I disagree. PayPal is NOT regulated as a bank in the United States. Here is an article from 2002 when they received the official word that they would not be regulated as a bank:
They _are_ regulated as a money transferral service. I work for a bank and I can assure you that the level of scrutiny by banking regulators is _far_ greater. As a single for-instance, the auditors have asked to see documentation of our software development methodology (presumably to ensure there were procedures in place to ensure applications were built securely and without an opportunity for an attacker to check in some kind of back-door).
Technically you can't assure us that banks face greater scrutiny unless you can also describe reliably the level of scrutiny that paypal falls under - or is it common knowledge that paypal doesn't get this kind of audit? I'd be interested in reading a good description of paypal security auditing, if there's anything available.
It is commonly spoken of in the banking industry (where I work). I do not recall speaking with anyone who had firsthand knowledge of audits at PayPal (I've never discussed this with someone who worked there), but I do know that the level of scrutiny of a money transfer service is much less than that for a bank.
