PayPal Blocks Purchases Of Tardigrade Merchandise For Potentially Violating US Sanctions Laws

from the water-bears-are-the-new-WMDs dept

Moderation at scale is impossible. And yet, you’d still hope we’d get better moderation than this, despite all the problems inherent in policing millions of transactions.

Archie McPhee — seller of all things weird and wonderful — recently tried promoting its “tardigrade” line of goods only to find out PayPal users couldn’t purchase them. Tardigrades are the official name for microscopic creatures known colloquially as “water bears.” Harmless enough, except PayPal blocked the transaction and sent this unhelpful response:

If you can’t read/see the tweet and the screenshot, here’s what it says:

Just an FYI that @PayPal is currently blocking all transactions containing the word “tardigrade” in the product name or description. We’ve contacted them and they told us we should just stop using the word tardigrade.

And PayPal’s response:

Every transaction that goes through our system, is reviewed by our internal security team. Certain words can trigger our security system. Unfortunately, this cannot be overridden. I would advise you to change the wording on your website to prevent this from happening.

PayPal’s size demands the use of automated moderation. But this outcome seems inexplicable. It says the “internal security team” manually reviewed the block… and decided to keep it in place anyway. What’s the point of having a “security team” if they can’t override the algorithm’s decision?

Then there’s the question as to why “tardigrade” is blocked in the first place. It’s the official name for a particularly hardy micro-animal found all over the world. Early speculation centered on the Scunthorpe Problem, suggesting PayPal blocks transactions involving forms of the word “retarded.”

But it appears to be even more ridiculous than that. Tim Ellis at GeekWire received this explanation from PayPal:

A PayPal representative put the blame on the US government’s Office of Foreign Assets Control (OFAC) sanctions, which contain an entry for an industrial supply company called “Tardigrade Limited” located in the country of Cyprus. According to PayPal, the word “tardigrade” triggered a manual review process because their system determined that the payments “may potentially violate US sanction laws.”

Customers have a Balkan arms dealer to blame for their inability to purchase tardigrade goods.

Slobodan Tesic (Tesic) was identified in the annex of E.O. 13818 on December 21, 2017. At the time of his designation, Tesic was among the biggest dealers of arms and munitions in the Balkans, spending nearly a decade on the United Nations (UN) Travel Ban List for violating UN sanctions against arms exports to Liberia.


Tesic also utilized Cyprus-based Tardigrade Limited (Tardigrade) to conduct business in third-party countries, particularly Arab and African countries. Tesic has also used his Serbian companies to sign contracts with Tardigrade before selling the goods to a final buyer.

So, “tardigrade” is flagged by the system as indicative of sanctions violations. But there’s that term again: “manual review.” Is it impossible for reviewers to distinguish between arms sales through third parties and these?

Now, it could be the manual review team didn’t want to end up on the wrong side of sanctions and felt safer blocking transactions than possibly allowing an arms dealer to launder money through the sale of adorable water bear products. Or it could be the manual “review” consists of scrolling through a list of flagged items as quickly as possible and hitting the “approve all” button. Whatever it is, it ain’t working. And Archie McPhee isn’t the first retailer to run into this problem. Two months ago, Two Photon Art noted it had to rename its Tardigrade pin to “Water Bear Enamel Pin” to allow PayPal users to purchase it.

Erring on the side of caution seems like the smart thing to do. But when the term “manual review” accompanies “automated process,” you’d think manual reviewers would see these errors for what they are, rather than allow the blocking to continue. It appears PayPal is doing a little more manual review for tardigrade-related purchases now that it’s gone a bit viral, with customers experiencing delays rather than being hit with warnings their purchases have violated PayPal policies.

The upshot is stuff like this will only become more common as time goes on. The more pressure that’s placed on tech companies to aggressively police content, the greater the chance harmless content will be rendered inaccessible. It’s not that companies shouldn’t make efforts to keep their sites free of illegal content and whatever the companies would rather not see on their sites, but automated moderation will always create issues like these. And there just aren’t enough manual reviewers available to clean up algorithmic mistakes.

Filed Under: , , ,
Companies: paypal

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “PayPal Blocks Purchases Of Tardigrade Merchandise For Potentially Violating US Sanctions Laws”

Subscribe: RSS Leave a comment
TKnarr (profile) says:

The problem is likely that this involves the OFAC lists. The government’s rules about those are pretty strict and not very sensible. If the OFAC servers return a hit, PayPal likely doesn’t have the option of second-guessing it. By the same token, though, PayPal shouldn’t properly be running the name/description of merchandise items through the OFAC query process. The name of the purchaser, yes, possibly the name of the supplier or manufacturer if known, but not item names/descriptions.

