$5 PayPal security key gives false hope to stop phishers

Like many financial institutions, eBay and PayPal are late adopters of security devices for one time passwords. A security device (costing $5 in the US) gives a different security code each time you log into your account. PayPal say it "generates a unique six-digit security code about every 30 seconds. You enter that code when you log in to your PayPal or eBay account with your regular user name and password. Then the code expires - no-one else can use it." Or can they??

These devices have been around for almost twenty years with Security Dynamics (RSA Security) and Vasco being the earliest to market solutions. The eBay PayPal key has been developed in conjunction with VeriSign.

The biggest concern is are the tokens effective in preventing phishing attacks? Well firstly it's not what they were designed for. They were designed originally for remote access solutions where an employee would dial into a company workplace over a telephone line. Rather than a password that could be written down the token ensured hackers couldn't dial in to the network with a compromised password. There was little chance of anyone intercepting the dial up phone call. The tokens were then deployed for use internally for all users on a network. Later they migrated outside the network as the Internet became more common for remote users connecting to corporate networks, for online banking, and now for eBay and PayPal.

It's important to realise they weren't designed for use on the Internet in the first place, and that hackers have had decades to develop ways to combat the tokens. The actual keys generated are still secure, there is still no effective way to compromise the security codes generated. This doesn't deter the phishers though - they have other tools in their arsenal.

Man in the middle attack

We've all seen phishing emails where a hacker tries to get you to click to a fake eBay or PayPal website and enter your user name and password which they later use to access your account. Smarter phishing sites are becoming more common where the hacker captures your user name and password and instantly uses it to log on to the real site. They pass the information you request to the site and back to you - you may never realise you're not logged directly into the site, but in the mean time the hacker is able to perform any transaction they please while you make the transaction you logged on to do.

Trojan attacks

Far too few Internet users keep their security up to date allowing virus and trojan attacks. If a phisher manages to install a trojan on your computer next time you log on to eBay or PayPal they can piggy back on your logon to perform their own transactions.

These two methods for bypassing one time passwords are not new - they were reported by Bruce Schneier back in March 2005. What does this mean to the new PayPal and eBay security devices? Well it'll make the phishers lives harder but so far they're only available in the US, Australia and Germany, leaving plenty of targets for phishers in the other eBay and PayPal territories. Secondly they're not compulsory, free for PayPal Business accounts but the $5 cost will put off many users who arguably are the most vulnerable. Finally the efficacy of the tokens themselves has to be questioned. It's technology that's been around before most of today's hackers first logged on to the Internet and was designed for dial up connections to corporate networks. Hackers have grown up looking for ways to render them useless.

It remains to be seen if the promise of security will result in users lowering their guard still further. After all no one can access your account without your token can they? Well possibly they can - users need to be as vigilant as ever. As Blogging stocks ask "Are the days at an end to eBay and PayPal phishing scams?". Sadly the chances are they're only just beginning!

impeachbush.com web address on eBay today

With exactly two years of his presidency left there could be trouble ahead for George W Bush. The domain name www.impeachbush.com is up for sale on eBay and ends later today. Anyone wishing to avail themselves of the domain will need deep pockets, the auction is currently standing at $25200 (About £12700).

eBay boost Stubhub management with Tsakalakis

eBay Veteran Chris Tsakalakis eBay Vice President, Advanced Solutions is to move to help manage StubHub and the overall eBay Tickets business as reported by Fruity.

Tickets is an area that really needs some experience and not one eBay has a particularly good reputation in. On the one hand many promoters decry touts and have often cancelled tickets resold on eBay, so much so that it's notable when a promoter such as Affiliate Summit suggest buying on eBay when the official sources have sold out.

Even worse eBay have come under fire when charity concert tickets such as Live 8 and Concert for Diana appear on the site. eBay have taken the decision to ban tickets for certain charity events in the past, but this again raises questions. Why aren't the organisers selling tickets at higher prices raising more money for charity if people are willing to pay? Why don't the organisers themselves auction a certain number of tickets on eBay?

eBay in Australia recently took Australia's Big Day Out concert to court (and won) for threatening to cancel tickets sold online. Big Day Out organisers claimed selling on eBay was depriving audience members of buying tickets at the right price but as per usual fail to explain why a fan shouldn't bid whatever they see fit even if that is many times the original price of the ticket. Surely if organisers are that concerned that genuine fans should be able to buy tickets they should find better ways to sell and distribute them in the first place? If they can't or won't why complain that others do supply fans with tickets, albeit at a price?

At the end of the day almost all complaints about resale of tickets could simply be solved by promoters issuing them to named individuals and insisting on Photo ID to gain entrance. If they fail to do so they have little cause to complain when tickets change hands.

Tsakalakis is moving to an area full of controversy, but recently with the changes in visibility of shop inventory format (twice in a year) he should be used to that. No doubt he will relish the challenge!

eBay shutting down? It's a hoax

A new hoax email is doing the rounds phishing for user names and passwords. Normally we'd ignore these but this one has an amusing twist and shows the hackers have a sense of humour.

