Comment by Foofoobar12345
4 days ago
They are probably testing stolen/hacked PayPal accounts. Probably doing a dispute to ensure the owners don’t suspect anything is going wrong, until they use it for bigger transactions. Unfortunately with PayPal there’s no way to ascertain ownership of an account (like 3DS).
This used to happen to us, eventually after haggling with PayPay support for over a year on who should bear the cost, we just shut down PayPal payments. Don’t have anything better to offer, sorry.
I haven't worked with online payments for a few years, so take it for what it is, but I'd agree. PayPal is possibly the worst payment solution, for the stores. Their support sucks and is completely unhelpful, managing your account was at the time extremely complex, compared any other payment solution.
Our rule taking PayPal: Transfer EVERYTHING out of your PayPal account on a daily basis, do not let them hold your funds, they will block you from accessing it at some point. Minimize what they can touch.
Also don't all smaller amounts to be paid with PayPal. This prevents you from being abused as a source for verifying stolen accounts.
The only company I dealt with that came close to the same level of incompetency was Klarna. Klarna didn't at the time understand the concept of fraud, because they're Swedish and their system in Sweden MOSTLY prevented fraud at the time. Once people found away around that and Klarna expanded beyond Sweden, they gave up and attempted to stick the bill on us, despite their contracts clearly stated that they where responsible for collecting payments.
> Our rule taking PayPal: Transfer EVERYTHING out of your PayPal account on a daily basis, do not let them hold your funds, they will block you from accessing it at some point. Minimize what they can touch.
That only works until your business is successful. Once you reach enough transaction volume/dollars they will require you to float millions of dollars in your PayPal balance and not let you touch anything for 30-45 days after transactions.
The one reason I still use PayPal is because the 5% + 5¢ for micropayments is the best deal out there if you're billing $1 or $2 transactions.
I transfer all funds out on a daily basis.
My immediate reaction reading the post was “don’t use PayPal”
Online marketplaces, multiparty sellers, credit card transactions, etc… are hard enough as it is
Don’t become dependent on a vendor who’s absolutely terrible to work with
If you can pass on a chunk of customers sure. I've canceled a purchase more than once at checkout when I saw there is no PayPal available, if the website was unknown or looked a little shady, and I didn't desperately need the item. There are people who don't buy at all if there's no PayPal just because it's less convenient.
This. Also, remember that from the consumer standpoint, PayPal was the first ever trusted payment processor that didn't pass your payment account info (bank, CC#, debit card info) along to the vendor. Granted, they passed along your email+shipping address. But the vendor would have had that info anyhow if you were purchasing some physical item from them.
So there's a large swath of the consumer population that views PayPal positively and will skip a purchase if there's no PayPal option.
Are there services that "guarantee" (or block) transactions for a fee?
In any case, this should be the primary responsibility of the payment service !! The fact it can so casually off load it to the merchants is just bizarre
Guaranteeing transactions would incentivize the provider to block transactions. There are many companies in the space, like sift.com, but they don’t guarantee.
> there’s no way to ascertain ownership of an account (like 3DS)
3DS is 2FA and PayPal most definitely has it, it's just that they protect the customer regardless of 2FA.
3DS is not just 2FA, but it has an option to shift liability to the card issuer in case of card-stolen disputes. Our fraud has come to near 0 once we started 3DS enforcement. 1% of 3DS transactions don't lead to a liability shift, and in such cases, we flag those transactions and call the customer to get more forms of identification that they own the card.
With PayPal - beyond ownership of email address (which is already compromised), there's nothing else to validate against.
What have you switched to that isn't PayPal and also doesn't have this issue?
I'm not that commenter but my business also moved away from PayPal and is using Stripe + Sezzle for transaction processing. It has been about five years now without any issues at all.
Easy example is Stripe. You can enable 3DS, and you can listen for 'early_fraud_warning' events on a webhook to refund users & close accounts to avoid chargebacks and all the associated fees and reputation penalties.
Part of the problem is that not all countries have the same solutions, but credit/debit cards are an easy solution. In some countries that requires 2FA using a government issued ID. It's not 100% secure, people being people and doing stupid things, but it's better. If you're in the US, I don't know, it might not be better. If you can, ask your credit card processor to block cards that's not in the area you serve. E.g. we had huge success in blocking UK and US credit cards from our Scandinavian stores.
In Scandinavia there's also MobilePay, which is much much better, as it is also closely linked to real identities.
The problem with using credit/debit directly is that it requires the customer to trust you with their credit card number.
The nice thing about Paypal is I click the button and a window pops up that Firefox recognizes as coming from Paypal to autofill my login info, then Paypal confirms the payment info and gives the website just the payment info. With a credit card, even if you have a different payment processor with an icon next to it that says "secure", there's not actually any way for me to be sure at a glance that that isn't Stripe_Secure_Checkout_Confirmation.SVG and that you aren't just harvesting my credit card info, other than other contextual information on your website and your company's reputation as an actual company that does actual business in the real world.
> In Scandinavia there's also MobilePay, which is much much better, as it is also closely linked to real identities.
Don't forget vipps, I think it also works in Poland now in addition to various nordic countries.
2 replies →