Identity confirmation about to commence

eBay have started to prompt users to update their account information with a splash screen when logging in. This is in preperation for when they commence verifying the computer you normally use is the one you’re logged into when listing on eBay.

You can change your telephone numbers on eBay in your eBay account preferences.

Fake Nike seized by Trading Standards

photo credit: sling@flickr

£25,000 worth of counterfeit Nike trainers destined for eBay have been seized by Hertfordshire Trading Standards.

The shoes were found in raids at two houses in Broxbourne and Stevenage. Fake cosmetics were also found in Stevenage following complaints from three eBay buyers who suffered allergic reactions and tipped off Trading Standards.

That’s two down, but how many more to go? It constantly amazes me that some buyers are more than happy to buy fake goods at knock down prices so long as they’re aware up front they’re not genuine. All the time there are buyers there will be some sellers willing to risk up to 10 years in jail to supply them.

PayPal have non-secure images (again!)

For the last week users of PayPal have been presented with a pop-up, warning that the page has non-secure items on it. What’s worse is that the non-secure items are on the PayPal log in page.

The image is one offering up to 17% cashback from selected retailers and is hosted at http://www.paypal.com/….8jpg. In order to be secure the URL needs to begin https, not http.

PayPal merchants go to great lengths to ensure images in their website checkout are secure, in order to avoid pop-ups being presented to their customers. PayPal have their own secure servers so there really is no excuse.

Whilst on the face of it, it’s just a minor oversight, it can hardly inspire confidence in PayPal’s great security if they can’t even keep their log in page free from errors.

Living in a passwordless world

I changed my eBay password yesterday, and unlike previous occasions it was a painless change, and it’s all down to a mysterious technology called Auth & Auth.

In the past a changing a password was a lengthy procedure, due to the necessity of duplicating the change across a variety of applications such as TurboLister and third party sites like vzaar, Firefox companion and even Facebook (where I have an application that displays my eBay listings). Thanks to Auth & Auth I no longer have to remember every application and site that accesses my eBay account as it’s all looked after for me.

Auth & Auth stands for Authentication and Authorisation, when you link an application to your eBay account you’re required to sign into eBay and agree to share your account information with the third party. This then generates an encrypted security code or “token” which the application uses whenever it accesses your eBay account rather than your username and password.

The Auth & Auth tokens are valid for up to 18 months, you’ll only ever be asked to generate them again when the expire unless you make major changes such as uninstall and reinstall the application. Your account is kept safer as you never share your password with a third party service provider, eBay issue them with the token when you authorise them to access your account.

Most applications have been using Auth & Auth since it was introduced back in April 2004, but it’s only just been implemented in the latest release of TurboLister 6.5, and that’s why when I changed my eBay password there wasn’t a single additional application or site that needed updating.

If you want to check who you’ve granted access to your eBay account you can view them in My eBay, Preferences, under the Third Party Authorisations tab, and if you no longer use the application you can also revoke the authorisation there.

eBay changes from a buyers perspective

It’s easy to forget recent changes on eBay other than the most visible - the feedback changes. There are several others though, that should be well received by buyers.

• Feedback: The main thrust is that buyers can now leave honest Feedback without fear of retaliation and of course can also rate sellers in greater detail than ever before. The real benefit from buyers however, is that in future they can see how fast you ship, how accurately you describe your items, how good your communications are and how fair your postage costs are. If that information gives buyers greater confidence in buying from you it’s great news. With more than 7 billion Feedback comments left on eBay in the future a great feedback reputation will be more meaningful than ever.

• Buyer Protection: From the 3rd June every sale on eBay will offer PayPal and for buyers that choose to pay with PayPal they’ll have free protection of up to £500.00 on every purchase they make. Again buyer confidence should be increased, with about £900.00 traded worldwide every second on eBay buyer confidence is key.
• Customer Service: eBay is rolling out customer support via telephone for UK members. In the past this has been just for sellers, but top buyers are also being given access for instant help with any issues using the site. Over a million eBay users now have access to phone support.
• Business Registration: Business users are required to identify their status and also have to comply with certain laws regarding service standards such as accepting returns. Buyers can shop with more confidence in the service they should expect and receive when trading with a business seller.
• Protection from Fraud: eBay is constantly a target for fraudsters and eBay employ over 2,000 trust and safety employees around the world as well as working with local law enforcement. It doesn’t just stop there though, eBay have masked buyers IDs so that bidding is anonymous, protecting buyers from fake emails and false second chance offers.

eBay have committed to improving the site for both buyers and sellers. Mark Lewis when speaking at Catalyst 2008 talked about having “A deal to strike” between eBay and sellers. In return for eBay bringing confident buyers and providing sellers the incentives and tools to list, sellers would need to provide a great selection of products at a great price with fantastic service.

