SEE: http://www.net4TruthUSA.com/ebaystore.htm for this complaint in its entirety along with the screen-shot graphics to support the claim:
The last few weeks have been a NIGHTMARE for me as an eBay seller. With over 250 transactions since I opened my eBay store, I have 97.6% customer satisfaction with my products and services. The few complaints I've had were for software products that users could not get to work (or CLAIMED didnt work in order to get a refund), while others were very happy.
In contrast to this is a SERIOUS PROBLEM with security on the eBay site, and it seems if someone tries to buy an item using a fraudulent credit card, the seller is STILL charged a commission on the sale (Final Value Fee), and the entry for the sale REMAINS in the eBay seller's records. Although the Final Value Fees may be credited to the seller's account once the matter with the attempted fraudulent purchase is resolved, if the resolution does not occur within the current billing cycle, the seller STILL has to pay the Final Value Fee. This is not the ONLY problem. I have attempted resolve these issues, and have wasted fully TWO WEEKS of my time. I have notified eBay support MULTIPLE TIMES by email, and in online "chats" with reresentatives that were unable to do anything because this is a PROGRAMMING PROBLEM as well as a POLICY PROBLEM.
To add insult to injury, because of two customer "negative" feedback entries for $4.00 software that WORKS AS ADVERTISED, eBay has restricted my account (which I PAY FOR, and PAY to list on). I have warned them by email.By online chat, and by telephone (it's strange that a 24/7/365 multi-billion dollar business cannot provide 24/7 telephone support) that I would post this here (where it will remain PERMANENTLY) if these issues are not resolved. All I get is "canned" e-Mails and the time and money I spent getting ready for the Christmas buying season have been RUINED by eBay's DISREGARD of a VERY SERIOUS SECURITY issue. Due to eBay's COMPLETE DISREGARD of my concerns as a seller, I am at the point of transferring my sales to another online auction vendor in order to recover my investment. It is with great trepidation that I post this here... Perhaps THIS will get their ATTENTION.
Please see: http://www.net4TruthUSA.com/ebaystore.htm for a more "readable" (graphics & screen shots included) copy of this complaint.
*
On November 14, and 15 someone using a stolen identity or stolen payment instrument (credit card or PayPal account) attempted to purchase three high-ticket items from our eBay store. Immediately suspicious was that these transactions came from two separate eBay accounts that had common domain-name email addresses: [email protected] and [email protected] and were executed on the same day the eBay accounts were opened (see screen shot #5). (Oh yeah... If we find you are a thief, we will post YOUR "identity" everywhere). The web site above shows actual screen shots from my computer.
We requested contact information from eBay (advanced search / members / find contact information) and did a reverse phone number search via www.yellowbook.com, which yielded phone number listings. We then tried to call the customer with the result that the phone number given to eBay when the eBay account was opened, was a non-working number. The fact that both of these thieves (or one thief using two email accounts on the same domain) also had NO feedback from other buyers or sellers is almost conclusive proof that the transactions were attempted theft. We contacted PayPal and eBay, and we had the transactions reversed (the funds stolen from someone's credit card or PayPal account were returned to the rightful owner). We also tried to bring up www.cathyplc.com (see screen shot #4) and discovered it was a shill [personal] domain account (with nothing on it) hosted by Yahoo! However, the hosting was paid for, and the payee could possibly be the wannabe thief (or the thief who used (perhaps) used a stolen credit card to also pay for the domain hosting).
We contacted Yahoo! And notified them that the two email addresses at www.cathyplc.com were being used for the perpetration of Internet identity theft / fraud, and put them in touch with PayPal security. We have not heard a peep from Yahoo and the shill Web site is still "under construction" (why am I not surprised?). We also contacted the Fraud unit of the NY State Attorney General's Office (In 2006 I worked for NYS-AG Medicaid Fraud Unit as an undercover Confidential Informant and busted some "Psychiatrists"). PayPal also reports these incidents to the FBI, and assists law enforcement pursue fraud investigations.
Although in this particular incident, the thieves appeared to have set up a completely fraudulent eBay account for the sole purpose of stealing products from eBay merchants, this is by far not the ONLY Internet fraud being perpetrated (this is not to imply that the Internet is rampant with fraud, but the evidence speaks for itself). Examples of various and sundry scams and "phishing" attempts (some of them so pathetic they are laughable) can be viewed on: www.AssholesAmongUs.com/phishersofmen.htm.
While eBay and PayPal have their own protocols and guidelines, and have "suggestions" for buyers and sellers, in light of the fact that these three transactions probably would have made it to the point where a novice eBay merchant would have shipped the items to the "customer", we have developed our own set of guidelines and a "red flag" checklist.
