Here we go again. In order to prevent gaming issues, the verification must be tied to an active bank account and this is to prevent someone from opening an account, verifying, then removing the information and defrauding users by sending it somewhere else.
The identification aspect is in place to deter fraud, as I have mentioned more than once. In order to be verified, it has to be to an ACTIVE financial institution and bank account. The identification stays current and doesn't allow the gaming issue like I have referred to several times now.
If you don't want to be verified---I can accept that. If you don't want fraud protection---I can accept that.But these items are done in order to protect our USER base from fraudulent activity and to prevent dishonest individuals from defrauding our users. Your bank will not be accessed at any time and I have covered this fairly extensively.
What changed? X.com is no longer an active institution. In order to keep the identification current, it must be from an active institution.Why? So a fraudster could not remain verified, when they have changed their identification that has been provided.
While your concerns are justified, I have addressed them to the best of my ability. If you don't like the answer---I can't help that.
posted on April 26, 2001 01:55:09 PMWhat changed? X.com is no longer an active institution. In order to keep the identification current, it must be from an active institution.Why? So a fraudster could not remain verified, when they have changed their identification that has been provided.
Ahhhh... I see it now. All those XCOM users were really fraudsters (with ESP, apparently, since they must have had knowledge beforehand that XCOM would not stay in business) who signed up with XCOM, and were just waiting for them to close, so that they could go on a wild crime spree.
"Here we go again. In order to prevent gaming issues, the verification must be tied to an active bank account and this is to prevent someone from opening an account, verifying, then removing the information and defrauding users by sending it somewhere else. "
Sending WHAT somewhere else? What on earth are you talking about? How does "removing the information" affect the risk to other users or to Paypal, unless Paypal is planning to initiate unauthorized transfers to recover chargebacks or fraudulent charges.
I haven't removed any information; it is Paypal that is removing the information and gaming the system.
"The identification aspect is in place to deter fraud, as I have mentioned more than once. In order to be verified, it has to be to an ACTIVE financial institution and bank account. The identification stays current and doesn't allow the gaming issue like I have referred to several times now."
My identification is still current; I am the same person who opened the X.com account. Only the bank account is not current, and not through any fault of mine. Once again, Paypal is more interested in bank account info than in identification.
posted on April 26, 2001 02:12:20 PM
booksbooksbooks-
Isn't it interesting how PayPal continues to focus on the act of "removing information" and ignoring the fact that it is they, not the user, who is doing so? And then somehow making the user responsible for the change?
It's like a magician's trick... keep you focusing on one hand so that you don't pay attention to what the other hand is doing.
And then repeating the same non-answer over and over again, along with claims of having already provided an answer. I guess the thought here is that if they say it often enough, people will begin to believe it.
posted on April 26, 2001 02:29:20 PM
Hi booksbooksbooks,
I have stated the answer. It is to prevent gaming of the Verification system and that is it. What, in your opinion, is an organization going to do with your banking information? Notably, since bank account withdrawals and deposits are federally regulated items?
posted on April 26, 2001 04:12:37 PM"Here we go again. In order to prevent gaming issues, the verification must be tied to an active bank account and this is to prevent someone from opening an account, verifying, then removing the information and defrauding users by sending it somewhere else."
Huh? Just how does this prevent "gaming"?
A user can have any number of bank accounts linked to a PayPal account.
Accountholder uses an empty bank account for "verification" purposes... and doesn't transfer a dime into it. All of the money in said user's PayPal account can be sent to any number of "unverified" checking accounts.
The "verified" account can be shut down shortly after the user is verified... while the user continues to transfer money into "unverified" accounts, while proudly displaying PayPal's little "verified" symbol.
How is PayPal going to know if the "verified" account is active or not -- unless PayPal runs periodic checks on user's bank accounts?
The only reason PayPal knew X.com accounts were not longer active is because PayPal and X.com merged and X.com was shut down.
Now how is all of this better "identification" than a Social Security number and a credit check?
In my opinion, the first thing an organization is going to do with that information is make it the default setting for payments, in order to stem its losss from credit card processing fees. (And do this quietly, tricking some users who intended to pay by credit card.) Guess what? Paypal already did this at the same time they switched to the bank account verification system.
The second thing an organization is going to do is modify its TOS -- as it can do at any time and without notice -- to allow it to initiate withdrawals from users' bank accounts, in exactly the same way the TOS now allows Paypal to initiate unauthorized charges against a user's credit or debit card. Because the Paypal TOS allows this change to be made without notice, most sellers won't find out about this until they have been victimized by it and their checks start bouncing.
I'm willing to bet that within the next three years, this TOS change will be made, as Paypal once again needs to stem its losses due to chargebacks.
That might not be a bad thing, if Paypal were up front about it, and if Paypal had a better reputation in the business comunity (e.g. the BBB) and a history of honest communication & competent, consistent operations, so that I had confidence that they would handle that power responsibly and we wouldn't be reading horror story after horror story here. But preparing to do this in the guise of identifying users is just plain wrong, and doesn't do anything to to increase my confidence in Paypal's ability to handle that power responsibly.
