PayPal Offers $150,000 In Developer Challenge

blackbearnh writes "As previously reported on Slashdot, PayPal recently released a series of new APIs that allow developers to embed PayPal into their web sites and applications without requiring the user to go to the PayPal web site to complete the transaction. To encourage developers to use these new APIs, PayPal is offering two prizes totaling $150,000 for interesting new applications. The entry deadline to register ideas is December 16th, and O'Reilly has an interview with the director of the PayPal Developer Network that covers the details of the contest. In it, Naveed Anwar talks about why PayPal is throwing money at developers. 'When Facebook opened up their platform, it allowed people to work in that particular environment, in the Facebook environment. When the iPhone opened up their platform, they allowed people to work in their environment which was build the applications on the iPhone. When PayPal was looking at opening up its platform, we are not limited by one particular area. We go into the enterprises. We go into social networking. We go into all the places where payment as a solution is needed. And if we can actually reduce that barrier of entry — because at the end of the day, when anyone is building out a business and anyone is building out an application, they're looking at ways of monetizing it.'"

Lame way to underpay.

[phantomcircuit]

This is nothing more than a ploy to significantly underpay for an enormous number of applications.

Not to mention that their new API just turns paypal into a processing center.

Re:Lame way to underpay.

[Monkeedude1212]

I wouldn't consider it a ploy at all. Essentially this is what Developers and Producers have wanted from PayPal for a LONG time. There are ways to store your paypal account info in other services (Steam comes to mind) but you always had to go to the paypal site to complete the transaction.

Paypal has never been anything but a processing center. All it ever did was hold your bank accounts and Credit cards online so that you don't have to enter that number in more than one place on the internet. All it ever did was keep the #'s secure, in a sort of "I'll give paypal my money if paypal pays for the product" - thus you only ever have to trust 1 person online. If you ever thought it was anything different, you were sadly mistaken.

Anyways, this is good, it's kind of a "Here's what you asked for" and a little kicker to make sure the rest of the world knows, to help it take off quicker.

Re:Lame way to underpay.

[phantomcircuit]

Paypal has never been anything but a processing center. All it ever did was hold your bank accounts and Credit cards online so that you don't have to enter that number in more than one place on the internet. All it ever did was keep the #'s secure, in a sort of "I'll give paypal my money if paypal pays for the product" - thus you only ever have to trust 1 person online. If you ever thought it was anything different, you were sadly mistaken.

This new API completely removes that benefit. this makes it so that any paypal merchant can randomly charge whatever they want to my account. Previously I would have had to explicitly approve the transaction.

Re:

[Monkeedude1212]

Right - and you will STILL have that option.

They are simply making it more convenient for those who do not want to have to explicitly approve each and every transaction. Specifically subscription based items, Like World of Warcraft, Lottery Tickets, online Poker, etc etc.

Re:Lame way to underpay.

[Grishnakh]

After hearing so many stories about PayPal requiring people to sign away rights like credit card chargebacks,

You can still do a charge-back to Paypal if you paid with a CC. Of course, PP will probably cancel your account if you do that, but that's why you shouldn't trust your PP account too much, and just use it for buying shit on Ebay. If you need to rely on it more than that, then open multiple Paypal accounts; use one for selling, one for buying, etc. That way, if PP closes one, you'll still have the other one.

and their allegedly arbitrary process of deciding without warning and without due process that you're committing "fradulent" activities, which of course entitles them to take the money from your account or freeze it

Yes, this is why you should NEVER link Paypal to your main bank account. That's just stupid. Instead, have a separate bank account (at a different bank or credit union even), and link your PP account to that. Never keep any substantial amount of money there; just use it as a place to move money to/from your Paypal account. For instance, if you sell a lot of stuff, have a single PP account just for selling, and link that to an empty bank account. Periodically (every few hundred $$$ or so), transfer money from your PP account to the bank account, then withdraw it (in person or by check, whatever's easier) and move it to your main account that way. Don't give PP a path to your main store of funds, that's just asking for trouble.

PAYPAL IS FOR ***.

I won't comment on that, but anyone that trusts PP too much is asking for trouble IMO. However, it is pretty much a "necessary evil" for a lot of online transactions. I have my own little web store I sell some widgets on, and PP is the only realistic way to get money from people all over the world without asking them to send me money orders, which would result in very few sales, or having to pay thousands of $$$ to set up a credit card merchant account (these fees are probably more money than I've made selling my little widgets). It's entirely possible to use PP and set yourself up so that you're protected in case they try to screw you over.

Re:

[concept14]

anyone that trusts PP too much is asking for trouble IMO.... It's entirely possible to use PP and set yourself up so that you're protected in case they try to screw you over.

I agree with all the facts you set forth, but the way you present them sounds too much like blaming the victim.

