According to DCIno, The Treasury Department’s Office of Foreign Assets Control (OFAC) detailed a damning string of instances in which the company accepted and processed 486 transactions totalling approximately $43,934 over a five-year period.
“PayPal’s management demonstrated reckless disregard for US economic sanctions requirements in deciding to operate a payment system without implementing appropriate controls,” the Treasury Department said in a statement.
PayPal allowed a bloke called Kursad Zafer Cire, who was named by the US State Department in 2009 as an associate of Abdul Qadeer Khan, the Pakistani scientist who provided nuclear know-how to Iran, Libya and North Korea.
Cire’s name was added to the Treasury Department’s list of “specially designated nationals” who have been specifically named as being under sanctions by the US for their involvement in terrorism, programmes involving weapons of mass destruction, drug cartels or other major illicit activities.
Between October 2009 and April 2013, PayPal processed 136 transactions totaling $7,091 to or from an account registered in his name.
First, PayPal failed to identify the account as being related to a specially designated national, but later in 2009 the account was flagged five times. Each time PayPal risk operations agents dismissed the alerts without requesting additional information to clarify whether the account did indeed belong to someone under sanctions.
In 2013, PayPal requested additional information from its customer, and received a copy of his passport. The name, birth date and place of birth exactly matched the person listed on the specially designated nationals list, but PayPal again approved the transfer.
It wasn’t until it was flagged for the seventh time, on April 3, 2013, that the account was blocked and reported to the Treasury Department.
PayPal allowed transactions to proceed although they contained specific references to countries under sanction, such as “Iran,” “Cuba,” “Tehran,” “Khartoum” or “Sudan.”
PayPal brought new management into its compliance division in 2011 to strengthen its controls, which also counted as a mitigating factor.
The company said that over the last two years it has built a new payment scanning system that allows for “real-time scanning of potentially sanctioned payments before they are processed.”