We run many subscription based websites one in particular does very well: http://www.governmentauctionsuk.com/ with over $500k a year. Much of this is passed through Paypal.  Since Paypal’s policy update 2011 we have run into a major issue.  The complaint is outlined below and we will publish Paypals resonses here for your perusal.

The good news is that we appear to be winning and believe that any subscription payment is covered with a CPA mandate.

COMPLAINT SUMMARY: This has been an ongoing complaint since PAYPAL’S POLICY UPDATE 2010.  It concerns all Unauthorised Payment refunds made to the client by Paypal.

Final Response from Paypal: 19/10/2012

‘All complaints can be further referred to the following bodies and for the purpose of doing so, this letter will be known as our “final response”‘

COURT ACTION: No court action is planned

DESIRED OUTCOME: We want Paypal to acknowledge their responsibility under the CPA scheme and honour the payments clients send to us.  We want ALL the refunds made by Paypal to clients against our instructions and covered by our website terms of Service under Paypal’s ‘Unauthorised Payment’ system refunded to our account.  We want an assurance that a CPA subscription payment will be honoured in the future.

THE SITUATION: PayPal User Agreement Beginning 5 November 2008 the PayPal User Agreement is being amended as follows:

‘Unauthorised Payment’ means a challenge from a buyer claiming that s/he did not make the payment, and that the person who made the payment was Unauthorised Payment.

Here is the situation as clear as I can make it:

In our cases the client is not alleging: ‘that s/he did not make the payment, that the person who made the payment was Unauthorised Payment’

In the cases referred to in this complaint, a person subscribes to our service and in doing so AUTHORISES that first payment and any subsequent payments until cancelled by the themselves. This is made perfectly clear in our terms outlining the CPA situation http://www.governmentauctionsuk.com/terms.php and Paypal also send out relevant information.

A user cannot subscribe to our service without ticking the box to accept CPA.  Our website is very tight and crystal clear on the terms of service for subscription.  All this is also backed up in the welcome pages and welcome email.

Furthermore, we have set up a simple system where the user can cancel their subscription at any time.  For example, if a user is on a six month agreement, they have SIX MONTHS to cancel their subscription and prevent any future renewal at the click of a mouse. They can also cancel subscription payments through Paypal which are clearly marked in their account and a receipt is sent by Paypal and ourselves each time a subscription (CPA) is made.

After each subscription payment is sent from Paypal our system allows the client continuous, uninterrupted access our service.

THEFT OF OUR SERVICES: At some point the client no longer wants the service and instead of simply cancelling either through our system or through Paypal, they create a ‘Unauthorised Payment’ dispute using the relevant Paypal forms.

In creating a Unauthorised Payment dispute for an ‘AUTHORISED’ CPA subscription payment Paypal will refund their money against our instructions regardless of our defence. We always submit the correct CLIENT information in defending a Paypal dispute, their IP numbers, address, passwords etc and all information showing that these are legitimate subscriptions set up by the client.

In many cases the person has logged in and used our services on the very same day as they submit a Unauthorised Payment dispute.

In many cases we have correspondence from the client stating they want a refund because ‘they forgot to cancel’. When they are not eligible for a refund they then simply create a ‘Unauthorised Payment dispute

In some cases the client has used the ‘Unauthorised Payment dispute’ process as leverage for a refund they are not entitled to saying “if you do not give a refund I’ll just get my money back through Paypal.

In several cases Paypal have refunded months of subscriptions.  A recent case Paypal refunded 32 weeks of subscription payments:

Buyer’s name: ********* PRESCOTT
Buyer’s email: **PRESCOTT@***.COM
Transaction ID: 72L68*********F
Transaction date: 11 Sep 2012
Transaction amount: 4.99 GBP
Your transaction ID: 4S************7
Case number: PP-**********-559

this user set up this subscription

They have received their passwords and have received a receipt for every payment.

they have NOT cancelled

these payments are perfectly legitimate, as the user has not had any unauthorised access to their account.


PAYPAL’S RESPONSE: In 99% of the Unauthorised Payment disputes the payments in question are AUTHORISED CPA subscriptions … so how can Paypal support these people in the blatant theft of our service?