Re:

[Grishnakh]

I'm not blaming the victim at all, but you do have to realize that when Paypal gets entangled with your main bank account, that's a BIG vulnerability, and there's been lots of horror stories involving Paypal stealing money from someone's account over a dispute or whatever. A prudent person recognizes risks, and takes steps to avoid them; I just suggested some steps to avoid excessive risk when dealing with Paypal. They can't suck money out of an account if there's no money there.

Re:

[mweather]

I've had a recurring subscription for years using Paypal. I've never had to explicitly approve each and every transaction. I approved it once, and it keeps charging me.

I'm waiting for this to seem like a problem.

[argent]

Paypal has never been anything but a processing center. All it ever did was hold your bank accounts and Credit cards online so that you don't have to enter that number in more than one place on the internet. All it ever did was keep the #'s secure, in a sort of "I'll give paypal my money if paypal pays for the product" - thus you only ever have to trust 1 person online. If you ever thought it was anything different, you were sadly mistaken.

I'm waiting for "All it ever did was keep the #'s secure" and "you o

Re:

[maxume]

The bad part was that it was Paypal that you had to trust. From where I sit, they didn't have anything to throw away.

Re:

[argent]

You win one (1) lol. I'd still rather trust one Paypal than forty Paypals, which is what they want me to do now.

Re:

[fulldecent]

>> I'm waiting for "All it ever did was keep the #'s secure" and "you only ever have to trust 1 person online" to seem like a BAD thing. I mean, there has to be a problem with that for them to be throwing that way. Maybe you can explain it to me.

I'll explain. Imagine using Pandora or Lala or whatever kids use these days to listen to music. You like some very obscure artist, and want to buy the (physical) CD online. To buy the CD you can:

a) Give your email address (and wait for that confirmation email)

Re:

[argent]

a) Give your email address (and wait for that confirmation email), credit card, & password
b) Click "buy with paypal"

In the first case I am giving Panlala information that they can use to charge me late fees if I don't ship the mp3 back to them by the end of the week.

In the second case I'm giving Panlala precisely what I've entered on the Paypal site, no more, no less.

In the new scheme I'm giving Panlala information that they can use to charge me late fees if I don't ship the mp3 back to them by the end

Re:

[nospam007]

"Paypal has never been anything but a processing center. "

Actually it's a bank located in Luxembourg since a couple of years.

http://www.businessweek.com/technology/content/jun2007/tc20070614_606853.htm?chan=technology_technology+index+page_top+stories [businessweek.com]

MOD THIS UP - PAYPAL IS NOT A BANK IN THE US

[TheTyrannyOfForcedRe]

"Paypal has never been anything but a processing center. "

Actually it's a bank located in Luxembourg since a couple of years.

http://www.businessweek.com/technology/content/jun2007/tc20070614_606853.htm?chan=technology_technology+index+page_top+stories

Wrong! Paypal is only a bank for European customers. Here's an exact quote from the article you linked to "PayPal is not regulated as a bank in the U.S."

Re:

[j00r0m4nc3r]

PayPal is not regulated as a bank in the U.S.

That's even worse...

Re:Lame way to underpay.

[Abreu]

Nah, the real problem is that, even if you "win the Challenge" you will win a Paypal account with $150,000usd

...which will be promptly frozen for an imaginary reason

What?

[bcmm]

From TFA:

When the iPhone opened up their platform

What? Grammar aside, if that's true, it's rather more newsworthy than this somewhat confused story,

Wait...

[clone53421]

Entering my PayPal login details on some random webpage, without even the convenience of being able to verify the https://www.paypal.com/ [paypal.com] in the address bar?

Phishing begins in 3... 2... 1...

Re:

[Monkeedude1212]

It makes no difference. Either you can trust the site or not. I mean if you go through a transaction with them after logging into to Paypal does it really make a difference? Paypal sends you an email for each purchase, and if it's not right you can respond immediately. You can change your password if you suspect the site of phishing.

Any site I'll be entering my Paypal Info will have an SSL of its own that I have to login with different details.

Re:Wait...

[Lumpy]

Which is why the current paypal system works better. I dont have to buy a Security certificate for my web store. you order your crap and buy it on my non-secure site, and when it needs to be secure, it drops you to paypal where you verify the amount and click on "yes, send the money"

I have ZERO interest in using their new system if it will cost me more money by having to buy a cert I really do not need.

Re:

[nametaken]

Certs are cheap. You'll more than make that money back when people like me don't avoid you anymore. As it stands a PayPal logo says, "GO AWAY!" to a lot of people.

Re:

[WillDraven]

I suspect this API's TOS requires a "Powered by PayPal" logo or similar on your site, so I doubt it'll help much.

Re:Wait...

