On November 14, and 15 someone using a stolen identity or stolen payment instrument (credit card or PayPal account) attempted to purchase three high-ticket items from our eBay store. Immediately suspicious was that these transactions came from two separate eBay accounts that had common domain-name email addresses: ([email protected]) and ([email protected]) and were executed on the same day the eBay accounts were opened (see screen shot #5). Actual screen shots from my computer are displayed on Net4TruthUSA.com/ebaystore.htm
We requested contact information from eBay (advanced search / members / find contact information) and did a reverse phone number search via yellowbook.com, which yielded phone number listings. We then tried to call the customer with the result that the phone number given to eBay when the eBay account was opened, was a non-working number.
The fact that both of these thieves (or one thief using two email accounts on the same domain) also had NO feedback from other buyers or sellers is almost conclusive proof that the transactions were attempted theft. We contacted PayPal and eBay, and we had the transactions reversed (the funds stolen from someone's credit card or PayPal account were returned to the rightful owner). We also tried to bring up www.cathyplc.com (see screen shot #4) and discovered it was a shill [personal] domain account (with nothing on it) hosted by Yahoo! However, the hosting was paid for, and the payee could possibly be the wannabe thief (or the thief who used (perhaps) used a stolen credit card to also pay for the domain hosting).
We contacted Yahoo! And notified them that the two email addresses at www.cathyplc.com were being used for the perpetration of Internet identity theft / fraud, and put them in touch with PayPal security. We have not heard a peep from Yahoo and the shill Web site is still "under construction" (why am I not surprised?). We also contacted the Fraud unit of the NY State Attorney General's Office (In 2006 I worked for NYS-AG Medicaid Fraud Unit as an undercover Confidential Informant and busted some "Psychiatrists"). PayPal also reports these incidents to the FBI, and assists law enforcement pursue fraud investigations.
Although in this particular incident, the thieves appeared to have set up a completely fraudulent eBay account for the sole purpose of stealing products from eBay merchants, this is by far not the ONLY Internet fraud being perpetrated (this is not to imply that the Internet is rampant with fraud, but the evidence speaks for itself). Examples of various and sundry scams and "phishing" attempts (some of them so pathetic they are laughable) can be viewed on:
AssholesAmongUs.com/phishersofmen.htm.
While eBay and PayPal have their own protocols and guidelines, and have "suggestions" for buyers and sellers, in light of the fact that these three transactions probably would have made it to the point where a novice eBay merchant would have shipped the items to the "customer", we have developed our own set of guidelines and a "red flag" checklist (see posting on my Web site).
On the morning of November 22 (Thanksgiving), I called eBay's "Trust & Safety" department, and explained this situation anew to someone else. When my explanation at what had occurred elicited no response from the person at the other end, I asked to speak with a supervisor. After listening to "elevator music" for 5 minutes while I was on hold, the supervisor answered. He also seemed dumbfounded, and blamed the problem on PayPal. I also gave him the URL for this page, and sent the URL for this page in emails to eBay and PayPal in reference to this problem.
I expressed the concern that as a merchant, I pay PayPal to ensure the security of transactions. EBay is also coming up short in the security department (obviously), because this person was able to open up TWO eBay accounts and place orders for items totaling over $3,000 without ever having to verify their identity, and ONE of the payments actually went through, and was temporarily posted into my PayPal account, until I personally refunded the money (by refund via PayPal) to whoever* it had been stolen from.
* As an eBay merchant, I cannot see the credit card or payment instrument information, and PayPal will not disclose it - which is a good thing.
My suggestions to eBay and PayPal
Currently, anyone can open an eBay account without verifying his identity, and immediately buy or bid on items from any eBay store or from anyone selling on eBay. It is prudent to require that anyone opening such an account be required to prove he or she is who they say they are. This "proof" can be done in a variety of ways such as temporarily posting two "micro-deposits" (less than a dollar) into the applicant's bank account and have the applicant validate the deposit amounts, and the Social Security number on the bank account (as PayPal does), or requiring that the applicant have a verified PayPal account before he is allowed to buy or bid.
Since bank account numbers and access codes are easily "phished" with spoof emails and spoof Web sites (see my posting titled "phishers of men"), in ADDITION to the bank account verification, the phone number registered to the account pending activation should be checked (this is done easily via online phone directories).