Paypal’s stance has been that “because we provide a ‘service’ we are not eligible for buyer protection.”

We have pointed out that this is not a simple case of a one-off payment that has been made for a service and disputed by the client as their not having made that payment.  These people are not alleging unauthorised or hacked use of their account. These people are not even alleging that the payments have been made fraudulently. These are legitimate, repeat CPA subscription payments:

‘These funds are LEGITIMATE! There is no theft, no unauthorised access to the customers account, no fraud … they are simply legitimate repeat subscriptions the customer set up, yet in every single case of late Paypal simply return the money DESPITE our giving evidence supporting this.’

In correspondance from PayPal’s Office of Executive Escalations.  (KMM35184427V68565L0KM) :ppEU, Stephen O’Donohue Executive Escalations

He says: Should the disputed funds be deemed legitimate, they will be returned to your PayPal account accordingly.

It is clear that these funds are legitimate, yet Paypal are not returning them to our account.

Mr O’Donohue also made a refund of some payments as a goodwill gesture: However, as we greatly value your business Mr. Tranter, and want your experience with PayPal to be positive, I have issued a courtesy credit in the amount of £80.00 GBP to your PayPal account. This credit is intended to cover the four recent disputed payments dating back to 7 & 16 October 2012. These funds should be credited to you PayPal account within the next 24 – 48 hours.

However, we have had several thousands pounds of Unauthorised Payment payments refunded to clients against our strict instructions. This is compounding as Paypal make refunds on a weekly basis.

We have sent proof to Paypal that these are legitimate repeat payments under a CPA agreement but Paypal have now simply refused to answer any more of our correspondence, therefore we now respectfully ask that you take up this case. We have reams of correspondence regarding this matter and have called Paypal on many occasions so would need to know what you need in support of this complaint.

I would like the Financial Ombudsman Service to consider my complaint. I confirm all the information I have given is true and accurate to the best of my knowledge.

I understand that:

• ƒYou will need to handle personal details about me – which could include sensitive  information – to deal with my complaint effectively.

• ƒYou may need to share information about my complaint with the business I have complained about and any other relevant organisations.

• ƒYou handle complaints differently from the courts – and you usually settle complaints by phoning and writing to the two sides, not by holding hearings in person.

• ƒYou or a trusted third party may contact me to help monitor the quality of your service.  You may publish examples of where things can go wrong, based on real cases, but you will always respect my privacy and keep my personal information confidential


Dear Paul Tranter,

Thank you once again for your email.

Mr. Tranter, a review of your account shows that on 19 November 2012, a total number of 32 payments made from a Mr. Stephen James Prescott’s PayPal account were held temporarily after we received notification from Mr. Prescott that he had not in fact authorised the payments in question.

We have subsequently conducted a review of the transactions and determined that these payments were not in fact authorised by the customer in question, therefore, on 28 November 2012, the funds were returned to Mr. Prescott’s account.

Understandably, you have chosen to disagree with the actions taken in this instance and claim that the customer has used the service you have provided. However, this is no indication as to whether it was in fact Mr. Prescott or in fact a third party who had paid for and used your service. As such, our dedicated team of specialist will review such claims to determine whether the transactions were unauthorised as they claim. Should we find sufficient evidence to back up these claims, we are responsible for ensuring that the funds are returned to the rightful owner of said funds.

As previously stated Mr. Tranter, PayPal’s seller protection policy is in place to protect our sellers against such eventualities. Unfortunately however, services or intangible items are not covered under this policy therefore we are unable to protect you against such incidents should they arise again in the future.

That said, I have issued one final courtesy credit to your account in the amount of £159.68 GBP. This credit is intended to cover all 32 reversals from your PayPal account. These funds should be credited to you PayPal account within the next 24 – 48 hours.

The actions Executive Escalations have taken regarding your account are among the rare exceptions made for our valued customers. No further exceptions will be possible going forward.

I apologise if your experience on this occasion was less than satisfactory. Going forward, should you have any further queries, please feel free to contact us directly at ppelce@paypal.co.uk .

