Regulatory Reality

Aug 21 2012   2:21PM GMT

Has PayPal lost its collective mind?

David Schneier David Schneier Profile: David Schneier

I’m not much of a shopper.  I decide what it is I need/want to buy, assess the market place to determine quality and price and once I have a generally strong sense for both make a decision and move forward.  My wife on the other hand loves the constant trolling, scouring and scouting of just about any market and any product therein to find bargains, deals and steals.  So for her eBay has been among the happiest distractions ever.  She’s a bit of a night owl and after spending the first few decades of life being handcuffed by traditional store hours has found both eBay and the Internet to be the great equalizer.  And it’s difficult to think of eBay without also thinking of its most important business partner PayPal, an online payment processor that has for all intents and purposes revolutionalized the way we spend our money.

Our family has had a PayPal account almost since PayPal has offered them.  It’s remarkably convenient, it provides us great flexibility to shop online using a single payment source and I love that we’ve been able to change funding sources several times over the years.  It’s always conveyed a certain sense of security; I’ve just always felt safe using PayPal.  I’ve even gone so far as to suggest that at some point, if PayPal management grows things just right I could see a future state where paper currency and maybe even actual physical credit cards go away and are replaced by some version of their services.  When I discovered this past year that Home Depot already allows you to use PayPal to make in-store purchases I was convinced I was right.  Now I’m not so sure.

Over the past year or so I’ve been getting the occasional email ping from PayPal regarding our reaching a spending limit.  It’s a fairly high limit for most but considering that we’ve been using PayPal to make purchases going back nearly a decade maybe not as much.  But the message has been quite clear; if we didn’t verify our account before reaching this limit it would be ” the maximum amount of money you can send or use for purchases before you need to become Verified”.   So how you become verified is quite simple – either give up your bank account information or apply for a privately owned credit card.  No, seriously, those are the only two options.

My first thought was that although I liked having the protective layer of a credit card product buffering my PayPal account from my actual money I was okay with providing bank account information.  It’s not like I don’t use that in other places to make payments and so there wouldn’t be any enhanced risk by doing so again.  I wasn’t going to apply for a PayPal-based credit card because I don’t want one or need one and I wasn’t looking for a new credit source anyway, I just wanted to continue using PayPal.  I clicked on the option to provide my bank account information and after the initial screen where they ask for the routing and account details and clicking on “Submit” I was presented with a screen that I still can’t believe exists.  Right there before my eyes was a screen from PayPal in which they ask me to provide my online banking user-id and password so they can verify a series of PayPal generated payments thus confirming my banking details.  Let me repeat that one more time; PayPal asked me to provide them with my online banking user-id and password.

Has PayPal lost its collective mind?  Seriously, have they?

I was stunned, almost to the point where I couldn’t get coherent words to flow.  I immediately fired off an email to PayPal customer support asking them how they could do something so outrageous.  Within minutes I received an automatically generated reply which I always find insulting, as if though I’m not worth an actual intelligent and personal response.  It was a complete regurgitation of everything stated on their website and completely ignored the gist of my email.  I fired off a second email missive, this time way more specific.  Here’s what I wrote:

“How can you ask customers for their user-id and password for their online banking?  Surely this must be either a scam run by hackers and not a legitimate request by your company or a misunderstanding on my part.”
That was more than a week ago, they haven’t responded.
Let me just go right out there on that limb and state unequivocally that there is never any reasons whatsoever to share something as sensitive as your online banking user-id and password with anyone, ever!  PayPal needs to immediately revisit their business model and eliminate such an egregious requirement.  Seriously, what’s the point of doing what it is that I and my fellow practitioners do to make sure that PII and NPPI is being properly protected by financial institutions when one of the largest payment processors in the world is collecting the most sensitive of information?  They don’t need it, you shouldn’t be required to provide it and they should be forced to stop asking for it!  Shouldn’t this sort of thing be regulated by somebody?  Anybody?

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • abby56
    I was also asked to "verify my bank Account" NO WAY in hell I'm giving them that information! I also thought it was a hacker scam. I sent them an email stating this and am awaiting a response
    10 pointsBadges:
    report
  • ttttt11111
    After reaching the limit, I stopped using PayPal. Hopefully with new online payments, PayPal will suffer. Still can't believe they have the audacity to ask for my user name and password for my bank.  Just shocked.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: