Paypal classes events as high-risk transactions (as they require people to pay upfront often far in advance of the event) so you're at much more risk of being suspended if you breach their risk thresholds.
Imagine if you're a fraudster, you've knocked up a fake event and you've sold $10k-$20k in tickets, you could withdraw the money and disappear before the date of the event. Now Paypal are on the hook for the money, when they get creditcard charge-backs it comes out of Paypal's account and not the fraudsters.
Does anyone consider it reasonable that Paypal take this risk ? - the reason for the 90 day limit is that's the length of time most consumers have to request a credit card chargeback. Paypal is simply protecting themselves.
If you're engaged in high-risk transactions you're much better off going with a specialist provider (i.e Amiando or Eventbrite in this case) as they have risk fraud models designed to handle the specific risk factors.
That may be. But it's unethical for PayPal to blindside businesses. PayPal's behavior often appears arbitrary and capricious; at the very least, it's unpredictable from the customer's viewpoint. If PayPal absolutely must cut off the cash flow to its supposedly high-risk business customers, it should do two things:
1) Have a written statement of the criteria for freezing funds, demanding a 100% reserve, etc.. Make the criteria concrete and objective enough that business owners can reliably predict whether this will happen to them.
2) Notify account holders of this policy in a very conspicuous way. Burying it in the TOS isn't good enough for something like this.
It's fine if PayPal wants to be strict about business models it deems high-risk. But they should do a much better job of managing customers' expectations. Right now, it seems that most customers find out about PayPal's draconian risk management practices by unexpectedly losing their cash flow or by hearing from someone else who did. That's unacceptable.
The problem will releasing that information is that it gives a huge advantage to fraudsters with limited benefit to legitimate users. Fraudsters will know exactly how much fraud they can commit to stay below the radar, so they'll max out an account while avoiding detection and then move onto another account and repeat. Paypal will then have to reduce their thresholds to minimize fraud and end up hitting far more legitimate customers.
They could perhaps identify the general risk categories (i.e have a list of businesses-type which are considered high-risk). Most merchant account providers maintain such a list and you can easily find examples by googling, but I'm guessing most people who run businesses in high-fraud industries are already aware of that fact.
Then PayPal should provide a way to pre-mitigate the risk. For instance, they could require a bond before ticket sales start. Rather than screwing legitimate users, there are other ways to solve this problem.
The short is that PayPal just doesn't care about small users. If they did, these problems would be solved.
Paypal is primarily about small users, they're a long tail business. Any large business would just get a merchant account.
What Paypal is however is a mass-market product aimed at low-risk transactions. They don't care about dealing with special case high-risk transactions, that's a fundamentally different business model which they don't want to go after.
It's perfectly reasonable for Paypal to decide their own business model.
That they let you accrue thousands or even millions in charges and then lock your account unexpectedly with poor customer service is the rub. There's no warning, just a surprise logistical nightmare that they benefit enormously from.
These circumstances include the fact that this business had had an account with PayPal for six years and had run hundreds of thousands of pounds through it.
If you never trust businesses that appear to be legitimate, no matter how long they maintain this appearance, eventually all your legitimate (and highly profitable) business customers will leave. That risk should be weighed against the fraud risk.
Let's do a back-of-an-envelope calculation and say Paypal makes 1% of a transaction (after accounting for CC processing, etc.) - if the company in question had processed say £200,000 through Paypal then Paypal would have made £2,000 from it.
That's a fraction of the £11,000+ that they would have been on the hook for if it turns out the event had been a fake and they'd allowed the account holder to withdraw the money.
You're making the assumption that fraudsters are stupid, they're not. Fraudsters regularly try to build (or perhaps more commonly steal) accounts with reputation before using them for fraud, you can weight account history in your risk evaluation and they may well have done so in this case, but you can't let that overly influence your risk judgement as otherwise fraudsters will exploit that.
(Unless you're arguing that Paypal should be more lenient and just accept the high fraud rate as a cost of business (presumably passing it on their customers in the form of higher commissions) - in which case I agree that's a feasible route they could take, but I assume Paypal have done the analysis and figured the numbers just don't work).
I could believe that a fraudster might spend a few months trying to appear legitimate, but six years?
Your point about PayPal's risk vs. their profit on this account is valid, but look at it from the other side. Let's take a more plausible scenario than one in which the account was opened for fraudulent purposes from the beginning. Let's imagine our business owner has had every intention of running a legitimate business and has been doing so, but as a result of personal misfortune is now in a state of desperation. Would it really make sense to torpedo a running business in order to get a final payout of maybe £50,000, and put oneself very much on the wrong side of the law in the process? For £500,000, I could see this, but I don't think many people, even those desperate or venal enough to ignore the ethical difficulties, would do it for an amount comparable to a year's revenue from a business they've worked for years to build.
Or conversely, if there really are fraudsters with the patience to run a legitimate business for six years in order to run a large scam, surely they would also be shooting for a payout well into six figures if not seven.
I think PayPal has made the considered decision that it's not worth their time to think about individual cases. That's their right, though they certainly are inviting competition.
"It's perfectly reasonable for Paypal to decide their own business model."
The same could be said for just about every other business that fails.
And I don't believe that is reasonable to freeze transactions of business based solely on some sort of suspicion of guilt, then after it has been resolved that they are indeed innocent, continue to hold their money for months after the fact.
The horror stories of paypay have been floating around for some years, this story is nothing new.
It's not a case of black-and-white innocent-or-not, an account has a certain level of risk associated with it and Paypal has to manage that.
Paypal didn't think they were fraudsters when they suspended their account, they thought they were high-risk. They unsuspended the account when the event organizer agreed to some risk mitigation measures (allowing Paypal to hold the money for the length of the creditcard chargeback period to let Paypal protect themselves).
I understand PayPal needs to take certain unpleasant measures to mitigate risk. The problem I have with them is their disrespectful attitude towards customers in general and their arrogant tone in particular.
If something goes wrong they don't say "Sorry, we believe there may be a problem so we had to suspend your account. Not to worry, just send us X or call us on this number.", but rather something along the lines of: "You're a fraudster, we disabled your account, go figure out yourself how to fix it. Here's a few unhelpful pointers."
They managed to beat the competition because of their superior fraud detection ability. Because of their succes, they now have no incentive to work on customer service.
The web allows for some unprecedented powerful corporations to come into existence and most of them (Google, Apple, Paypal, Facebook, Amazon, etc) have already abused that power on several occasions, particularly regarding small business. Get used to it...
Could you post an example of the suspended account email ? - I don't think I've seen one. If they say something like "You're a fraudster..." than I agree that's inappropriate.
I had assumed it was something like the "Your account has been limited emails" which point you to their resolution centre and tell you to phone them if you have any problems.
I'll try to dig one up. Obviously they won't use such wording. They send out a completely automated message with fairly vague instructions. If you then do what they ask and explain the situation, you get another fully automated response rejecting that attempt.
This means either no human bothered to look into the situation or a human did look at my message, but did not feel the need to type an explanation or even apology for their decision. In stead, they press a big FY button and don't look back.
Maybe it's because I can tell which part of an email represents human effort, that I tend to get more offended by this sort of thing.
Even automated blurbs saying "we're sory if this caused any inconvienience" don't work for me.
Paypal also has terrible customer service. Every time I call them, I get pushed around to people who barely speak English, and just repeat things they see on a sheet of paper.
To add to this, think about charge backs. Paypal doesn't even make an effort to fight for you, in the case of a Charge Back. I had a charge back NINE months after a transaction for 2 $500 amounts. Ouch. The worst part is... if you want to dispute the charge back, they charge you ANOTHER fee to do it.
Paypal has been an absolute nightmare - and if there was an alternative, I'd jump on it right away.
Do you have an account manager? If not, you may want to request one. Our experience with PayPal has been fine since we started directing inquiries through our AM vs normal support.
We use Eventbrite for all our Entrepreneurs Unpluggd events, and while they're not multi-day conferences, I still think Eventbrite is the best platform for any size event to use for ticket sales, registration, waiting list, and all that jazz.
Never once had an issue with them on any level.
And no, I don't work for them or get paid by them in any way. They just have a kick ass product. :)
EDIT: The reason I'm even saying this is the author mentions in his post that he switched from PayPal to Eventbrite.
You're right. He said he was switching from PayPal as the payment processor to Eventbrite.
We used PayPal for our first event, but their extra cut on top of Eventbrite's made little sense, so we too switched to using Eventbrite's processor and haven't looked back.
You have to wait until the event is over to get the money, right? It seemed to me that with PayPal, if it didn't get frozen, the author of the article would have gotten his money before the event started and been able to use it to pay for the event's expenses.
Seems to be another case of 'Paypal isn't a bank.'
And while the Author seems to understand that (and hence didn't keep a lot of money under their control) it is something a number of people 'miss.'