Anonymous Coward says:

Re: Re:

The problem is likely that this involves the OFAC lists. The government’s rules about those are pretty strict and not very sensible. If the OFAC servers return a hit, PayPal likely doesn’t have the option of second-guessing it.

It’s entirely up to PayPal to determine how they choose to implement filtering for OFAC matches. The government does not have any specific requirements.

Therefore, PayPal absolutely can second-guess and override any automated filtering hits. They’d just bear the responsibility if they screwed up and let something pass that they shouldn’t.

Source: I used to work for a website hosting company and one of my responsibilities was reviewing automated OFAC hits for accuracy. Our developers were involved in extensive discussions with OFAC on how our filters should work.

PaulT (profile) says:

Re: Re: Re:

"They’d just bear the responsibility if they screwed up and let something pass that they shouldn’t."

That’s likely why this is failing. PayPal are a large target for both government and criminals. When push comes to shove, what decision are they most likely to make – a decision that allows small artists to sell cheap novelty items but opens up a small possibility that it’s just a cover for something that leaves them in violation, or a decision that causes the little guy to suffer but causes them no actual damage themselves?

Anonymous Coward says:

Re: Re:

Pretty sure that’s it. Banks and payment processors are required to scan cross-border payments against the OFAC list. Many banks will do this for domestic payments, too, and even for non-monetary messages exchanged over payments networks. Other countries have similar lists. The penalties are also severe, as in up to “your CEO is going to jail.” Deutsche Bank was fines $258M a couple of years ago, but they were actively circumventing the system.

Commercial software for doing these scans generally use pretty broad text matching logic—you can’t just check the sender/receiver name. Add to this the fact that the lists are pretty big and generic and you end up getting a LOT of false positives. Banks are happy to manually review false positives for multi-million dollar wire payments. For millions of $9.95 transactions this would be impractical.

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: Yikes.

Makes me wonder what if bad people can exploit this by simply avoiding such keywords.

Like exactly all the people doing something which is in fact illegal. This is one of those DRM-type problems, where you don’t affect the intended targets, just normal people trying to do normal daily things.

This comment has been deemed funny by the community.
Anonymous Coward says:

Just think how many deaths have been prevented by forcing terrorists, druglords, earbud smugglers, and other existential threats to civilization to FILL OUT FALSE BILLS OF LADING when they import their weapons of mass incivility!

"Have you anything to declare?"

"Only a dozen vials of Sar–um–WARFARin and a tac-PRACtical fiss-FRISSonal device."

"What’s ‘frisson’?"

"Oh, it’s a kind of hair curler."

"NOT SO FAST, my fine furtive friend! Do those vials have … ROUND CORNERS?"

"It’s a fair cop, gov."

Samuel Abram (profile) says:

Re: The Really Amazing Thing

Let’s be real, Cryptocurrency has its problems too, such as volatile fluctuations in value and shady and/or clueless people involved in it (if you don’t think the latter is problematic, I subscribed to a bitcoin mailing list who didn’t even figure out how to BCC and then everybody knew my email address. Why should I deal with such people?)

crade (profile) says:

"you’d think manual reviewers would see these errors for what they are, rather than allow the blocking to continue"

They clearly explained that the keyword triggers can’t be overridden. (which is dumb, sure, but no need to pretend it’s not there). There is no contradiction, they never said the purpose of the manual review was for overriding the keyword trigger and there is plenty of other things they could be using the review for.

The result of the manual review here may just have been that they told them they can remove the keyword instead of reporting them for sanctions violations.

Paypal had to settle for sanctions violations with the U.S. government several years ago who knows what ridiculous terms they had to agree to.

bob says:

PayPal was right

PayPal was right to block this sale. Just imagine if you tossed over the cube wall a tardigrade hand grenade stress ball, that might surprise someone.

Do you realize how dangerous for others it would be if you cut the lights and used the glow in the dark night vision finger puppets to ambush your coworkers?

Sure office warfare will be set back a few years but at least you won’t be hit with the chemical attack tardigrade air freshener. Do you even realize how powerful the water bear scent is?

PayPal is just looking out for all the office victims that can’t compete with only their aincent Nerf technology.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...