So today I tried to pay for goods using PayPal as I’ve done since 2001. My transaction was refused. It turns out there is a cumulative lifetime limit of $10k for using PayPal via a credit card. Who knew?

I use PayPal so that there is a proxy between my information and various vendors on line. The entire point is to have the CC vendor AND PayPal as levers should any issues arise.

PayPal wants me to submit my ACH routing information for my checking or savings account in order to become ‘verified’ and in turn, lift this arbitrary lifetime limit. Let me explain why I’m even writing this. There is NO way I’m submitting my ACH account information to an online vendor or anyone at all…period.

Years ago, I got into a dispute with a very disreputable RIM Blackberry CDPD based web access company. Basically a pager company that had web browsing on the original 957 Blackberry. I disputed the service with them, it was lousy and they basically told me to go scratch. I cancelled my account with them.

One mistake; I had set up a monthly auto debit from my checking account to make the bill pay easier. This company proceeded to file withdrawals from my account $40 at a time, attempting to basically run my account up to about $550 for the cost of the Blackberry. I’d told them I’d send it back, but they didn’t want it back. I never authorized them to charge me for it, but they went ahead pillaging my account anyway.

I only realized it happened (pre-internet banking) because they overdrafted my account and the bank put me into collections over a $150 or so overdraft…never even called me to ask about it. Once I caught up to the whole mess, the bank refused to do anything at all to get my money back and I wound up having to pay them all sorts of penalties on top of losing the money itself.

This made me wonder about the ACH system and I did some research into it. Years later I met a US Treasury agent and he explained the entire thing to me.

The ACH system (on the bottom of a check, the account number and routing number) that places like Telecheck or now, many online vendors use to debit your account (i.e. to PULL funds FROM your account vs you PUSHING funds TO them) is a very murky system. There is no authentication on this system. All someone has to do is actually posess your account number and the routing number and they can make a withdrawal. They don’t even need to know your name or any other bits of identity, they simply just need your two numbers. Posession of these numbers implies consent for account access. This is incredible and most people are not aware of this.

There is a tiny bit of protection on this system. Cases/complaints are handled by the Secret Service. However there is a tiny catch. The minimum dollar amount (I may be off a bit, but it’s still a ludicrously high number) for them to even take a complaint is $300,000.00. Can you guess what the number one most common dollar amount is for fraud on this system? Yup, $299,999.99.

This means that if you have $100k in your savings account, it’s completely fair game for anyone who gains access to your account. Nobody will even attempt to track this fraud down and the bank will not make good on fraud via the fed wire system.

The moral of this story is simply


If you want to configure bill pay etc, only configure it when you PUSH funds TO the vendor. Never allow an automated debit of any sort really as you are consenting to that party to have access to your account. At least with a normal credit card, you have some recourse if you have fraud along these lines. With your checking and savings account via the Fed wire system, you have NONE.

This will be my last PayPal transaction after 9 years of using them without any issues at all. What a pain in the ass this will be.

blog comments powered by Disqus


14 June 2010