What I find most interesting is that a lot of people would like Paypal to be a bank (or certainly more bank like) and complain bitterly when it comes up short, and yet few actual banks seem able or willing to extend their business model to include a lighter weight payments services.
The discontinuity in the market (a demand for services served poorly because the best entity to serve it doesn't enter the market) is one of those things that makes me wonder if anyone is paying attention or not.
From my experience in the UK it's the only option for accepting payment that doesn't have the serious admin and financial outlay of getting set up with a proper merchant account. Perhaps in this case going with EventBrite from the beginning would have made more sense but that's only an easy call to make in hindsight.
Edit: You seem to have changed your comment. Consider this a reply to the underlying message of your sarcasm.
How serious is the admin and financial outlay? I want to say that it would be worth it to avoid the risk of Paypal freezing your funds (or worse), but that's a hard call to make without knowing exactly what the costs would be.
It's difficult/impossible to get a merchant account without a previous trading history and money to show off. The financial spend isn't too bad, but from what I can tell you need to have some sizeable accounts before you can get one. Basically they're aimed at the larger business end of things, which makes small projects that need online transactions a non-starter.
(I tried and failed to set up a merchant account and instead had to settle for PayPal as the only other option)
It's been said before, but it's worth repeating. Conferences are a high risk business operation. For every SXSW, there's a thousand "Learn to Buy Real Estate with No Money Down" conferences at the Ramada Inn next to the airport. Paypal is not in the business of assuming your risk. They are in the business of processing payments while mitigating their own.
> Whatever happened to "caveat emptor"? If you're attending a real estate conference at a Ramada Inn, you weren't defrauded - you're just an idiot.
What happened is that "you were an idiot" is not accepted by many any more.
Many people don't expect to pay for their mistakes, even if that means someone else paying instead, and the worst people for this are the sort of people who make a lot of mistakes.
They'll argue, they'll fight, they'll try force a chargeback on the credit card payment, they'll do anything they can to avoid taking the cost of a mistake - if nothing else works they just keep on and on and on and on and on at everyone involved until someone gives them a full refund just to make them shut up and go away (as the admin time arguing back can become more expensive than the refund and taking them to court for harassment is hardly a convenient option). Some will even sometimes try taking you and/or the payment processor to court. Yes the case will probably be laughed out, but someone has to go through all the hassle until it gets laughed out, then (unless you are in a "loser pays" country) counter-sue to get your legal costs back.
And then there is the negative PR they can try to drum up - if they are successful here that can be much more costly than a refund.
Caveat emptor doesn't work if the emptor is a very loud, very persistent, fuckwit with entitlement issues (or just a scammer). Which unfortunately is a large enough segment of the general population to be a significant problem.
What happened to it was that credit card companies discovered that they could gain additional customers by removing that risk. The end result is now that most or all credit cards cover the cardholder in the event of a fraudulent purchase.
Feel free to run your own conference where "caveat emptor" is the rule for buying tickets, but you won't be able to take credit cards or various other forms of payment for it.
> What happened to it was that credit card companies discovered that they could gain additional customers by removing that risk. The end result is now that most or all credit cards cover the cardholder in the event of a fraudulent purchase.
What happened was that after defrauding customers became common practice, Congress passed laws regulating the credit card industry and putting the fraud onus on the party with the most ability to prevent it, the credit card issuer.
I didn't look into it deeply, but from the law I could find, it appears that liability is only limited by law in the event that the cardholder never authorized the transaction.
For this particular case, the cardholder authorized the transaction, and just didn't get what he expected to get. Maybe that's covered by a different law I didn't find?
The Fair Credit Billing Act, a revision of the Truth in Lending Act, specifically covers this:
"(3) A reflection on a statement of goods or services not accepted by the obligor or his designee or not delivered to the obligor or his designee in accordance with the agreement made at the time of a transaction. "
Basically that's saying that if you ordered it, but the vendor didn't deliver properly, that counts as a billing error and must be handled like any other billing error - the credit card issuer must conduct an investigation, in writing, document everything, and can only bill the card holder for the amount in dispute if the card issuer is fully satisfied that the goods were provided as ordered. So the card issuer is in the business of adjudicating fraudulent disputes, whether they want to or not, which gives them a strong incentive (because they're going to be stuck with the fraud) to reduce and prevent fraud in the first place rather than passing it off to the card holder.
If the buyer needs to be aware, then so does Paypal - and they take steps accordingly. I feel sorry for anyone whose account has been frozen by Paypal, but if they didn't take steps to manage their risks, they would experience more fraud. And if they experienced more fraud, they would pass those costs along to everyone.
I've been running an event in the UK for around 4 years now. We have around 1200 attendees and push around £55,000 (around $90,000) through each year.
We had a few small issues the first year where paypal froze our account until additional verification had taken place but since then and three years of continuous use we haven't had a single problem. However we've also never had a chargeback so I would imagine that's heavily worked into their risk calculations.
You know I keep seeing tech types going on about how much they hate PayPal - so why doesn't somebody do a startup to go head to head with them? I realize I'm just a humble designer, but I can tell that even from a usability point of view they're very vulnerable.
> I've seen a number of conference organisers complain of this so it must happen often!
That's not really a valid argument. You don't know how many conferences used Paypal and went off without a hitch. Not many people are going to write a blog post saying, "We used PayPal, and it went fine!" - and of those, fewer still would hit the HN front page.
That's also true if you accept payment in soiled panties or puka shells, but the trick is convincing everyone involved - the venue, the speakers, the staff, and the merchants you're relying on to print t-shirts and the like - to accept this as a form of payment.
It is true that Bitcoin adoption levels don't make it feasible to rely on completely for conference registration, but it makes sense to start offering it as an option so we can gradually grow an alternative to Paypal, who has been pulling these shenanigans for years. It usually takes a day or two to convert Bitcoin to currency so there isn't a big reason not to offer it as a payment option.
By offering it as an option, you no longer have the option to not rely on it completely. What happens when everyone decides to pay in Bitcoins? I don't think the caterers will accept them as a form of payment - they'll echo Doug Shaftoe's sentiment:
" Doug’s regained his composure now, and is back to belly laughs. "What’ll that buy me? Pictures of naked girls on the World Wide Web?" "
Ideally you automatically eliminate Bitcoin as a payment option in the online interface when a certain threshold is passed (or just do this manually if need be). The odds of this happening, however, are slim to none as adoption is not there yet.
Regarding caterers, as I said in the previous comment in this thread it usually takes 1-2 days to withdraw fiat currency from a Bitcoin exchange. Really not a problem.
So are puka shells. And bitcoin's exchange rates are fluctuating pretty rapidly, especially since exchanges tend to randomly disappear. What happens when you have $5,000 in bitcoins, and the bithurf.com goes down and suddenly you only have $500 in bitcoins?
>And bitcoin's exchange rates are fluctuating pretty rapidly
Not that rapidly. When pricing in Bitcoin most buyers are okay with prices being based on recent pricing. Add a bit of padding to your Bitcoin price to allow for normal fluctuations and you're fine.
>What happens when you have $5,000 in bitcoins, and the bithurf.com goes down and suddenly you only have $500 in bitcoins?
You wait a couple of days for the value to go back up (at least that's how it played out when Mt. Gox crashed). Significant non-short-term pricing movements in Bitcoin land don't happen overnight.
In the extremely unlikely case that Bitcoin becomes a generally accepted currency, I suspect the government will regulate it. Such regulations will most likely provide a monopoly such that only certain credit card gateways and Paypal can facilitate transactions in them. Which means you're back to square one.
That said, Bitcoin looks like a crowd sourced Ponzi Scheme to me, a buggy one at that.
Hasn't the market fluctuated fairly rapidly in the past few months? I'd hate to accept $10,000 worth of conference fees in bitcoins, only to find out that I can only get $5,000 out of them. At a rate of $1,000 a day - or whatever the exchanges are limiting the daily trades to these days.
PayPal is a horrible company. They freeze accounts, hold money hostage (pretty sure illegally), refuse to delete user data (illegal in the UK), and screw smaller users over by forcing them to add bank accounts or sign up for their shitty credit card just to verify that their account is real.
Imagine if you're a fraudster, you've knocked up a fake event and you've sold $10k-$20k in tickets, you could withdraw the money and disappear before the date of the event. Now Paypal are on the hook for the money, when they get creditcard charge-backs it comes out of Paypal's account and not the fraudsters.
Does anyone consider it reasonable that Paypal take this risk ? - the reason for the 90 day limit is that's the length of time most consumers have to request a credit card chargeback. Paypal is simply protecting themselves.
If you're engaged in high-risk transactions you're much better off going with a specialist provider (i.e Amiando or Eventbrite in this case) as they have risk fraud models designed to handle the specific risk factors.