That they let you accrue thousands or even millions in charges and then lock your account unexpectedly with poor customer service is the rub. There's no warning, just a surprise logistical nightmare that they benefit enormously from.

Imagine you were Paypal - what would you have done differently in these circumstances which wouldn't disproportionately benefit fraudsters ?

These circumstances include the fact that this business had had an account with PayPal for six years and had run hundreds of thousands of pounds through it.

If you never trust businesses that appear to be legitimate, no matter how long they maintain this appearance, eventually all your legitimate (and highly profitable) business customers will leave. That risk should be weighed against the fraud risk.

Let's do a back-of-an-envelope calculation and say Paypal makes 1% of a transaction (after accounting for CC processing, etc.) - if the company in question had processed say £200,000 through Paypal then Paypal would have made £2,000 from it.

That's a fraction of the £11,000+ that they would have been on the hook for if it turns out the event had been a fake and they'd allowed the account holder to withdraw the money.

You're making the assumption that fraudsters are stupid, they're not. Fraudsters regularly try to build (or perhaps more commonly steal) accounts with reputation before using them for fraud, you can weight account history in your risk evaluation and they may well have done so in this case, but you can't let that overly influence your risk judgement as otherwise fraudsters will exploit that.

(Unless you're arguing that Paypal should be more lenient and just accept the high fraud rate as a cost of business (presumably passing it on their customers in the form of higher commissions) - in which case I agree that's a feasible route they could take, but I assume Paypal have done the analysis and figured the numbers just don't work).

I could believe that a fraudster might spend a few months trying to appear legitimate, but six years?

Your point about PayPal's risk vs. their profit on this account is valid, but look at it from the other side. Let's take a more plausible scenario than one in which the account was opened for fraudulent purposes from the beginning. Let's imagine our business owner has had every intention of running a legitimate business and has been doing so, but as a result of personal misfortune is now in a state of desperation. Would it really make sense to torpedo a running business in order to get a final payout of maybe £50,000, and put oneself very much on the wrong side of the law in the process? For £500,000, I could see this, but I don't think many people, even those desperate or venal enough to ignore the ethical difficulties, would do it for an amount comparable to a year's revenue from a business they've worked for years to build.

Or conversely, if there really are fraudsters with the patience to run a legitimate business for six years in order to run a large scam, surely they would also be shooting for a payout well into six figures if not seven.

I think PayPal has made the considered decision that it's not worth their time to think about individual cases. That's their right, though they certainly are inviting competition.

>I could believe that a fraudster might spend a few months trying to appear legitimate, but six years?

Remember to take into account (pun intended) hacked reputable accounts.

I would have called the account holder.

How would both parties verify each others identities ?

"It's perfectly reasonable for Paypal to decide their own business model."

The same could be said for just about every other business that fails.

And I don't believe that is reasonable to freeze transactions of business based solely on some sort of suspicion of guilt, then after it has been resolved that they are indeed innocent, continue to hold their money for months after the fact.

The horror stories of paypay have been floating around for some years, this story is nothing new.

It's not a case of black-and-white innocent-or-not, an account has a certain level of risk associated with it and Paypal has to manage that.

Paypal didn't think they were fraudsters when they suspended their account, they thought they were high-risk. They unsuspended the account when the event organizer agreed to some risk mitigation measures (allowing Paypal to hold the money for the length of the creditcard chargeback period to let Paypal protect themselves).