Obviously, brazenly looting user bank accounts and escaping to Brazil would involve lots of major felonies, and I don't expect that to happen.
Bank accounts and withdrawals are indeed federally regulated, which is what makes the verification agreement so dangerous to users, because it is designed to provide Paypal with the blanket authorization required under those federal regulations.
The blanket authorization contained in that agreement, not the TOS, is all Paypal needs to start making unauthorized withdrawals from bank accounts, once it changes the TOS -- at any time and without notice -- to allow itself to do so.
If Paypal wants to provide genuine assurance to users, it could simply modify the final paragraph of the TOS to say that Paragraph 10 (providing that the user must initiate all bank withdrawals) cannot be amended by Paypal without the express written consent of the user.
I don't expect that it will do that, since that would defeat a major purpose of the acquisition of bank account info.
posted on April 26, 2001 04:48:20 PM
Hi booksbooksbooks,
This is getting a little out-of-hand, but I will humor you and state the same thing I have been stating.
Modifying the TOU has nothing to do with an item that is federally-regulated. As I have stated far more than once to you, a user that has a bank account on file does not give us unilateral access to their bank account.
The second thing an organization is going to do is modify its TOS -- as it can do at any time and without notice -- to allow it to initiate withdrawals from users' bank accounts, in exactly the same way the TOS now allows Paypal to initiate unauthorized charges against a user's credit or debit card. Because the Paypal TOS allows this change to be made without notice, most sellers won't find out about this until they have been victimized by it and their checks start bouncing.
(NOPE-. Bank account withdrawals and deposits against a bank account require user consent, which is logging in against the site.)
I'm willing to bet that within the next three years, this TOS change will be made, as Paypal once again needs to stem its losses due to chargebacks.
(The current charge back recovery method is in the TOU and our TOU also shows that we will not access the user's bank account for recovery. If such a change went through, which I don't foresee, users would be notified in advance. Some companies access the bank account in the event of a charge back and we do not)
That might not be a bad thing, if Paypal were up front about it, and if Paypal had a better reputation in the business comunity (e.g. the BBB) and a history of honest communication & competent, consistent operations, so that I had confidence that they would handle that power responsibly and we wouldn't be reading horror story after horror story here. But preparing to do this in the guise of identifying users is just plain wrong, and doesn't do anything to to increase my confidence in Paypal's ability to handle that power responsibly.
(7 million users and you point to reports on message boards as indicative of overall service levels. For your information, many of the BBB issues were from first-time users making mistakes on certain issues. However,we do work with the BBB to address whatever areas we can make changes in, such as customer service response time, improved messaging, and more accurate responses. The number of complaints, from what I have been told, has been cut in half)
Obviously, brazenly looting user bank accounts and escaping to Brazil would involve lots of major felonies, and I don't expect that to happen.
Bank accounts and withdrawals are indeed federally regulated, which is what makes the verification agreement so dangerous to users, because it is designed to provide Paypal with the blanket authorization required under those federal regulations.
(Incorrect. Our terms of use advise as such)
The blanket authorization contained in that agreement, not the TOS, is all Paypal needs to start making unauthorized withdrawals from bank accounts, once it changes the TOS -- at any time and without notice -- to allow itself to do so.
If Paypal wants to provide genuine assurance to users, it could simply modify the final paragraph of the TOS to say that Paragraph 10 (providing that the user must initiate all bank withdrawals) cannot be amended by Paypal without the express written consent of the user.
(Fine. I will make that suggestion, but it doesn't change what I have stated numerous times in a public forum).
For some reason when I cut/pasted *yours* I got zip. And when I click on the url *I* give the report doesn't show--but if you click on "Back to Standard Company Search" you can type in "PayPal" & bring it up.
[ edited by Bunnicula on Apr 26, 2001 05:23 PM ]
[ edited by Bunnicula on Apr 26, 2001 05:25 PM ]
You are quite correct that merely having the user's bank info on file does not authorize Paypal to make withdrawals. But Paypal's verification process involves more than that: The user not only provides the numbers, but also grants Paypal authority to make deposits and withdrawals.
That is the "blanket authorization" -- adequate to comply with federal law -- that I keep referring to, and you keep avoiding the subject.
I have asked you several times to post that language (from the verification web pages) on the board, since I cannot access it again without going through the verification process. If you post that language, everyone will be able to see that they are explicitly giving Paypal blanket authority to make deposits to and withdrawals from their bank account, and that this is precisely the user consent that federal regulations require. Or you will prove me wrong.
I have also asked you to cite the federal statute number or regulation number that you repeatedly refer to, so that everyone can see if the language in the verification agreement is indeed the blanket authorization that I contend it is.
You acknowledge that some companies access the bank account in the event of chargebacks. So obviously it is not against federal law for them to do so.
You SAY Paypal would notify its users of a change, but the TOU is quite clear that changes can be made without any notice whatsoever.
If you still contend that I am wrong, all you have to do is post the language (from the verification page, not the TOS). Why are you afraid to post the language if you think it will disprove my points?
Since you are willing to be the personal whatever-it-was for our bank account info, can we just e-mail you the account info instead of entering it through the verification web page and accepting the terms on those pages? I don't think so.