The selection of products, competitive prices and fantastic service is what buyers not only want but demand of online merchants today. If the recent changes give buyers greater confidence leading to increased purchasing, then it’ll prove to have been the turning point in eBay’s history.

PayPal security compromised with XSS flaw

Over a year ago PayPal were one of the first sites to implement EV SSL, which is the technology that turns your browser address bar green for known safe sites and red for known spoof sites.

The idea behind EV SSL is that users can easily tell if they are on a known safe site and be warned if they’re on a spoof site. That’s no longer the case though, a Finnish researcher Harry Sintonen, has discovered a cross-site scripting vulnerability on PayPal, which bypasses the EV SSL leaving your browser with the green safe known site indicator.

The only indication that something out of the ordinary is occuring is a pop up alert with the message “Is it safe?” which it most certainly is not.

PayPal are working to close the exploit and emphasised that the exploit was not used in any phishing attacks.

David Davis: Online fraud victim

David Davis, shadow home secretary, today admitted he’s the latest victim of internet credit card fraud and described the government as failing on online security.

He discovered the problem when his card was declined at a petrol station, and with a degree in computer science is astounded that he has fallen victim to the crime. He insists all his computers have the latest security and encryption and describes himself as “computer literate as anybody not actually working in the industry”.

Pointing out that the government has repeatedly lost peoples data - child benefits, online driving licence applications, NHS patient database records - he calls for getting the law enforcement basics right as a priority. Just one in a hundred online fraud crimes are currently investigated by the police.

Best advice for staying safe online is constantly changing making it even harder to protect your personal information. Just today eBay sponsored Get Safe Online changed their advice for securing wireless networks. No longer is switching off SSID broadcast and enabling MAC address filtering considered best practise. Simply using WPA and changing the adminstrator password is the new advice given.

With thousands up and down the country not even likely to be aware of basics, such as that their wireless network configuration is now considered unsafe, it’s not surprising so many are vicitims of crime. If a tech savvy shadow home secretary is scammed what chance the man in the street?

How identity confirmation will work

The secret to avoiding phone calls to confirm your identity when selling on eBay was revealed in the US workshop on Trusted Selling with Identity Confirmation. If you don’t want the hassle of phone calls then using the PayPal security key will avoid the need to confirm your identity when selling from a different (or new) computer.

The only problem is the key hasn’t been made available to UK sellers even though it was released over a year ago in the US. Sadly, if they use the same criteria in the UK as the US - cookies and flash objects - whenever users log on from a new PC they’ll have to confirm their identity, almost certainly by phone.

The one exception to identity confirmation with be when using tools (either eBay tools such as TurboLister or those by other companies), which use Third-party authorisations. Third party authorisations allow you to enter your user name and password on eBay and a token is generated to link your eBay account with the third party tool or application.

For those sellers that are required to confirm their identity the proceedure will be:

1.  Select a phone number on file or to specify a new phone number and also put in your Secret Answer.
2.  Select whether you want to receive the call Now or in 2 minutes.
3.  You will receive a PIN over the phone that you should jot down.
4.  You will be presented with a field on the page where you enter the PIN.
5.  Upon success, you will be redirected back to the listing flow.

It should be a fairly simple proceedure, but it’s worth realising that if you clear your cookies, don’t have flash installed, clear flash objects, or don’t have a PayPal security key, then you’ll have to confirm your identity every time you list an item on eBay.

Identity Confirmation (aka Big Brother) workshop

photo credit: adobemac

  Last month eBay announced they would monitor which PC sellers use for listing on eBay and require additional verification if they list from a different machine. Tomorrow eBay are to host a workshop on the policy officially named “Trusted Selling with Identity Confirmation”.

The workshop will take place on the US workshops board at 6pm BST and last for an hour. They aim to explain how to make it easier to confirm your identity if you are prompted to do so. John Canfield, Senior Director of eBay Trust and Safety, will be available to answer sellers questions.

eBay announce Trusted Reporter program

Today speaking at the Internet World exhibition in London Richard Ambrose announced a new program of “Trusted Reporters” on eBay UK.

