (which causes the payment processor to lose money instead of you). So your account is locked forever and you can pound sand.
The alternative to people getting locked out of their accounts is having accounts without reversible transactions. You don't want this for your brokerage account, but you do want it for the account you're using to buy things with petty cash. Because then the account never has more than $1000 in it to begin with, which limits your losses to that amount, but then the payment processor doesn't have any incentive to ban your account because the losses are yours. If you're careless and reuse passwords, you might lose the $1000, but you don't get banned forever from making financial transactions. Then you learn your lesson and do better next time.
That would also result in lower transaction fees, because most of the transaction fees go to paying the cost of fraud protection. And it would reintroduce the incentive to prevent fraud to the people best situated to do that (stop reusing passwords, people), so there would also be less fraud, which is better for everybody.