Since more than 90% of people on eBay (according to PayPal) have PayPal accounts, and being that account verification to a bank account where you, as an applicant must have access to the account in "real time" in order to verify "micro-deposits" seems to be an effective (but not iron-clad) means of verifying a person's identity, the pre-existence of a verified PayPal account would speed the sign-up process for new eBay users, and make it more difficult for thieves to even open an account.
In addition to BOTH eBay and PayPal's security measures as they stand, in order to open either an eBay account or a PayPal account, the applicant should be required to provide the number and verification code of any credit card or debit card issued by a bank that has been issued at least 90 days previously.
The applicant should also be required to verify his email address, and the IP number of the response to a "verification email" should be secretly recorded to the account information. Since most thieves "work" from their home computers, this would provide additional information to track a potential thief should he be able to circumvent all the other requirements for validation.
In short, the identity verification process should include ALL of the following:
Validation of mailing address via normal postal mail (fraud would then ALSO be a FEDERAL OFFENSE and the FBI / Postmaster could then be recruited in efforts to find and prosecute thieves).
Validation of bank account registered to applicant's name / address / SSN
Validation of credit instrument registered to applicant.
Validation of e-mail and recording of respondent's IP address.
It would also be a good idea if eBay and PayPal had what I would call "common tracking numbers" - clickable links that would take the seller back and forth between the eBay "sold items" screen and the PayPal transaction screen for that particular purchase. As it is now, there is no "one-click" means by which to do this.
Although PayPal does require all but the last in this short list, eBay requires NONE of this information to "register". Merchants can require PayPal as the payment instrument of choice, but the payer does NOT have to have a PayPal account to make the purchase, as PayPal accepts major credit cards as payment, and deposits these credit card purchases to the seller's PayPal account - the seller has no means of knowing what instrument was used in the payment. Payments are posted as "completed" to the seller's eBay screen (see screen shot #1 where the ($) icon is lit indicating that payment was made and (the seller would naturally assume) that the money has been deposited to his PayPal account) The mouse-over pop-up caption on the ($) icon reads:
This item was paid for via PayPal. Payment
was sent to: [email protected] on Nov-15-07.
It turns out that once this ($) icon is turned on, if PayPal later investigates the payment and decides the payment may be fraudulent, this ($) icon is NOT turned off. Unless the seller monitors his email and gets a message from PayPal that funds are being withheld pending investigation, he may ship the merchandise to the thief - AND - when the payment is finally reversed, the merchant would NOT be covered under PayPal's "seller protection".
Also, since PayPal's communication with the buyer about such issues are made ONLY to the seller's email address, and NOT to his eBay "sold items" screen, it probably would be a great idea to have such messages posted as ALERTs to the seller's eBay sign-in screen, so that when a seller logs into his account and there is a buyer validity or other payment issue on his PayPal account, immediately upon log-in, the eBay merchant would see a message like this:
ATTENTION!
PayPal has suspended / reversed a payment to your account.
This matter requires your immediate attention. Please log in to
your PayPal account to resolve this matter prior to shipping
any items recently ordered from your store.
It would also be a good idea for eBay to incorporate an icon or some sort of indication on the member's profile page (see screen shot #5 and screen shot #6) to indicate whether or not the eBay member has validated their identity. However, this suggestion seems to be a non-sequitur being that I previously suggested that activation of eBay accounts be conditional upon either previous identity validation by PayPal or by eBay employing the same methodology. This suggestion therefore, would be a stop-gap measure requiring all eBay accounts to be verified by one method or the other by a certain date, or be deleted from the system. At that point in time, no new eBay accounts would be able to buy or sell unless the identity of the person owning the account could be verified "beyond a reasonable doubt".
As of this writing (Nov 23,07) the fraudulent purchases # 273 and # 274 made on Nov 15 07 are STILL showing as "Paid" ($) icon lit on my eBay "sold items" screen (screen shot #1), and the "paid for via PayPal" message on the mouse-over on this icon is STILL there - despite REPEATED calls to both eBay and PayPal. This is a SOFTWARE problem with the eBay / PayPal Enterprise Solution, and it needs to be fixed post-haste.
