Complacency Rules with eBay/PayPal :: A proposed solution to email scams!

[dadaist]

	I just can't understand what is behind eBay's complacency in ridding spoof scams via email. In the last week, I've recieved an ebay email asking me to authenticate my account. I log into my paypal account, and I read this advisory:
	Its pretty obvious that there is some serious confusion going on. Perhaps even a fair amount of people getting burned by scammers posing as eBay or PayPal, trying to get people to fess up important financial information. I've recieved several variations of emails from eBay; some extremely convincing -- seeming very professional. I'm a savvy user, and I now what kinds of things to look for, but eBay cannot expect all users to be as complex as to be able to authenticate emails. Here is the eBay email I've recieved; once each day this week. There are several variations, and unfortunately, I've deleted them all; but after recieving this email this many times, I though it was time to raise this issue on these boards. Anyone else get this email?
	I'm suggesting a solution that makes sense for all people. Since eBay become the grandaddy to PayPal, their accountability and risk exposure has gone up considerably. PayPal, an online merchant which maintains a great number of users credit card info, bank account info, and funds. Is eBay doing enough to protect its members against the incidence of fraud, and what appears to be a steady rise in attempted email frauds. Below is an example of a system which I believe eBay should institute. A logo which once clicked, takes you to an eBay information page which outlines things to look for in an email that arrives in your inbox. On that page, some helpful tips, and a login screen which will proove without a shadow of doubt that the email you've recieved is from eBay/PayPal.
	Personally, I don't think its enough for eBay to ask people to disregard any emails, or have its faithful membership report any such emails. Spoof reporting aside, I really feel eBay should take the bulls be the horn, assume some responsibility, and remedy this problem with some solutions and quick. This problem appears to be getting seriously out of hand, and quite frankly, all I've seen is from eBay is complacency. I'd like to hear some comments on my suggestion, or any other suggestions you may have to remedy the eBay/PayPal email scams? At this point, I think anything -- including just talking about it, is better than what eBay has done to deal with this problem

[Zanarkand]

Ebay or Paypal or anybody will never take such direct steps. It actually opens them up to more liability.

 

Consider - Ebay comes up with (they think) a foolproof way for recipients of suspect emails to authenticate them, i.e. click on this button, go to this page, etc, etc. Mere seconds after this scheme is published, some enterprising thief will convincingly fake it, and by "convincingly" I mean it won't fool even mildly savvy users but will get somebody.

 

The mere suggestion that Ebay has a new security method will result in fake emails that say "Click here to take advantage of Ebay's new security method!" and nothing will have been solved.

 

Ebay can now wallpaper their offices will class action suits, because Ebay has directed people to use a particular security method which was compromised, resulting in material loss. As long as they just provide general advice, they're no more liable than they are now.

[dadaist]

Ebay can now wallpaper their offices will class action suits, because Ebay has directed people to use a particular security method which was compromised, resulting in material loss. As long as they just provide general advice, they're no more liable than they are now.

 

Makes sense to me.

 

But what then to rid this problem with fraudsters gaining access to its members, and coercing account holders to fess-up financial informaton?

 

I just find it somewhat irresponsible that eBay, in its zeal to register as many people on its person-to-person trading community, did not do enough to protect its members against bulk email marketers, frauds posing as eBay/PayPal administrators, and a slew of other internet-related scams. Most making their way to an inbox near you!

 

The latest initiative had them requesting that all eBay members change their ID if their ID contained in it an email address. Doesn't that attempt to rectify the problem they were having with email harvesting vultures also, in a sense, open themselves up to liability, as this initiative clealry indicates that they screwed-up?

 

And although you raise excellent points, I just find that the concern over liability might be far more frightening if an account breech, or financial data is compromised with its most recent acquisition of PayPal. We are no longer talking about a venue for person-to-person trading, but a world-leading online merchant, and person-to-person trading consortium. I guess what I'm trying to say is that I am expecting more from Goliath of the dotcoms in dealing with this problem.