The email states that eBay has decided to close because of "repeated abuses on our company". It then invites you to vote, asking if you agree or disagree with the decision. It goes on to say that if 50 per cent or more or respondents want eBay to remain open, it will. From then on it's the normal link to a phishing site which looks like eBay but is a attempt to convince you to enter your eBay user name and password in order to vote.

You have to question how many people would be gullible enough to think eBay would poll users on a decision such as shutting the site down, but doubtless they'll try to vote anyway. We expect eBay to get the phishing site closed down pronto and to update the eBay toolbar to warn users they're not on the eBay site.

PayPal preferred

It's official, the latest JP Morgan Securities survey reveals that buyers prefer PayPal to Google Checkout. Whilst only 6% of those surveyed had actually used Google Checkout only one in five of these were happy in the survey. Contrast this to a massive 42% using PayPal of which almost half rated the service as "good" or "very good".

43% of those surveyed intend to use PayPal but not Google Checkout in the future (80% had heard of PayPal) while a tiny 2.3% intend to use Google Checkout but not PayPal.

The survey shows that PayPal not only has great brand awareness, but the threat of Google has so far had very little impact on it's business. In fact if Google weren't constantly bombarding sellers and buyers alike with cash (either free processing or cash back for paying with the service) their market share would be even less.

Google have a long way to go before they become a mainstream method of payment, or even to be a recognised alternative player in the online payments market. Google's $10 handouts to buyers obviously aren't buying them many friends!

EU know it's a load of cobblers

So far, these efforts appear to be paying off with minimal disruption to our legitimate sellers.

That's Bill Cobb referring to the effects of the new "Building Trust by Reducing Counterfeits" policy. Exactly which sellers is Cobb talking about here? The couple of hundred cherry-picked and invited to listen to his spiel in San Jose? Or the thousands of sellers around the world outside the Ivory Towers who are struggling to maintain their sales on eBay?

We reported last week the huge problems Spanish sellers are having now that they're unable to list or ship outside Spain. The European Union is working to remove all cross border trade restrictions.

Removing border posts across Europe is easy. The real challenge for the European Union is to ensure that more subtle obstacles to cross-border trade in goods and services are similarly consigned to history.

Suddenly removing the ability for Spanish sellers to sell luxury goods across Europe is taking European Internet commerce back years at a single stroke, and it's not just the Spanish! All the other EU sites are in the same position, it's just I don't speak good enough Italian to communicate with those guys and report on the situation there!

There's another serious consequence of the new policy too, sellers who have been regularly selling on eBay for a number of years are suddenly finding their ability to make a living is severely restricted. A quick browse of almost any community board reveals sellers fighting to be able to list the inventory they have for sale.

It took them 10 days, to reinstate mine.... Their reply was that my account was in good standing and it was just a spot check!!!! bloody cheek. i was reinstated for a day then it happened again. was off for 5 days then back on again.. same answers..... then restricted me again while they looked into it. another 5 days..all in december too!!! i lost thousands as a power seller.

This quote is not an isolated incident, and we're not talking about sellers that have only just started out on eBay. These are sellers who have been trading for years and in many cases rely on eBay for their entire income.

It's all very well for Bill Cobb whose remit is eBay North America to state that sellers aren't being disrupted, but maybe if he cast his eye across the water to Europe he'd find a very different story. It is not the biggest sellers on the North American continent who are suffering, it's the rank and file of sellers worldwide who have piles of inventory and are suddenly barred from marketing their goods to the customers they purchased them for.

Fraudulent seller "faked own death"

A nurse who faked his own death after being caught out selling non-existent computer games on eBay wept as he was sent to prison for six months. Martin Dunn from Kirk Sandall listed computer games for sale months in advance of their release date. Buyers were expecting to have to wait up to three months for delivery, so by the time they realised they had been scammed, Paypal's thirty day complaint period had elapsed.

Upon complaining by email about non-receipt of their goods, several buyers received an email purporting to be from Dunn's wife, saying that he had passed away and she was winding up his affairs. When Dunn was arrested, police found a document entitled "Is eBay Safe?"; the fraudster claimed that he had been running an experiment to expose flaws in the eBay system.

Of course, the old "sorry, I'm dead" line will be familiar to anyone who's sold very much on eBay. With a sad tear, I remember the grieving widow who told me that her husband had purchased a tie from me on the very day of his death, and that once she had paid off the cost of his funeral, she would pay me. Being the nice seller I am, I *did* send her a With Sympathy card ]:)

Any potential scammers should note that eBay and Paypal have now closed this loophole: sellers are not allowed to list pre-release items longer than thirty days before the release date, and Paypal's complaint period has been extended to forty-five days.