(Checklist may be viewed on www.net4TruthUSA.com/ebaystore.htm)
None of the above "red flags" is in and of itself an indication of potential thievery, but when taken together; when two or more of these indications are evident, both PhoenixStore and TelsonStore suspend any shipment of merchandise, and immediately initiate further investigation.
PhoenixStore and TelsonStore have ZERO TOLERANCE and NO COMPASSION or FORGIVENESS for thieves. If and when such a thief is caught, we will supply the prosecution with any and all evidence at our disposal, and we will also bring civil charges against the thief to recover loss of time to pursue him at the rate of $120 / hour plus attorney fees and court costs. Upon conviction, we will vigorously appeal to the court in an Amicus Curiae brief, to have State sentences run consecutively, and to also bring Federal Mail Fraud charges against the thief.
. We will also follow the convict throughout his incarceration, and write letters to the parole board supporting denial of parole for anyone attempting fraud on any of our Enterprise sites.
If you get caught thieving here, as the Bible says "Verily I say unto thee, Thou shalt by no means come out thence [from prison], till thou hast paid the uttermost farthing". Matthew 5:26
As you can see, the biggest flaw in the system is the ability for ANYONE to open an eBay account without having to validate their identity, and to then IMMEDIATELY on the SAME DAY, use a fraudulent payment instrument (either a stolen credit card or compromised PayPal account) to place orders on the system, and to have those payments actually flagged as "PAID" in the seller's eBay "sold items" screen, AND the PayPal transaction screen. A merchant who is unaware of this, could easily be fleeced for his merchandise, and neither eBay nor PayPal's buyer protection would cover the losses.
I have made it clear to both eBay and PayPal's security teams that this is an issue that desperately needs to be resolved. Both eBay and PayPal have been notified by email and by phone of this posting here.
On the morning of November 22 (Thanksgiving), I called eBay's "Trust & Safety" department, and explained this situation anew to someone else. When my explanation at what had occurred elicited no response from the person at the other end, I asked to speak with a supervisor. After listening to "elevator music" for 5 minutes while I was on hold, the supervisor answered. He also seemed dumbfounded, and blamed the problem on PayPal. I also gave him the URL for this page, and sent the URL for this page in emails to eBay and PayPal in reference to this problem.
I expressed the concern that as a merchant, I pay PayPal to ensure the security of transactions. EBay is also coming up short in the security department (obviously), because this person was able to open up TWO eBay accounts and place orders for items totaling over $3,000 without ever having to verify their identity, and ONE of the payments actually went through, and was temporarily posted into my PayPal account, until I personally refunded the money (by refund via PayPal) to whoever* it had been stolen from.
Currently, anyone can open an eBay account without verifying his identity, and immediately buy or bid on items from any eBay store or from anyone selling on eBay. It is prudent to require that anyone opening such an account be required to prove he or she is who they say they are. This "proof" can be done in a variety of ways such as temporarily posting two "micro-deposits" (less than a dollar) into the applicant's bank account and have the applicant validate the deposit amounts, and the Social Security number on the bank account (as PayPal does), or requiring that the applicant have a verified PayPal account before he is allowed to buy or bid.
Since bank account numbers and access codes are easily "phished" with spoof emails and spoof Web sites (see my posting titled "phishers of men"), in ADDITION to the bank account verification, the phone number registered to the account pending activation should be checked (this is done easily via online phone directories).
Since more than 90% of people on eBay (according to PayPal) have PayPal accounts, and being that account verification to a bank account where you, as an applicant must have access to the account in "real time" in order to verify "micro-deposits" seems to be an effective (but not iron-clad) means of verifying a person's identity, the pre-existence of a verified PayPal account would speed the sign-up process for new eBay users, and make it more difficult for thieves to even open an account.
In addition to BOTH eBay and PayPal's security measures as they stand, in order to open either an eBay account or a PayPal account, the applicant should be required to provide the number and verification code of any credit card or debit card issued by a bank that has been issued at least 90 days previously.
The applicant should also be required to verify his email address, and the IP number of the response to a "verification email" should be secretly recorded to the account information. Since most thieves "work" from their home computers, this would provide additional information to track a potential thief should he be able to circumvent all the other requirements for validation.
In short, the identity verification process should include ALL of the following:
Validation of mailing address via normal postal mail (fraud would then ALSO be a FEDERAL OFFENSE and the FBI / Postmaster could then be recruited in efforts to find and prosecute thieves).
Validation of bank account registered to applicant's name / address / SSN
Validation of credit instrument registered to applicant.
