I don’t know if this is a physical phishing attempt, a data mining project from Paypal or what, but I just got a letter in the mail from Paypal saying that because of the PATRIOT Act, they needed to confirm the identity of people who open up Paypal Money Market Fund accounts. What the heck? Is this legit and do I really need to do what they say?
I know exactly what you’re talking about because I got one of these peculiar letters too. I bet yours looks like mine:
The letter explains: “Pursuant to the USA PATRIOT Act, the U.S. Department of the Treasury and the Securities and Exchange Commission require the PayPal Money Market Fun (the “Fund”) to obtain, verify, and record information that identifies each person and entity that opens an account in the Fund. The Fund requires that all business investors in the Fund provide their name, address and Employer Identification Number (EIN). The Fund will then verify this information.”
The letter then goes on to detail, rather confusingly, that you either need to fax in a bunch of different corporate documents or simply log in to your PayPal account and verity your address. Well, the latter sure sounds easier, so that’s the route I took.
Now, is this data phishing on PayPal’s part, or is it really required by the PATRIOT Act? It’s definitely the latter. First off, they’d get into huge trouble for pretending it was a government requirement when it wasn’t, and secondly the PATRIOT Act really does say:
“Subtitle A: International Counter Money Laundering and Related Measures – Amends Federal law governing monetary transactions to prescribe procedural guidelines under which the Secretary of the Treasury (the Secretary) may require domestic financial institutions and agencies to take specified measures if the Secretary finds that reasonable grounds exist for concluding that jurisdictions, financia1 institutions, types of accounts, or transactions operating outside or within the United States, are of primary money laundering concern. Includes mandatory disclosure of specified information relating to certain correspondent accounts.”
That’s pretty confusing, so here’s a clearer commentary from the American Banker’s Association: “One of the new obligations under title III is section 326, which requires financial institutions to have account opening procedures or a “customer identification program.” Banks and some covered financial institutions such as securities firms, mutual funds, and commodity futures traders (insurance companies are pending) have to obtain four pieces of information (name, address, date of birth, and government identifiers such as social security numbers) and attempt to verify that information. Because banks have been requesting identification of customers since the beginning of banking, this new obligation is a formalization of business as usual.” [src]
Anyway, you really don’t want to wade through the painful prose of the Act. I’ll simply note that by having a Mutual Fund, PayPal jumped into the big leagues and is now quite definitely a financial institution according the Department of the Treasury, and therefore must comply with federal laws regarding the confirmation of identity of account holders. For regular non-interest-bearing accounts, these requirements are more lax (I guess they figure that any terrorist worth their salt is going to insist on earning interest on their balance?) so this letter was likely triggered by you applying for the PayPal Mutual Fund, not simply because you have a PayPal account in the first place.
My advice? Comply with what’s requested, fax in the documents or go through the physical mail confirmation step, and be tagged by the gov’t as the owner of that particular account.