I have REPEATEDLY attempted to get a resolution of this matter from eBay and PayPal to no avail. If this problem is not addressed to my satisfaction by Nov 30 I will put PhoenixStore in "on vacation" mode, in consideration of closing it permanently, and since the attempt to resolve this nonsense has cost me fully a WEEK of my valuable time, I will post this page on every Enterprise Web site we own, and I will post it to www.Usa Consumer Complaints.com where it will remain FOREVER (not even I will be able to delete it) for millions of viewers to see - eBay and PayPal will have to respond to the complaint, and will have to take usacomplaints.com to court to have the posting removed, and Rip Off report has never lost a case (see the following):
Communications Decency Act or "CDA", 47 U.S.C. 230) Batzel v. Smith, 333 F. 3d 1018,102728 (9th Cir. 2003)
See Doe v. America Online, Inc., 783 So. 2d 1010 (Fl. 2001)
Green v. America Online, 318 F. 3d 465,470 (3rd Cir. 2003)
Carafano v. Metrosplash.com, Inc., 339 F. 3d 1119 (9th Cir. 2003)
Schneider v. Amazon.com, Inc., 31 P. 3d 37 (Wash. App. 2001)
Doe v. GTE Corp., 347 F. 3d 655 (7th Cir. 2003)
Zeran v. America Online, Inc., 129 F. 3d 327 (4th Cir. 1997)
Blumenthal v. Drudge, 992 F. Supp. 44 (d.D.C. 1998)
NOTICE: If you play games with my valuable time or my money, you will pay DEARLY! In the meantime, the theme of the message here is:
Seller Beware!
UPDATE: As of Jan 24, there has been NO RESPONSE by eBay management about the issues addressed above - issues that would have bankrupted my eBay business, and negated all my profits for the two years or more that I have been doing business on eBay.in addition, eBay's system failed to deliver the URL for several software purchases made by customers on my eBay store. These were $1.00 and $4.00 items, and as a merchant, I assumed that the delivery system was working, because it worked for all of the previous customers who bought these products. After a few days, the customers (who were not eBayers), without contacting me about the problem, decided to leave negative feedback instead. As a result, I responded and tried to resolve the issue with eBay - no response. I cannot afford to waste my valuable time tracking down one-dollar sales (of which I net about 70 cents) to make sure the customer received them. After further research, it turns out that eBay was at fault. The customers saw the problem, and attempted to remove the negative feedback, but were locked out of the system. It is at this point that I decided to no longer do business on eBay.
It turns out that there is an alternative to eBay - http://www.easybid.Biz - you can join for free, and there are no "final value fees" or other recurring costs for operation. There IS a ONE-TIME member fee to set up a store, but this is easily recovered in one or two months by the fact that there are no fees associated with the sale of items on that site. We are in an evaluation process, and we will post our findings here - in the meantime, you can purchase all of the digital items we formerly offered for sale on eBay for the same prices (OUR DELIVERY SYSTEM WORKS 100% of the time) on: http://digital.net4TruthUSA.com
The following is a copy of an eMail I sent to the CEO of EasyBid.com
I have just joined EasyBid as a free member, and will be upgrading to stores / pro shortly - this after a potentially business-ruining experience with an unresponsive eBay staff that refuses to answer my emails with anything but a form letter, and allows thieves to run rampant on their site, preying on honest merchants. I have documented all of this on www.net4TruthUSA.com/ebaystore.htm and you should have a look at it, along with numerous complaints of the same nature filed by disenchanted merchants and buyers on usacomplaints.com - I tell you, only the fact that I have been doing Internet business since 1994 saved me from the thieves, and my losses would NOT have been covered had I shipped the expensive merchandise to the thieves who ordered it via my store. My post and complaint with usacomplaints.com spells it out with screen shots - and THEN they have the NERVE to blame ME for their failure to deliver download links for digitally-delivered items that resulted in a few customer complaints for $1.00 and $3.00 items. That was the last straw!
I am writing to you as a businessman, and I can tell you that when you get as big as eBay, you start to lose focus on the needs of people who keep you in business. Those matters were easily resolved, but after WEEKS of wasting my time with these idiots, I decided that I was "pissing up a rope" as they say in the military. LATER for eBay.
I'm doing a few test pages on your site, and if it works well, the "PhoenixStore" link from all the sites (and their mirror sites) represented by the logos below, will be changed to {my store} on EasyBid.
0 comments