Slashdot Mirror
An Inside Look at eBay Security
daria42 writes "This in-depth interview with eBay's Australia/New Zealand security manager is fascinating reading for anyone interested in online security and how the online auctioneer interacts with law enforcement agencies. "Normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing," says eBay''s Alastair MacGibbon."
All that I got out of this article is that they have a phishing toolbar, an email address to test spoofs on, and that they are "committed" to a bunch of crap. This is not an in-depth look at anything.
Sample "in-depth" response for those who didn't RTFA:
I read the article.
:)
I've never seen a more PR-fluff article in my life.
(Okay, that was an exaggeration. I follow the SCO saga as much as the next guy
Which will I believe in the future? A fluffy piece about how much eBay cares about security ("We weally weally do care about security! Trust us!") which gives me no solid information ("Our toolbar does such-and-such to protect our customer.", "We have X technologies to assist victims of fraud.")
OR
stories from my brother *in Australia* about how he was ripped off by an eBay scammer? Or stories from coworkers and friends that have been ripped off by an eBay scammer? Or the author of a national bestseller telling how he was eBay scammed? [1]
Here's a tip, eBay. Word of mouth goes a lot farther than a fluffy article that tells me nothing. I read a long time back a dissatisfied customer tells ~3x the number of people his experience than a satisfied customer.
I'm honked off because I had to sit through that article, feeling patronized and advertised. Sheesh. What a waste.
[1] _The Paradox Of Choice: Why More Is Less_
by Barry Schwartz ISBN:0060005696
(I think it was the first few paragraphs of chapter 7.)
PayPal is a black mark against financial theives everywhere. My experience with them is about like this:
1) Realize purchased item is missing & seller not replying to email & contact number is bogus.
2) Report it to PayPal
3) Get canned response that you have to wait untill the getaway is made (3-4 weeks?) before you make the report.
4) Wait & re-make the report.
5) PayPal Sits on the investigation for two weeks.
6) PayPal Makes investigation
7) PayPal says: "The seller appears to be fradulent, but has withdrawn all funds from their account so we have no recourse: file a claim with your insurance."
If Ebay had any thought about fraud, they would start with PayPal. This is just PR fluff.
Consider the fight against regulating some types of Ebay Sellers (drop off points) like Pawnbrokers. Pawnbrokers are regulated so that their is a paper trail of who sold what (possibly hot) items. Some high crime areas have what are essentially Hot Item ebay resellers: They take items, and sell them on ebay. They then return ~66% to the "owner" who requested their services. Florida (god help me for using them as suggesting a good law) attempted to regulate this type of drop-off store, but was beaten down.
oh, yes. PayPal bad.
If they really wanted to eliminate the problem, which they dont really care about by all signs, then they would pay a bounty on fraud reports. They would establish some sort of trust network, simmilar to the feedback system, to cull the whiners from real fraud reports. Finally, they would require all sellers for new items over $100 to either post a 30 day bond with e-bay for cash/western-union payments, or conduct the transaction via VISA credit card. They would post an actual method of contacting pay-pal.
If tehy were serious, they would do some sort IP address localization, and post not only where the person said they were from but also where their IP says they are from.
If they were serious they would not allow first time sellers to use western-union on new items over $100.
If they were serious they would bar private auctions for first time sellers.
ergo, they are not serious
Some drink at the fountain of knowledge. Others just gargle.