PayPal knows what I'm doing...and doesn't care?

As my readers know, back in August while I was still overseas, both my business and personal PayPal accounts were frozen. A few weeks later both accounts were restored.

In the intervening period, while my accounts were "limited," I filed a report with the Consumer Financial Protection Bureau, asking for my accounts to be reopened and/or for PayPal to return my account balance to my funding account. A few days ago, I received an e-mail from the CFPB, saying:

We wanted to let you know that the company responded to your complaint.

After creating an account and logging in, I was able to view PayPal's response to my complaint, which I found truly remarkable. For that reason, I want to share it here. 

The response opened with some standard boilerplate:

Explanation of closure 
Please understand that even though we always aim at processing all transactions immediately, we still have to take security measures to protect all our users.  
We offer you our sincerest apologies for any difficulties you may have encountered while using our services. We value you as a customer and want you to continue using our services for years to come. Please feel free to contact me if you have any questions or concerns or if I can be of further assistance to you.

Fair enough. The second section started to get a little more specific:

Your [sic] transferred $xxx.xx from your personal PayPal account to your business PayPal account and complain that the funds were unavailable and your account access was limited.  
At the onset it’s important to note that PayPal has taken the action you requested and restored your account access and the $xxx.xx payment amount was returned to your balance.  On August 16, 2013, you withdrew the $xxx.xx to your bank account ending in xxx7.

Then it started to get really weird:

On [date], you created a Business PayPal account and on [date], you created a personal PayPal account.  Each time you created these accounts, you agreed to PayPal’s online User Agreement (“User Agreement”).
On August 6, 2013, you sent a payment of $xxx.xx from your personal PayPal account to your Business PayPal account.  This transaction triggered our transaction monitoring tools and we placed the payment on a temporary hold so we could conduct an internal security review to verify the legitimacy of the payment.... 
...The User Agreement permits PayPal to place a payment on hold when we “…believe there may be a high level of risk associated with you, your Account, or any or all of your transactions…”  User Agreement at Section 10.5.  In determining that a high level of risk existed with this payment, PayPal carefully considered a number of factors that when viewed together, indicated in PayPal’s reasonable determination that such a high risk existed.  The following risk factors were identified:
- Inconsistent login information.  At the time of this payment, the login to your account was from a different geographical location outside of the United States.  Your previous logins had consistently been from [New England].
- This payment was funded with a financial tool that had not previously been used on the account for any transactions.  Specifically,  you had only added funds to your PayPal account via MyCash.  This payment was funded with money from the bank account ending xxx7.
Based on historical data, inconsistent account activity creates a higher risk for chargebacks, claims and reversals. 
During this time, your accounts were limited because your transaction activity warranted review.  Specifically, you had been using your MyCash Card to add funds to your personal PayPal account.  You would then send personal payments to your business PayPal account and used these funds to purchase gift cards from CVS Pharmacy and US Bank.  Based on our experience, this type of activity is consistent with money laundering which is why your accounts were limited.  On August 22, 2013, after further review, your account access was restored.

What I find so interesting about this document, and why I think it's worth posting, is that it appears to me that PayPal knows exactly how I'm using my account: funding with PayPal My Cash cards, then unloading the card for 1% cash back at CVS and using Visa Buxx. And they don't seem to have a problem with it: they reopened my account after meticulously documenting all of my account activity.

Why would PayPal allow me to carry on? Because this activity is profitable for them. Remember, there's a logic behind the 1% cash back you earn with the PayPal Debit MasterCard: you only earn it on online purchases and those you sign for. That is to say, you earn 1% cash back on "credit" transactions, for which PayPal earns somewhere between 2.5% and 3.5% of the purchase amount. They're more than happy to kick back 1% to me since they're earning 2-3 times as much in merchant swipe fees.

I wrote up this technique in somewhat more detail in this post from back in June.