I posted this reply in another thread but it occurs to me that it might stir up a little sediment as a topic on its own!

An example of why I don't like these sites.

A while ago I had a bunch of stuff I wanted to auction on Ebay. I was even thinking of doing it as a source of income, having a bit of expertise in an area of collecting (not fishing tackle). The sums involved were fairly substantial so I needed to be careful. I'll pass over the incredible difficulties involved in actually finding out in advance exactly what the terms and conditions are for the full range of possibilities in trading by this method. I gave up after printing out about 60 pages and just winged it.

After repeatedly entering the full spectrum of my financial details - horrifying; do people realise just how insecure this stuff is at the BEST of times? (by the way I'm "in the business" of computing, or used to be until recently.) I finally got a dozen items on auction.

Immediately I get scam-artists trying to lure me off site to bogus (?) escrow sites - ie not PayPal - with ludicrously high offers. Good job most of these sh*theads aren't too smart. Then I get more idiots telling me the reserve prices are too high - opinions that I don't need. Why do these fools bother? Nothing better to do I suspect - which covers a lot of the Ebay demographic.

Then I get "Bulk" mail which I only saw by accident (as an aside, a general comment on Yahoo mail: rubbish) This informs me, on a completely convincing Paypal web form, that my financial details have been compromised (that much at least was true!) and that I should now re-enter them. This was almost certainly from a clone ripoff site - hence its presence in a Bulk Mail folder - but I had to think twice. Would everyone?

So I mail PayPal and warn them that this has happened. Of course - and here's MY BIGGEST SINGLE COMPLAINT about the whole system - all you ever get back from Ebay or PayPal is automated responses, no matter how serious the issues involved. And what could be more serious than this cloned site?

I made one sale to Japan and got paid fine. I know "it works", but it's an insecure mess and eaten up with timewasters and scammers - as well as decent people who just want to trade honestly. In years to come people will look back on this stage of online auction trading and laugh at people's vulnerability.

Someone I worked with - non technical staff - got hit for £2K on a credit card after registering for the above before she'd even done a single transaction. The suspicion is that the security leak may have been within Ebay or PayPal.

Be VERY careful if you trade on Ebay. Make sure you have UP TO DATE security on your computer system. If you don't have automated updates check at least weekly. If you're not confident about the technicalities of computer security get someone who is to sort it out for you. You could even pay someone - it might prove a cheap option.

paypal isn't an escrow site...

i wouldn't consider any of the problems you encountered to be that serious or unusual in any pc transaction.

ebay want no more details off you than amazon or any other web trader, and indeed if you consider it, the more details you give, the safer ebay is for everyone.

ignore the spam as you ignore any other spam, whether it's related to ebay, paypal, viagra, rolexes, whatever.

the stories about people getting scammed for large sums of money via ebay / paypal are legion, and if true (which is rare enough) are usually down to elementary mistakes made by the person scammed

as with any web transaction, common sense is the order of the day. but to dismiss ebay out of hand as 'an insecure mess and eaten up with timewasters and scammers' is to miss out on a great opportunity to reach a global market.

Must agree wholeheartedly with jeepster. In about 120 transactions with 80 different buyers/sellers, I've never regretted one. Got rid of a load of tat... sorry.... treasured items... that otherwise would have ended up in a skip and acquired a number of items at well below what a shop would have charged. Made a few friends home and abroad in the process.

[ 23. August 2005, 10:35 AM: Message edited by: argyll ]

Neither of these replies address the two main issues.I repeat.
(1) Cloned sites - which almost fooled me and I'm not exactly naive - and I'm running up to date secure systems. I haven't encountered this problem ANYWHERE else although it obviously can occur elsewhere. One use of Ebay/PayPal and I immediately encounter one. The situation is similar to viruses; you don't get so many on Macs but that's simply because there aren't so many of them about. It makes sense to scam the biggest possible target market, PCs/Ebay.
I generally avoid internet credit card transactions if I can, but do it from time to time - that way it's pretty obvious when, if not how, any scam occurs. And incidentally no other credit card transaction I have ever done on the net EVER required me (a) To offer up my full bank details, account numbers etc or ( Additionally set up direct debits in a situation where my credit card details were already available! "Broadcasting" this data just increases the number of fraud opportunities, not minimises them.