Validation of e-mail and recording of respondent's IP address.
It would also be a good idea if eBay and PayPal had what I would call "common tracking numbers" - clickable links that would take the seller back and forth between the eBay "sold items" screen and the PayPal transaction screen for that particular purchase. As it is now, there is no "one-click" means by which to do this.
Although PayPal does require all but the last in this short list, eBay requires NONE of this information to "register". Merchants can require PayPal as the payment instrument of choice, but the payer does NOT have to have a PayPal account to make the purchase, as PayPal accepts major credit cards as payment, and deposits these credit card purchases to the seller's PayPal account - the seller has no means of knowing what instrument was used in the payment. Payments are posted as "completed" to the seller's eBay screen (see screen shot #1 where the ($) icon is lit indicating that payment was made and (the seller would naturally assume) that the money has been deposited to his PayPal account) The mouse-over pop-up caption on the ($) icon reads:
This item was paid for via PayPal. Payment
was sent to: [email protected] on Nov-15-07.
It turns out that once this ($) icon is turned on, if PayPal later investigates the payment and decides the payment may be fraudulent, this ($) icon is NOT turned off. Unless the seller monitors his email and gets a message from PayPal that funds are being withheld pending investigation, he may ship the merchandise to the thief - AND - when the payment is finally reversed, the merchant would NOT be covered under PayPal's "seller protection".
Also, since PayPal's communication with the buyer about such issues are made ONLY to the seller's email address, and NOT to his eBay "sold items" screen, it probably would be a great idea to have such messages posted as ALERTs to the seller's eBay sign-in screen, so that when a seller logs into his account and there is a buyer validity or other payment issue on his PayPal account, immediately upon log-in, the eBay merchant would see a message like this:
ATTENTION!
PayPal has suspended / reversed a payment to your account.
This matter requires your immediate attention. Please log in to
your PayPal account to resolve this matter prior to shipping
any items recently ordered from your store.
It would also be a good idea for eBay to incorporate an icon or some sort of indication on the member's profile page (see screen shot #5 and screen shot #6) to indicate whether or not the eBay member has validated their identity. However, this suggestion seems to be a non-sequitur being that I previously suggested that activation of eBay accounts be conditional upon either previous identity validation by PayPal or by eBay employing the same methodology. This suggestion therefore, would be a stop-gap measure requiring all eBay accounts to be verified by one method or the other by a certain date, or be deleted from the system. At that point in time, no new eBay accounts would be able to buy or sell unless the identity of the person owning the account could be verified "beyond a reasonable doubt".
As of this writing (Nov 23,07) the fraudulent purchases # 273 and # 274 made on Nov 15 07 are STILL showing as "Paid" ($) icon lit on my eBay "sold items" screen (screen shot #1), and the "paid for via PayPal" message on the mouse-over on this icon is STILL there - despite REPEATED calls to both eBay and PayPal. This is a SOFTWARE problem with the eBay / PayPal Enterprise Solution, and it needs to be fixed post-haste.
I have REPEATEDLY attempted to get a resolution of this matter from eBay and PayPal to no avail. If this problem is not addressed to my satisfaction by Nov 30 I will put PhoenixStore in "on vacation" mode, in consideration of closing it permanently, and since the attempt to resolve this nonsense has cost me fully a WEEK of my valuable time, I will post this page on every Enterprise Web site we own, and I will post it to www.Usa Consumer Complaints.com where it will remain FOREVER (not even I will be able to delete it) for millions of viewers to see - eBay and PayPal will have to respond to the complaint, and will have to take usacomplaints.com to court to have the posting removed, and Rip Off report has never lost a case (see the following):
Communications Decency Act or "CDA", 47 U.S.C. 230) Batzel v. Smith, 333 F. 3d 1018,102728 (9th Cir. 2003)
See Doe v. America Online, Inc., 783 So. 2d 1010 (Fl. 2001)
Green v. America Online, 318 F. 3d 465,470 (3rd Cir. 2003)
Carafano v. Metrosplash.com, Inc., 339 F. 3d 1119 (9th Cir. 2003)
Schneider v. Amazon.com, Inc., 31 P. 3d 37 (Wash. App. 2001)
Doe v. GTE Corp., 347 F. 3d 655 (7th Cir. 2003)
Zeran v. America Online, Inc., 129 F. 3d 327 (4th Cir. 1997)
Blumenthal v. Drudge, 992 F. Supp. 44 (d.D.C. 1998)
NOTICE: If you play games with my valuable time or my money, you will pay DEARLY!
In the meantime, the theme of the message here is:
Seller Beware!
David
Queens, New York
U.S.A.
0 comments