[spottedkangaroo]

Wow, is the above wrong... even if the site is "trustworthy" today and they ship the product, they shouldn't be collecting your password. They could then use that to buy some cool shit from walmart.com two years later and you'd have no idea what happened and not even have the simple protections your regular old visa card offers. I suspect the paypal API uses OAuth or some kind of token system or else it'd be totally crazy.

Re:

[Monkeedude1212]

I think the point you are missing is that this is not replacing the old system: it is an addition. You can still use paypal EXACTLY how it was before, completely secure and all that.

This is merely allowing Paypal to do subscription based services without explicitly requiring a user "Yes" every single month. Before now you HAD to enter your credit card to these websites, websites you could deem insecure. Websites that would steal your credit card info as easily as they would steal your paypal username and pa

Re:

[j00r0m4nc3r]

Seriously, anyone who thinks this is a bad news for Paypal doesn't understand the system.

You're right. It's good news for Paypal. But it's bad news for everyone else...

Re:

[spottedkangaroo]

You still don't get it. I would much rather give a shady company my credit card number than my paypal password. With my paypal password they can make authenticated purchases as me and there's nothing I can really do about it and my credit card protections won't really apply. However if they misuse the credit card number, I'm not responsible for any purchases the assholes make and the ccard company will locate the guy and have him arrested -- all while I'm sleeping.

Again, there's no possible way paypal

Re:

[clone53421]

It makes no difference. Either you can trust the site or not.

It most definitely does make a difference, and that difference is simple.

The PayPal site says “ABC is charging you $y. Okay?”, and I can contest the payment if they don’t deliver.

By contrast, if ABC phished my PayPal e-mail and password I’ll probably have $0.00 in my account next time I log in.

Re:

[0xygen]

Of course it makes a difference. You are potentially allowing the site to take as much as they like from your account, whereas by instead logging into the PayPal page, the merchant never has to even know what method you use to authenticate with PayPal and will only provide the amount of funds shown on the payment confirmation page to the merchant.

With the second method, there is no requirement to trust the merchant with anything more than the value of the single transaction, your name and your delivery addr

Re:

[HuckleCom]

www.paypalc.com

Re:

[MathiasRav]

Congratulations! Your idea has netted you $150 000. But let's not tell PayPal, okay?

Re:

[clone53421]

Sweet! Hold on, let me find my account number and PIN...

Re:

[Anonymous Coward]

The only reason I use paypal is because I don't trust the website I am on with my credit card. Now I have to log into that site and expose my credentials to that untrusted site. No thank you.

For paypal this could be great. Customer finds their bank account emptied and paypal will point fingers at the website they logged into. They are just transferring liability with this imo.

Re:

[felipekk]

Actually, the phishing exists because the user HAS to check the address and fails at doing so. If we skip that step, it becomes safer.

Or do you really believe they would develop something less secure?

Re:

[arose]

Or do you really believe they would develop something less secure?

It's not a matter of belief. Those who are paying attention know this is worse.

Re:

[Hurricane78]

Exactly my thoughts when I heard this. I once implemented half a dozen pretty different payment APIs into a web page.
There are only two ways to make this secure:

1. Direct the user to PayPal, and then let PayPal direct him back, sending a special encrypted session id and/or data forth and back.
2. Embedding a Java applet in the page, which has a certificate, and so can communicate directly with PayPal (encrypted) and your server (also encrypted). Then call a Javascript function, to load the next page, where,

Re:

[clone53421]

I prefer the first variant though, because...

It also lets you verify the address bar. The Java applet, though secure, does not. If a phishing site builds a Java applet to mimic the secure one, you have no way of detecting it short of viewing the source of the page in question.

Re:

[Dokterdok]

This would also certainly lower the bank administrative fees that I always have to pay in advance to my Nigerian business partners!

Re:

[mweather]

You do know Paypal's SSL cert has been compromised for some time now, right?

Re:

[clone53421]

If you’re referring to this [slashdot.org] — well, I use Firefox.

Re:

[mgblst]

Yeah, but most people don't even understand what you just said, and those are the big spenders anyway.

Now you can finally pay for a lapdance

[antifoidulus]

by sticking your cell phone into the strippers ass. Thats pretty much the only useful thing I can think of.

Re:

[Jello B.]

I was mocking his signature.

twittering your wealth away

[hAckz0r]

I can just see it now.... You will even be able to "twitter" your money away. Well they "twitter" about everything else in life, why not how much you spend or how much you make? Sounds like a really dumb idea, so I wonder how long before someone actually implements it?

Re:

[rudy_wayne]

There are literally billions of dollars waiting to be spent in increments as low as fractions of a cent at a time, and yet the infrastructure and fee systems are keeping that commerce from taking place.

