PayPal Know Your Customer failure

By Jake Morrison in Products on Tue 02 January 2018

Applying for a merchant account so you can accept credit cards traditionally takes weeks. You meet with the bank, show them your financial statements, and explain your business. Then they make you an offer for e.g. 2.8% + $0.30 per transaction (plus other mystery fees that you find out about later). They may require you to keep money in your account at all times, or only pay you 30 days after your customer pays.

When we did our first SaaS product 12 years ago, our bank said, "Oh, you are doing business on the Internet, so you are in our 'high risk' category. We will charge 5% and you have to keep US$20K in your account." We were like, "Did you just tell me to go screw myself? I guess so."

The fundamental thing to understand is that because of consumer protection laws, if you fail to deliver, the bank is responsible for refunding the money to the customer. That makes them conservative.

Once you are approved, as long as your business matches what you described, you won't have problems unless you have an unusual number of returns or chargebacks. Eventually your volumes get higher, and you can renegotiate.

PayPal works differently. It's easy to get an account, you just sign up and start receiving money. It's a breath of fresh air. If their anti-fraud algorithms trigger for whatever reason, however, they lock your account and the review process starts. They ask you to explain what the money is, send them company documents, etc. The review is done at the end of the process, not the beginning, and it can get really ugly.

This has given PayPal a rocky reputation with entrepreneurs and startups. You hear horror stories about companies bumping along with a moderate amount of sales, then they get profiled in TechCrunch and PayPal shuts them down because of the "suspicious" increase in sales. They lock your money for as much as six months, and maybe just keep it forever. You are the collateral damage of PayPal's algorithms, and you can't get a human to fix it. They don't care, because it's a numbers game to them.

There are certain business that they won't accept, e.g. conference registration. There are other rules, e.g. you need to ship physical products immediately after getting the order. So if your supplier is out of stock and someone complains, you get shut down. Choosing PayPal because it's easy to get started ends up causing you a lot of trouble later.

When we did the PhD Movie sales site, we took this very seriously. Jorge was releasing a movie related to his popular PhD Comics. As soon as the announcement went out to his mailing list, we would have tens of thousands of people buying the movie immediately. Not only would the server need to handle the load, we were afraid that PayPal would shut us down. We would have an embarrassing customer experience and potentially lose the sales forever. Because of this, we implemented multiple payment processors. Fortunately things went off without a hitch, but it was nerve wracking.

Knowing Your Customer

The big story in banking these days is Know Your Customer (KYC) and Anti-Money Laundering (AML). Customers of ours like EMQ put a tremendous amount of work into getting it right. There are existential penalties from governments if they don't follow the regulations, but the process has the potential to give a really bad customer experience.

Recently all my banks have been upgrading their KYC and FATCA compliance, and I have been seeing the KYC process from the other side. As an American living in Taiwan, with company headquarters in Hong Kong, I am always a weird case.

My recent experience with PayPal shows how it can all go badly wrong.


When I signed up for our company PayPal account in 2009, it was uneventful. We started taking payments for our hosting business and software development projects. We used PayPal to make payments. We became a business verified user.

About two years ago, PayPal started sending me emails in simplified Chinese. Not my favorite thing, but the system was working.

About six months ago, our account was suddenly restricted, and we could only transfer out $2000 per month, about 25% of our normal amount. They required us to verify our account. We sent them documents and they released the restrictions.

About a month ago, things got serious. We were restricted again. I gave them all our documents, but there was a hitch. They didn't accept our address in Hong Kong, saying that we had to enter an address in China.

One entertaining point was entering my home address in Taiwan and getting an error about an invalid postal code. I had to enter it in a different format, as if I was sending a letter from China.

I called customer service multiple times to no avail. Their compliance team team doesn't talk to customers, and their customer service team has no power to do anything. They would say that they had sent messages to the compliance team, but I was still getting an email (or 10) every day telling me that I had to verify the account or it would be shut down. I uploaded more documents and got more form emails saying that the address was not in China. I asked the compliance team questions, but never got a human response.

Finally someone investigated, and told me that the company had been set up in China at the beginning. (I think that it was actually a data migration error at some point, but that's just a guess.)

He said that our address was in their system as:

Room 1005, Allied Kajima Building
138 Gloucester Road, Wanchai
Hong Kong SAR, China

Because it ends with China, we must be a Chinese company. But simultaneously, this address was not considered a Chinese company for purposes of compliance. Is Hong Kong part of China? Is Taiwan part of China? (These questions are above my pay grade.) We had a China PayPal account, not a Hong Kong PayPal account, and it is impossible to change it (Really? Errors cannot be corrected?).

Their only solution was for us to delete the account and create it again. That would leave us as a blank slate, though, with no history. The anti-fraud systems would inevitably kick in, our account would be limited, and we would not be able to use it to process our current payment volume.

Then the tune changed, and they said that we could submit a formal affidavit from a Chinese company describing their relationship with us. I asked them what kind of relationship they wanted: landlord, customer, vendor? Should I find a company in China and pay them $100 to write a letter saying that we are, ipso facto, their customer? If I am going to be making something up, what did they want? Is this really the way KYC is supposed to work?

They would say that someone would call me back and then not do it. They were unable to call Taiwan mobile phone numbers reliably, so they would register an unsuccessful "attempt" to call but not try again (the classic failure mode of working to get a task off their todo list without actually serving the customer).

Then someone investigated more and said that when I created the account I was in Taiwan (yes!). (It's good to record the IP address when users register.) But somehow I was supposed to have intentionally created it as a China company (nope). Classic "blame the customer" approach. Of course, if it was true, wouldn't it be KYC problem if they let me create an account in China? It should be a Taiwan account, if not a Hong Kong corporate account.

In the end they restricted our account again, and we are no longer a PayPal customer. Ironically, this was a pure Know Your Customer failure on their part. The information I provided them was complete, correct, and hasn't changed since the start. They just made a mistake somewhere in their systems, and were organizationally incapable of fixing it.

Often when you see incompetence like this, it's because it's in a company's business interest to be incompetent. Not in this case, though, as they lose hundreds of dollars a month in fees. We set up wire transfer agreements with our big vendors, saving us money.


We may think of PayPal as not having a physical location, they live "on the Internet". This experience shows clearly, though, that PayPal is subject to the rules of different countries, but unable to deal with the real complexity of international users.

There is a big opportunity for startups to use cryptocurrencies to handle payments in a fundamentally better way. They can compete on service, dealing with country-specific KYC and fiat currency issues. It can certainly be done with a better customer experience than PayPal.