That may be. But it's unethical for PayPal to blindside businesses. PayPal's behavior often appears arbitrary and capricious; at the very least, it's unpredictable from the customer's viewpoint. If PayPal absolutely must cut off the cash flow to its supposedly high-risk business customers, it should do two things:

1) Have a written statement of the criteria for freezing funds, demanding a 100% reserve, etc.. Make the criteria concrete and objective enough that business owners can reliably predict whether this will happen to them.

2) Notify account holders of this policy in a very conspicuous way. Burying it in the TOS isn't good enough for something like this.

It's fine if PayPal wants to be strict about business models it deems high-risk. But they should do a much better job of managing customers' expectations. Right now, it seems that most customers find out about PayPal's draconian risk management practices by unexpectedly losing their cash flow or by hearing from someone else who did. That's unacceptable.

The problem will releasing that information is that it gives a huge advantage to fraudsters with limited benefit to legitimate users. Fraudsters will know exactly how much fraud they can commit to stay below the radar, so they'll max out an account while avoiding detection and then move onto another account and repeat. Paypal will then have to reduce their thresholds to minimize fraud and end up hitting far more legitimate customers.

They could perhaps identify the general risk categories (i.e have a list of businesses-type which are considered high-risk). Most merchant account providers maintain such a list and you can easily find examples by googling, but I'm guessing most people who run businesses in high-fraud industries are already aware of that fact.

Then PayPal should provide a way to pre-mitigate the risk. For instance, they could require a bond before ticket sales start. Rather than screwing legitimate users, there are other ways to solve this problem.

The short is that PayPal just doesn't care about small users. If they did, these problems would be solved.

Paypal is primarily about small users, they're a long tail business. Any large business would just get a merchant account.

What Paypal is however is a mass-market product aimed at low-risk transactions. They don't care about dealing with special case high-risk transactions, that's a fundamentally different business model which they don't want to go after.

It's perfectly reasonable for Paypal to decide their own business model.

That they let you accrue thousands or even millions in charges and then lock your account unexpectedly with poor customer service is the rub. There's no warning, just a surprise logistical nightmare that they benefit enormously from.

Imagine you were Paypal - what would you have done differently in these circumstances which wouldn't disproportionately benefit fraudsters ?

These circumstances include the fact that this business had had an account with PayPal for six years and had run hundreds of thousands of pounds through it.

If you never trust businesses that appear to be legitimate, no matter how long they maintain this appearance, eventually all your legitimate (and highly profitable) business customers will leave. That risk should be weighed against the fraud risk.

Let's do a back-of-an-envelope calculation and say Paypal makes 1% of a transaction (after accounting for CC processing, etc.) - if the company in question had processed say £200,000 through Paypal then Paypal would have made £2,000 from it.

That's a fraction of the £11,000+ that they would have been on the hook for if it turns out the event had been a fake and they'd allowed the account holder to withdraw the money.

You're making the assumption that fraudsters are stupid, they're not. Fraudsters regularly try to build (or perhaps more commonly steal) accounts with reputation before using them for fraud, you can weight account history in your risk evaluation and they may well have done so in this case, but you can't let that overly influence your risk judgement as otherwise fraudsters will exploit that.

(Unless you're arguing that Paypal should be more lenient and just accept the high fraud rate as a cost of business (presumably passing it on their customers in the form of higher commissions) - in which case I agree that's a feasible route they could take, but I assume Paypal have done the analysis and figured the numbers just don't work).

I could believe that a fraudster might spend a few months trying to appear legitimate, but six years?

Your point about PayPal's risk vs. their profit on this account is valid, but look at it from the other side. Let's take a more plausible scenario than one in which the account was opened for fraudulent purposes from the beginning. Let's imagine our business owner has had every intention of running a legitimate business and has been doing so, but as a result of personal misfortune is now in a state of desperation. Would it really make sense to torpedo a running business in order to get a final payout of maybe £50,000, and put oneself very much on the wrong side of the law in the process? For £500,000, I could see this, but I don't think many people, even those desperate or venal enough to ignore the ethical difficulties, would do it for an amount comparable to a year's revenue from a business they've worked for years to build.

Or conversely, if there really are fraudsters with the patience to run a legitimate business for six years in order to run a large scam, surely they would also be shooting for a payout well into six figures if not seven.

I think PayPal has made the considered decision that it's not worth their time to think about individual cases. That's their right, though they certainly are inviting competition.

>I could believe that a fraudster might spend a few months trying to appear legitimate, but six years?

Remember to take into account (pun intended) hacked reputable accounts.

I would have called the account holder.

How would both parties verify each others identities ?

"It's perfectly reasonable for Paypal to decide their own business model."

The same could be said for just about every other business that fails.

And I don't believe that is reasonable to freeze transactions of business based solely on some sort of suspicion of guilt, then after it has been resolved that they are indeed innocent, continue to hold their money for months after the fact.

The horror stories of paypay have been floating around for some years, this story is nothing new.

It's not a case of black-and-white innocent-or-not, an account has a certain level of risk associated with it and Paypal has to manage that.

Paypal didn't think they were fraudsters when they suspended their account, they thought they were high-risk. They unsuspended the account when the event organizer agreed to some risk mitigation measures (allowing Paypal to hold the money for the length of the creditcard chargeback period to let Paypal protect themselves).

I understand PayPal needs to take certain unpleasant measures to mitigate risk. The problem I have with them is their disrespectful attitude towards customers in general and their arrogant tone in particular.

If something goes wrong they don't say "Sorry, we believe there may be a problem so we had to suspend your account. Not to worry, just send us X or call us on this number.", but rather something along the lines of: "You're a fraudster, we disabled your account, go figure out yourself how to fix it. Here's a few unhelpful pointers."

They managed to beat the competition because of their superior fraud detection ability. Because of their succes, they now have no incentive to work on customer service.

The web allows for some unprecedented powerful corporations to come into existence and most of them (Google, Apple, Paypal, Facebook, Amazon, etc) have already abused that power on several occasions, particularly regarding small business. Get used to it...

Could you post an example of the suspended account email ? - I don't think I've seen one. If they say something like "You're a fraudster..." than I agree that's inappropriate.

I had assumed it was something like the "Your account has been limited emails" which point you to their resolution centre and tell you to phone them if you have any problems.

I'll try to dig one up. Obviously they won't use such wording. They send out a completely automated message with fairly vague instructions. If you then do what they ask and explain the situation, you get another fully automated response rejecting that attempt. This means either no human bothered to look into the situation or a human did look at my message, but did not feel the need to type an explanation or even apology for their decision. In stead, they press a big FY button and don't look back. Maybe it's because I can tell which part of an email represents human effort, that I tend to get more offended by this sort of thing. Even automated blurbs saying "we're sory if this caused any inconvienience" don't work for me.