(2) It's all but impossible to communicate directly with either of these service providers - who are making billions out of the users. "Hey, we don't want to have to actually DEAL with the punters, just cop our margin..." Failure to respond to very serious security issues is completely outrageous - sufficient in my opinion to justify legal action against them in a correctly legislated marketplace. Fat chance of that though, the government is incapable of understanding the basics where I.T.'s concerned.

[ 23. August 2005, 11:19 AM: Message edited by: john frum ]

with all due respect, for a cloned site to fool you (or almost fool you) you must be at least a little naive, you should only ever enter you details on a site you have visited of your own accord, either by typing in the URL yourself, or using the favourites in your browser.

Hi John

Firstly, I would have thought that this would probably be more appropriate for the non-fishing chat forum

As a general point, you imply that internet transactions are horrifyingly insecure. As an IT professional I would have thought that you would be aware that the encryption standards in general use are inherently very secure. Credit card transactions on-line are in general terms far more secure than over the counter, or telephone transactions where many details are stolen in a far more simple fashion than is required to capture credit card details being "broadcast" around the internet.

You say that the ebay / paypal scams only started after you signed up with ebay, then you my friend are very fortunate. Could it be that you only took notice of them in your bulk mail folder after signing up because that was the first time they held any interest for you?

As regards not being able to contact them directly, they use email as the principle means of communication, but are also accessible by fax, and mail, and I believe there is a phone number too.

If you ever manage to inform them of a unique scam I am sure that they will respond in a timely fashion, however it may surprise you to learn that ebay and there employees themselves are recipients of the scam emails which proliferate, and by the time you inform them of it they have probaly been aware of it for at least several days if not months!

As to your other complaints about idiots telling you your reserves are too high, then if you are happy with the sales you make and you are achieving the reserves then ignore them, if you are not selling then perhaps they have a point.

Ebay/paypal are a business entity in the most litigious country on earth, if they are behaving in a way which justifies legal action for the failure to respond to the serious security problems believe me it would not require our government to be looking at legal action against them, nor introducing a tighter legislative framework.

In general I would suggest that if you find the whole issue so frustrating that you leave it to folks who find ebay works well for them, and find yourself another global market place which is so cheap, easy and quick to use.

I forgot to say that the problems you raise re security are more properly addressed to the people that created popular operating system with more holes in them than in your average sieve.

As to the non-technical person that got taken for 2k, far more likely to have had her card cloned in a restaurant, petrol station, corner shop, or virtually anywhere than to have had it stolen online.

I have used my cards widely online for years including buying dodgy software from some very dubious sites, prime targets for potential scams, I download all sorts of viruses and "malware" daily, but my system is as secure as I can make it, and I can safely say my card details have never been compromised. But then again they have not been compromised through over the counter transactions either because I keep my wits about me when I use them, watch where the cards are at all times, and ensure that I detroy all carbons etc that may be generated.

Indeed anyone that chooses to hack my pc's would have a field day with information stored there.

[ 23. August 2005, 11:49 AM: Message edited by: NickInTheNorth ]

Will equal respect, using the stored favourite isn't 100% secure either.

And what do you do when a stored favourite generates a response from your browser that the security certificate's not recognised - even when you know it is the valid site? You can try mailing your email service provider. Trouble is the likelihood is that they won't bother to respond either.

And what does the average user do when the first thing he reads is that his credit card details have been the subject of attempted fraud? In most cases, panic. Given that many people set up a new email account for these transactions little mail arrives that's unconnected with the business in hand. It's hardly surprising that people get caught. The problem isn't people's "naivety", its that the whole structure's a jury-rigged crock.

Still nobody's addressing the main points I've repeated above. It seems to me that because most people are happily using Ebay it's easier to assume all's well. I don't think it is.

if a stored favourite generates that message, and it's a paypal, ebay amazon etc type site, then i'll enter the address myself, just to be sure.

as nick says, we're never going to convince you otherwise, so i hope you find a suitable place to sell your stuff


jon

Four thousand items sold through eBay and not a problem yet.

If you ignore all emails from `eBay` and `Paypal` you`ll be fine. If it does look convincing then sign in to the site (through normal means, not following links on emails) then if there is an issue that needs resolving then it will be there in all its glory.