There seem to be a lot of IAT OFAC hits related to Paypal transactions. It would be nice to know the extent of Paypal's OFAC compliance policies. Also, if you had a hit on a Paypal transaction how much luck do you think you would have calling Paypal to gather additional identifying information on the person that your customer is sending $2.99 to?
Knowledge is knowing what to say. Wisdom is knowing when to say it.