[Noisebridge-discuss] Flattr micropayment system - possible revenue for Noisebridge?

travis+ml-noisebridge at subspacefield.org travis+ml-noisebridge at subspacefield.org
Thu Aug 19 06:34:19 UTC 2010 

Disclosure: Most of this is speculation on my part.

On Wed, Aug 18, 2010 at 10:37:56PM -0700, Andy Isaacson wrote:
> [BS]... Everyone I know who receives payments from more than 10
> people via Paypal has had their account frozen at least once.

I suspect the number of people who receive money from 10 or more
payees in a short period of time is small compared to the number of
total Paypal users, but yeah, that sounds annoying.

You must realize, though, that funnelling money from several accounts
to one is the MO of phishers and fraudsters - they siphon the money to
themselves, and so locking the destination of the money from any
withdrawal, not just the transfer flagged as possibly fraudulent - can
be sensible in stopping the bleeding.

Esp. since Paypal generally makes customers whole in the case of
fraud.  I had one person I know say that someone somehow got her CC#,
and opened a Paypal account, set the address to somewhere in Utah, and
ordered a bunch of stuff on Ebay.  When the gal noticed her CC bill,
she called Paypal's fraud department, and they checked the address,
saw it was in a different state, and reimbursed her.  She said it was
actually the easiest part of the process - her bank was actually much
harder to deal with.  So I suppose those are the tradeoffs - be
vigilant against fraud and reimburse people, or tell everyone fraud is
their own problem, and that Paypal isn't liable for it, you are.

People are gonna complain either way.  Just like on Ebay when someone
claims the other person shipped them a brick - no matter what policy
you choose, people are going to bitch and moan, someone's going to get
screwed, and to Paypal it's just a he-said, she-said situation.

> The rationale
> is never spelled out,

As mentioned before, they can't, or it's counterproductive.  Also see
later where I guess at how it's often very ad-hoc.

> If/when they finally unfreeze it, the reason for
> the freeze and the reason for the unfreeze is never provided; no
> guidance for avoiding red flags is ever given; answers to questions are
> almost always nonexistent and when provided are inconsistent with the
> facts and the CSRs previous statements; and apologies are never given.

Again, as mentioned before (you did RTFA, right?), they can't explain
themselves.  The anti-fraud algorithms derive some of their value from
being unknown, and being kinda ad-hoc.  The fraudsters routinely try
and transfer small amounts around to try and map out the rules.  See
later for an example.

Unfortunately, you, the honest customer, are now having to suffer the
security systems designed to thwart the Eastern European and other
adversaries who have far more information than you, and who figure out
said rules for a living.

> The CSRs claim that they have significant rulemaking latitude which they
> claim to (ab)use on a regular basis.

I don't know anything about that myself.  Seems doubtful that they're
very empowered, otherwise they'd likely be helping customers.

> Paypal's compliance department is incompetent, malicious, uncontrolled,
> untransparent, and probably underfunded.

Here's an example - perhaps they'll identify a fraud ring where
everyone has the same last name.  So now they go out and flag all the
accounts with that last name.  Or any account that trasnferred money
to/from one of those original accounts. Or anyone who shared the same
(phone number, email address, credit card number, IP address, and so
on) with one of those original accounts.  And every one of those
accounts remains frozen while they investigate the transaction history
and wait for fraud reports to come in.

Now how would you have "transparency" with that sort of policy without
tipping off the fraudsters to what you're actually doing?

Because, once they unfreeze them, if the money disappears from the
system, and the rightful owner declares it fraudulent, Paypal has to
pay it back to the rightful owner.

How long are these funds frozen?  I suspect that if it's for a long
time, the problem is actually that the fraud reports take 30-90 days
to come back from account holders.  I DID hear the fraud department
complaining about that on one occasion.  The banking system was really
designed about a few centuries ago and hasn't been updated much since.
Don't get me started on the ACH protocol...

> Please tell your insiders to
> fix it.  If they can't, I'd recommend you sell your stock.

Sounds like they should only freeze the funds that were transferred in
in the last 30-90 days; anything older than that should stay unlocked,
just like a bank holds an out-of-town check for 7 days, but doesn't
freeze your older funds.  I may make that suggestion.

Sounds like you should just xfer the money out every month or so.

Also, the more I think about it, the more it sounds like it's not a
bad idea to have a backup system, too, if you need a steady flow of
unfrozen money to pay bills.  Perhaps these guys?

http://www.moneybookers.com/app/
-- 
A Weapon of Mass Construction
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100818/b18fe84a/attachment-0001.sig>

More information about the Noisebridge-discuss mailing list