Yours sincerely,

Stephen O’Donohue

Executive Escalations



Hi Stephen,

You state that case that ‘Mr. Prescott’s account was used by a third party’.

  • – if this is the case then this is fraud and if you have evidence of this then it should be handed over to the police and relevant departments
  • – how was Mr. Prescott’s account accessed?  Did he hand his passwords to a third party and if so I believe he is still responsible as the account holder
  • – is there a breach in Paypal security for a third party to access Mr. Prescott’s account because if so, there are serious implications, but ultimately in this case, if Paypal security is not up to scratch they Paypal are responsible for security breaches
  • – he made a ‘not authorised’ claim against every payment using his account details.
  • – these were the same details we had on record and the same account he would have received a receipt and welcome email from ourselves and Paypal.
  • – he would have received a receipt for every single payment taken
  • – he logged into our service and used it from the correct IP

So despite Mr. Prescott’s claim I do not believe this was used by a third party.  If a third party was to access Mr. Prescott’s account they would buy something of value like a nice watch! They would not subscribe to an auction service.

Stephen, because I had not heard from you for several weeks, despite sending many reminders, I have had no choice than to take this to the ombudsman as you initially suggested. I sincerely did not want to take this action and would much rather maintain my good relationship with Paypal.

I still think you are missing the point and focusing on the fact that we provide a service.  It is my understanding that this is irrelevant under the rules governing Continuous Payment Authority or CPAs.  When a user subscribes to our service they set up a CPA which the bank and I suspect Paypal is duty bound to honour

This is taken from out terms of service which clearly state the case:

When a user subscribes to any gauk ‘subscription based’service they set up a continuous payment authority (CPA):

What is a ‘continuous payment authority’?

A continuous payment authority is a type of regular automatic payment that you can set up using your debit or credit card.

The authority is linked to the bank account or credit card account that your card is linked to. It’s a popular method of making regular payments – favoured by many businesses, including gyms, internet service providers and even payday loan providers.

But customers often confuse the rights that they have with a continuous payment authority to those accorded to a direct debit or standing order.

How does a continuous payment authority work?
This method of payment is set up by you giving your debit or credit card details to a company to which you wish to make a regular payment. This can be done over the phone, in person or online. Often there is no written record of the authority being set up.

The company itself may be unclear as to the method of payment being initiated – so if you are in any way uncertain ask them to clarify whether payment will be taken by direct debit, standing order or continuous payment authority. If possible get them to confirm this in writing.

A continuous payment authority gives the company you are paying the mandate to:

  • Take payments on dates of their choosing
  • Take payments for different amounts
  • These authorities don’t have the same guarantees that a direct debit has regarding the date or the amount of the payment. Keep a close eye on your bank statement to ensure that all payments match your expectations.

How to cancel a continuous payment authority
You can cancel a continuous payment authority either by telling the company, or by telling your bank.

If the user has problems cancelling their account with the gauk online system they must notify gauk within 24 hours via ourticket system. If a consumer simply cancels with the bank without informing gauk the consumer is still liable to pay if the subscription is renewed.

If you tell your bank to stop the payment being taken, it has to do so. However, you should make sure that you inform the company taking the payment – particularly where you have a contract or credit agreement in place (CPA). If this is the case, you may still need to make any remaining payments.

It can be set up using plastic cards, both credit and debit cards can be used. It’s similar to direct debit because payments are debited from the account which is linked to the card.

Any reputable company will have options for cancelling a membership or subscription and gauk is no exception!

You have total control over your payment options under ‘My Profile’ in your member’s area. Here you can manage payments and even cancel them at the click of a button.

Furthermore, your payment processors Worldpay (Royal Bank of Scotland) Secpay (on behalf of Barclays) and Paypal have several options for cancelling a CPA including direct phone numbers which can be found here

99% of all recent refunds made by Paypal relate to CPA payments. This situation regarding the refunding of Unauthorised Payments has only occurred since Paypal’s policy update.  All I want is for Paypal to recognise these payments as CPA, to refund those to my account that have been wrongly refunded and to refuse to refund CPA payments in the future to clients.

Again, I would much rather sort this out with you than have to continue with the Ombudsman.