On Wednesday afternoon, PayPal reached a settlement with the US Treasury Department, agreeing that it would pay $7.7 million for allegedly processing payments to people in countries under sanction as well as to a man the US has listed as involved in the nuclear weapons black market. The company neither confirmed nor denied the allegations, but it voluntarily handed over its transaction data to the US Department of Treasury’s Office of Foreign Assets Control (OFAC).

In its settlement agreement with PayPal, the Treasury accused the company of failing to screen its in-process transactions until 2013. Although the company made moves to prevent transactions involving sanctioned countries as early as 2006, its policies were lax until, in July 2011, the company implemented a “short term fix” in which PayPal could "scan live transactions for sanctions-related keywords and evaluate any potential matches while the completed payments were held in a pending status.”

That short-term fix didn’t prove to be up to snuff in keeping forbidden transactions from being processed, however, and between 2009 and 2013 PayPal ended up processing nearly 500 transactions worth more than $40,000 for goods and services going to Cuba, Iran, and Sudan, as well as $7,000 in transactions involving Kursad Zafer Cire, a Turkish man on the US State Department’s list of Weapons of Mass Destruction proliferators. According to a Treasury Department enforcement information page, PayPal’s short-term fix filter flagged Cire’s transactions seven times, but it wasn’t until the seventh instance that PayPal blocked his account.

The Treasury Department says that it wasn’t until April 2013 that PayPal implemented a “long term solution” in which it "began screening live transactions against OFAC's List of Specially Designated Nationals and Blocked Persons (the "SON List") and an expanded version of PayPal's list of sanctions-related keywords.”

The Wall Street Journal noted that the Treasury Department has been keeping a watchful eye on non-bank financial institutions lately.

In an e-mailed statement, Gene Truono, chief compliance officer for PayPal, told Ars:

"Government compliance is a priority and a central component of how we do business around the world. We recognize that prior to April 2013, PayPal did not have a system that could scan payments in real time in order to block prohibited payments. There was a delay in the scanning, which allowed some prohibited payments to be processed. In many cases, those payments were detected and reversed. As part of our commitment to compliance, we hired the right people, increased our compliance budget, and over two years worked to build a new scanning payment system. We’ve now put in place proprietary state-of-the art systems that allow for real-time scanning of potentially sanctioned payments before they are processed."

PayPal has had issues in the past with over-enforcement as well, freezing crowd-funded assets for murky reasons and making it difficult for legitimate users to get their money back. The company is currently owned by eBay, but it has plans to become a separate company later this year.