It's very simple, Damon.
If I'm wrong about federal law, post the statute or regulation number that you keep talking about so everyone can see that I'm talking nonsense.
If I'm wrong about the language authorizing deposits and withdrawals that appears on the verification page, post that language here and everyone can see that I'm talking nonsense.
On the other hand, if I'm right, you can just keep making vague unsubstantiated claims about federal law and referring to the TOU every time I mention the ACH authorization on the verification pages.
posted on April 26, 2001 06:01:34 PM
Hi booksbooksbooks,
On the page where you add your bank account, it says:
The safety and security of your Bank Account information is protected by PayPal. We protect against unauthorized withdrawals, and will never make electronic transfers from your Bank Account without your explicit permission. Please see our Terms of Use for more details.
Terms of use:
In the Terms of Use, it says:
Electronic Transfers. When you make a payment funded by Instant Transfer or eCheck, you are requesting an electronic transfer from your checking account. Upon your request, PayPal will make electronic transfers via the Automated Clearing House (ACH) system to and from your U.S. checking account in the amount you specify . You agree that such requests constitute authorization for such transfers. If you request an electronic transfer from your checking account, you also authorize PayPal to confirm your control of your checking account by making two small deposits to your checking account at PayPal's own expense. Your checking account and your PayPal account will be considered verified once you correctly enter the deposit amounts on the PayPal website. Support for international checking accounts is coming soon.
PayPal will never make electronic transfers from your checking account without your express permission. Furthermore, PayPal provides you protection against unauthorized withdrawals from your checking account under the terms of Article III below.
Help Center:
Will PayPal have access to withdraw funds from my Checking Account without my permission?
No. PayPal will only withdraw or add funds with your permission.
posted on April 27, 2001 03:06:03 AM
What really gets me is that a BANK ACCOUNT HAS NOTHING TO DO WITH IDENTITY so it is useless as a form of 'verification'. Any thief or fraud can open a bank account under any name they wish. Social security cards and driver licenses are easily stolen, and such a bank account would make a perfect launching post for criminal activities.
In short, it is an incentive for fraud that works in the favor of thieves.
A simple address verification is all that is needed, and provides a far higher degree of safety to the individual. If the system is hacked the thieves would have only the address, whereas now they can clean out a bank account. Not hypothetical either. THIS HAS HAPPENED, wiht the fake PayPal page scam...
posted on April 27, 2001 08:23:06 AM
When you are a thief, paypal takes the money back, and noone cares how they do it. Maybe they make a mistake or two, but noone cares.
When you are not a thief, paypal leaves you alone.
posted on April 27, 2001 09:06:37 AM
The only story we know of which paypal took money back by removing it from a bank account account involved money stolen from paypal.
When you are not a thief, paypal leaves you alone.
PayPal is changing my status from Verified to Unverified, and the reason for this is that they decided to close XCOM. I have done nothing to initiate this change in status- it is entirely due to PayPal's actions. People who have bought from me in the past, and noted that I had a verified account will now see that I've been downgraded to unverified, and wonder why. Buyers new to online purchasing and worried about all the reports of online fraud will see my "unverified" status and be concerned that I may not be reliable. PayPal has modified my account in a negative manner, based entirely on their actions, with the possible effect of damaging my reputation.
posted on April 27, 2001 10:10:36 AM
If all paypal needs is the bank account information to prove the user is who he says he is then why can't I get verified WITHOUT aggreement to the blanket DEBIT authorization?
Paypal has my bank account info and has been depositing money (close to $1000 in the last couple of days) into that account for about a year now without ANYONE complaining that I don't have control of that account.
But if I want to be verified with the SAME account I HAVE to agree to the blanket authorization to debit my bank account....supposedly to fund my paypal account. I have no desire to EVER fund my paypal account with my checking account OR my credit card (which I have also NOT supplied to paypal) so why should I have to agree to that form of funding?
Paypal could verify my account with their "two deposits of small amounts" that I verify to them has been made WITHOUT my agreement to fund my paypal account from my bank account.
TOS can be changed, and Paypal knows how to do it (BOY DO THEY). Just because they SAY they will not debit my account without my permission (which I have already given with the blanket authorization) doesn't mean they won't!
If all paypal needs is the bank account information to prove the user is who he says he is then why can't I get verified WITHOUT aggreement to the blanket DEBIT authorization?
Haven't you been reading the posts?
It is to prevent gaming of the Verification system and that is it.
posted on April 27, 2001 12:23:56 PMPayPal acts as a third party between the recipient and the sender of an online money transaction. Our file experience shows that PayPal has an unsatisfactory record with the Bureau due to a pattern of complaints alleging that the company requires too much personal information in order to withdraw funds and that the consumer is unable to reach a customer service representative. The company responds to all complaints brought to its attention by the Bureau.
The two sides met Wednesday after the watchdog agency labeled PayPal's customer service record "unsatisfactory" based on the 30 to 40 PayPal complaints it said it receives every month. Most of the complaints claim PayPal is too slow to respond to questions and too quick to freeze accounts if it believes fraud has taken place, according to Erin McCool, a customer service representative for the San Jose, Calif., chapter of the BBB.