Infrastructure costs money. Today you can go anywhere - to a store or on the internet - and purchase something with a credit card and the tranaction will be approved in a matter of seconds. It took many years and LOTS of money to create that infrastructure.

And that's the problem with transactions involv

How to monetize this feature

[halcyon1234]

Call it a feature that lowers bandwidth costs by reducing overhead incurred by page redirects

Give it away for free for 6 months, then charge a 0.5% convenience fee on all transactions.

For fun, in 1 year, start charging a 0.5% legacy implementation fee on all old-style transactions.

There you go. Where's my $150k?

PayPal is a scam, should be regulated, FTC asleap

[lanner]

PayPal operates like, and should be regulated like, a bank. The way they have treated their customers, like me, and many, many, many others, should be a warning to all; You can't afford to do business with PayPal. They will seize your money, and when they do, it will be months before you see a resolution. The horror stories are true: I know, I have mine.

Re:PayPal is a scam

[Animats]

Mod parent up. PayPal needs to become a regulated bank. Until then, take your business elsewhere, to sites that accept credit cards. If someone can't qualify for a merchant account, you probably don't want to deal with them anyway.

Re:

[Token_Internet_Girl]

Like Ebay? Since they only accept PayPal now, and no other form of payment.

Re:

[fulldecent]

>> PayPal needs to become a regulated bank. Until then, take your business elsewhere, to sites that accept credit cards. If someone can't qualify for a merchant account, you probably don't want to deal with them anyway.

You are confusing things. PayPal is fine for the buyer, and is usually better that creating another account to buy one time something.

For the seller, they are terrible^4. This is why Google Checkout is taking over.

I buy things from Google Products all the time. As a buyer, there is a lo

Re:

[Zerimar]

Google's Checkout is a failure, much like most every other Google product other than search. Now that Google Checkout is the same price (or in some cases, more expensive) than PayPal, yet less feature rich, I assume it will just disappear in time like every other PayPal challenger.

Re:

[Anonymous Coward]

Paypal in the EU is a regulated bank, registered as such in Luxembourg: Daily Telegraph article [telegraph.co.uk]

Re:

[alen]

i agree that paypal needs to be regulated, but most problems are people not following the instructions. like when you accept payment make sure it's only from verified people and send only to confirmed addresses. and use a tracking #, insurance and signature confirmation for expensive items. the #1 rule is only send to confirmed addresses. i haven't sold on ebay for a long time but my rule was anything over $15 or $25 had to go to a confirmed address. my auction stated that all paypal payments had to be sent

Re:

[vanyel]

I agree: while they should perhaps have some limited regulation, I've been using them for nearly as long as they've been around without any problem, for both personal and business. A really big plus is that I don't have to have the responsibility of dealing with credit card security. I would *never* enter paypal credentials into a random web site, but haven't looked at the new api yet to see if that's really what they're doing. It would be really stupid for them to do that. I'd venture to guess that fra

Re:

[tvjunky]

I don't know about the US, but in Europe PayPal's User Agreement [paypal.com] says that it is "licensed as a Luxembourg credit institution". Also I don't really get where all the hate for PayPal comes from.
Yes I read a dozen times that they froze the account of SomethingAwful or some loud-mouthed bloggers under dubious circumstances, but for me it always worked just fine. Actually I really like PayPal because it allows me to send a seller money that is instantly credited to his account, without trust issues on either si

Re:

[Xtravar]

I got a warning from PayPal saying that I am getting close to my 'send limit'. I've been using it for probably 6 - 8 years now, and now they're telling me I have to 'confirm' my identity in order to continue using their service. Confirmation requires me 1. giving them my bank account number or 2. getting a PayPal credit card.

Why the fuck would I want to do that? And if it really is for security purposes, why can't I just fax my driver's license?

Re:

[cyberfunkr]

People keep crying "Oh noes! PayPal seezees my monies!" Why the hell do you leave money in there?

Once a week, transfer everything out of PayPal to your real bank; you know, the one regulated by the FDIC, has potential to earn interest, and you use to pay all your bills.

So, you take a fee-hit every time you do so. Either suck it up, buttercup and consider it a business expense --OR-- figure out how much you would spend on a real Merchant Account so you can accept credit cards, plus the time, energy, and reso

Re:

[mweather]

At my store, about 1 in 100 use Paypal if given the choice. You're losing out on a lot of business if you don't accept credit cards. Try authorize.net or if you want to stick to Paypal, Payflow. Paypal is fine for a hobby business, but if you're trying to make a living, you need to take plastic.

Re:

[Qzukk]

It's probably paypal's last attempt at getting someone to care. They're probably just now realizing that the winner of this thing is going to be some incredibly boring shopping cart script written in PHP because it's going to be the only entry.