Starting within the next few weeks pilot program with a couple of dozen users will be launched with a fast track for action to be taken. By the end of the year, if the program proves successful it will be expanded to include hundreds of users.

eBay have discovered that a dedicated core of around 1000 eBay members generate about 50% of all accurate reports on the site. It is from this pool of experienced reporters with a history of accuracy over several years that the Trusted Reporters will be drawn.

One concern from similar pilots in the past, carried out in the US, is that the accuracy of reports could deteriorate once they’re aware of their status. eBay will continue to verify the quality of reports from the Trusted reports to ensure the program isn’t open to abuse.

Users have often complained in the past that reports weren’t acted on, it’s great news that those who have actively, consistently and accurately reported violations over an extended period of time will be prioritised.

Identity verification to go live in Australia

photo credit: malagent

  Following yesterday’s US announcement eBay will also monitor which PC eBay users normally log in to in Australia.

  There is one difference in the Australian announcment - if sellers list from any PC other than their usual machine eBay may make verification phone call. In the US the announcement states that eBay will make a call.

Again the advice given is to register a mobile phone number on eBay so that verification calls can reach you when away from home.

It looks like eBay’s new policy of checking on your PC could roll worldwide, the only question is will it be immediate or at some point in the future?

eBay to monitor which PC you use

photo credit: malagent

  eBay are to step up security, initially for sellers, by monitoring the PC that you normally use for selling on eBay. Starting today they’ll build a database noting which computer you normally use for buying and selling, and in June will commence verifying sellers are logged in on their normal computer when listing items on eBay.

If you log in from a friend’s house, work computer or an Internet cafe it will trigger an automated phone call to your registered telephone number to confirm that it really is you about to list items. They also suggest that users start registering their mobile numbers as well as home/office numbers, if you miss the automated phone call you won’t be able to list.

The big question is what information will eBay collect? It’s unlikely that they’ll rely on cookies as they are transient, however whenever you use a browser your PC already leaks a lot of information including: IP address, Operating System, Browser, Screen Resolution, Colour Quality and Language. eBay don’t state if they’ll be gathering information not generally available, nor confirm/deny if they’ll install stealth software onto your PC.

Most websites already gather this data although it isn’t used to identify individuals. If you have your own website you’ll almost certainly be able to access this type of information in your analytics tools. eBay Traffic Reports (for Featured and Anchor shops) also gathers this type of data.

This information is leaked in the “Browser Request” and it will be quite simple for eBay to compare saved data with the profile of the computer you’re currently using.

While eBay are introducing new safety initiatives they are yet to roll them out worldwide. We’re still waiting for ID Verify and PayPal Security Keys to be available in the UK. It’s unclear if this new initiative will be implemented on eBay.com only, or across all ebay territories.

eBay don’t explain what will happen if you routinely use multiple PCs, many business sellers will already have several users accessing their eBay account. They also don’t explain what will happen when you purchase a new PC.

Many users are likely to be unhappy with eBay turned Big Brother. Should eBay be tracking when you go on holiday or are away from home? I’ll also be interested in the content of the automated calls eBay intend to make - how long will it be before someone discovers that their partner isn’t in the location they are supposed to be?

Cancelled listings move to unsold items

Ever had an auction cancelled and received a notice to the effect but had the listing disappear from the site? Ever had several or even hundreds of auctions cancelled which support later decide were cancelled in error? If you have eBay have just announced that a major pain point has been removed.

In future if listings are cancelled for infringing eBay policy they will appear as unsold items in My eBay allowing them to be edited and relisted. Even better there will be a note explaining which policy was violated giving the seller a steer as to the edits required prior to relisting.

Items appearing in unsold items are accessible from listing tools such as TurboLister so editing in bulk will be possible if there are a number of items requiring edits.

There are a few exceptions where items won’t appear in unsold items - listings relating to narcotics or firearms and listings removed under the VeRO program. Apart from that it’s great news for sellers who find listing cancelled for minor policy violations allowing them a much swifter route to relaunching their listings.

The biggest pain point has been when multiple listings are ended (whether they are valid takedowns or arguably mistakes by support). Being able to retrieve listings will allow sellers to see what’s sold and what’s available to sell rather than having to rely on a stock check to determine what is available to relist.

• sellers dashboard-postage and packaging charges
• A LCD 37" - 42" Screen , Silver with Built in DVD, Freeview
• David Camerons Mountain Bike - For sale on eBay.
• birds
• eBay - Tap On / Tap Off Effect
• Amazing value laptops - 1 Day only.
• mmmmm... that went to plan..not
• 2 weeks in the sun
• Nochex is no better than PayPal
• Spattzz!