There Goes PayPal As A Money Laundering Tool

from the for-those-of-you-who-do-that-sort-of-thing dept

Not that any of you would be using PayPal to stash cash overseas to hide it from the IRS, but if you were doing so… you might want to look for an alternative. We had noted last year that PayPal might be cooperating with the IRS, but apparently they were resisting at least some aspects of the requests from the IRS and the Department of Justice. However, a court has now ruled that the IRS has every right to investigate potential tax cheats using PayPal by requiring the company to turn over data on users who have credit cards from certain “tax haven” countries. It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “There Goes PayPal As A Money Laundering Tool”

Subscribe: RSS Leave a comment
Mike says:


“It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work.”

That’s the understatement of the year. PayPal is eBay, the same eBay who forks over user data (including passwords) when it receives a simple fax asking for it:

Now that’s Tech Dirt !

discojohnson says:

Re: Re: You are wrong

No, you’re dead wrong. How about instead of believing everything you read on a website that is anti-[insert company here], read what the policy is. People like you blindly forward hoax emails and take them as the truth (go check out snopes
before you do that again). I present for your reading pleasure:

We may also share your personal information with:

law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity; (In such events we will disclose name, city, state, telephone number, email address, User ID history, fraud complaints, and bidding and listing history.)

this is from ebay’s privacy policy

Professor Highbrow says:

Not much to debate here...

No grounds to argue! Ebay = PayPal. Who are the idiots that thought that they could avoid the IRS? As certain to fail as cheating death…

sorry, Grim Reaper, but I transferred my life to an offshore account. I sold my soul on Ebay and they paid via PayPal.

Then, I transferred the funds to the Prince in Nigeria that keeps sending me those emails asking for my account number so that he can get his millions of dollars transferred to US dollars. He said he’d gimme 10% or something.

John says:

Thats if paypal doesnt steal it from you first

Back a while ago I had quite a bit of money in paypal for selling things online, then one day my account was suspended. They never gave me a solid reason, but sure liked to take my money.

Point being, sure you can hide money from the IRS there I assume, but you also run a good chance of paypal taking it for no reason.

Luke (user link) says:


Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack. They do not HAVE the password you idiot. It is hashed before it is stored in the DB.

Yes, I know this for an absolute positive fact, had to work on the shit long enough.

#1 lol, they have a database management program, which doesnt display in code, but actually enables to search by username.

#2 Yes it displays an encoded password. But any idiot can see by looking at the password (encoded) as to which encoding was used and search google for a decoder, I use them alot for lost passwords on a system I am still developing.

Randy says:

Learn cryptography

It is clear none of you debating me understand the concept of a one-way hash. No, it is NOT possible for eBay to provide the original password; same with Paypal. This is why you cannot get them to send you your password; they can only reset your password. Have you noticed other places, that are even less secure, such as E*Trade, do the same?

This is also part of Sorbanes Oxley requirements. Welcome to computer science 101.

Even knowing the key, finding any set of characters that hashes to the same value is incredibly difficult (read: computing years of time).

Andy says:

Re: Learn cryptography

Randy is quite right – for a lowdown on the difficulty of brute-forcing a one-way hash, check out the link below, using MD5 as an example:

To quote the article:

“To find such message (assuming it exists) it would take a machine that could try 1,000,000,000 messages per second about 1.07 times 1022 years. (To find m would require the same amount of time.) ”

If you’re able to decrypt such a cipher it’s usually because there is a particular weakness in the algorithm, or because you are in possession of information that will give you an edge. Either way:

1) Why would eBay waste their time cracking a password when they can change it?

2) We can safely assume that a company making the money eBay does has invested funds in ensuring a secure solution for user passwords.

Randy says:


I don’t care what the article says. I also read an article that the holocaust never happened, and another article about santa claus. I am telling you nothing more than a hard cold fact that is indisputable.

Ebay can CHANGE your password, even to something they know… but they cannot provide the password you chose. That is a physical impossibility.

Mike says:

Re: JL

“I don’t care what the article says…Ebay can CHANGE your password, even to something they know… but they cannot provide the password you chose.”

The contention is that eBay will provide law enforcement with a password to access accounts. Who said anything about the original password? Btw, that’s the eBay head of security quoted in TFA.

JL (user link) says:

Re: JL

First off, my comment was not at all geared towards you so I have no idea why your so enraged in a response towards me. I was simply trying to explain what your average hash is to Ragz.

Second, let’s take a look at what I said shall we?

“A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.

If you have the key that encrypts the password, it’s usually possible to unencrypt it.”

Note the word usually in my last sentence. I by no means meant 100% of the time you can reverse a hash, or was I attempting to slander anything you said. Ebay and Paypal very easily could have an algorithim that is very hard to unencrypt.

Next time try to read a bit more carefully before you blow your hot head around and relate a simple explanation to things like an article denying the Holocaust…

Brad says:

Crypto & Policy

Yes, A one way hash is called a “One-Way Hash” for a reason. However there are other ways to “crack” a password… brute force, etc. which don’t really matter what method is used to encrypt it.

Also any customer service employee who feels like breaking policy can change the password of anyone’s account at anytime they choose, login & get any info they want. But if that’s what you are arguing, then all I can say is that you should never conduct any money transaction over the internet b/c every company you do business with can do the same.

ezra burgoyne (user link) says:

just wow

wow, just wow.
i see everyone’s drawn out their e-peens for this.

of course they can give law enforcement access to anyone’s records by resetting the password or using special authentication for flagged accounts like a one time pass or a “master key” law enforcement can use on flagged accounts. jesus christ, are you guys that dumb enough to spend 293840 comments trying to show off your knowledge about hash functions and cracking md5, 3des, etc when it doesn’t matter? apparently so. even if mention was made in an article about transmitting of a user’s “original password”, it’s probably just an easy way for a journalist to explain the process of giving a third party access to someone’s account records.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...