All his life for sale

You remember all my life for sale, when John Freyer sold everything he'd ever owned on eBay? Now there's one better: an Australian man really is selling his life. Included in this listing are not just 24 year old Nicael Holt's possessions, but such intriguing items as:

I will teach you my skills which include the following
- Surfing (Expert)
- Climbing (Intermediate)
- Fire Twirling Skills (Intermediate)
(Plus many more)
Will introduce to all my friends & potential lovers (around 8 which I have been flirting with)
I have 2 nemeses.
Friends will treat you exactly as they have treated me. This includes friends who take me surfing, running, climbing and cook for me. All of these features will be transferred over to the winning applicant.
A 4 week training course by the former me which includes the following:
- Many anecdotes and stories from a very interesting and intriguing past 24 years of my life
- 6 Jokes
- Training in becoming me (fashion, food, lifestyle, style of seduction, interests)
- Haircut like mine
- Piercings to the value of $180.
There is some tension with a former ex from a painful breakup which must be inherited.

Originally begun as a joke, as of time of writing, bidding has reached over AU$93k (approx. £37k). Nichael says "I will probably use the publicity to try and send out a bit of an anti-corporation, anti-consumerism and anti-capitalist message. I think I'm going to make a comical doco showing a different way of living thats more relaxed and chilled, and the adjustment to such a life."

We wish him luck in his new life ;-)

"Safe" Paypal compulsory for new sellers

One positive aspect of Bill Cobb's Keynote speech yesterday are the payment requirements for new sellers. New seller accounts will be required to either offer Paypal or to accept direct credit card payments; other payment methods which eBay does not like, such as cheques and money orders, may be offered in addition.

Despite eBay spokesperson Catherine England's assertion that eBay do not intend to make Paypal the sole acceptible payment method on eBay, this is one more step towards exactly that: new sellers tend to start by either selling their own unwanted possessions, or as very small businesses, and one of the beauties of Paypal is that, unlike merchant accounts, it's cheap, quick and easy to set up. In practice, "Paypal or a merchant account" is going to mean *Paypal*.

This is great news. What better way to stop the brand new, (0) feedback scammer accounts than by forcing them to offer Paypal. Such a high percentage of buyers now prefer to use Paypal that this will, at a stroke, instantly protect hundreds of potential scammees. It might (and I know I'm being super-optimistic here) put the scammers off a little in the first place. It's possibly the best move eBay have ever made to keep their buyers safe.

We have just one question. Why is this, the cherry on the sour cake of eBay's changes, being kept just for north America?

Third time lucky for Alaskan jet?

eBay's most infamous unsold item, the state jet of the Governor of Alaska, is back up for sale on eBay. This will be the third time of asking for the poor, unloved plane: both listings previously failed to make their reserve.

Benefits cheat eBay seller jailed

A fraudster has been jailed for selling £100,000 of goods on eBay while claiming benefits. Barry McNaughton from Portsmouth was jailed for six months, and ordered to pay back £16,700 in falsely claimed benefits.

Anti-fraud minister James Plaskitt added: 'Our investigators have more powers than ever before. Our message is clear – don't do it. There are no ifs, no buts – we will catch you.'

McNaughton was originally arrested for handling stolen goods, but it emerged that he was buying cheap goods from markets to sell on. The business plan was obviously pretty successful, as police found two £5,000 Rolex watches, a Tag Heuer watch, £1,300 of jewellery, a new plasma flatscreen TV, a Sony computer and Smeg kitchen appliances: the Department for Work and Pensions, who had brought the prosecution, said that they had never seen a benefits cheat make so much from eBay.

Thanks to Dan for the link.

Skype confirm new price plan

Skype have finally revealed the details of the "disruptive" (we think they need to find a better translator) pricing changes they announced before Christmas. For a flat fee of €2.00 a month, Skype Pro will offer free calls to national landlines after a connection fee of €0.039 (2.9p + VAT). This doesn't seem particularly disruptive, or even revolutionary: it's a very similar deal to what I'm getting from France Telecom and Vodaphone at the moment, and BT and most UK mobile phone providers offer something similar. If you use SkypeOut on a fairly regular basis, though, it seems like a pretty good deal. We're betting this is only the beginning of eBay's plans to monetise their rather controversial purchase of Skype.

Feedback 2.0: I have seen the future and it's full of whinging

Without a doubt picking up on the "Web 2.0" buzzword, this is eBay's attempt to "update" their feedback system. Buyers will be able to rate sellers on a variety of specific aspects of the transaction, including accuracy of description, shipping time, communication and shipping and handling charges.

This has been suggested by eBay, trialled and surveyed for months now, and it was pretty obvious it was coming. Sellers, it must be said, are almost universally against the proposals. This is a system that will be largely used by buyers with a gripe. Happy buyers will leave a positive and that will be that - only those with a complaint that their first class shipping took three whole days, or that they emailed at 4am and didn't get an immediate response, are likely to bother with detailed feedback.

Of course, this will be the same for all sellers. Just as now, the average eBay seller has better than 99% positive feedback, detailed feedback will find its average level. Sadly, this is likely to be rather lower than 99%, which might give the impression that eBay sellers have suddenly all got much worse.

At the same time, percentage scores will be calculated over the last two years only, not from the beginning, thus "archiving" old negatives. No doubt this will be a much more popular move!

But really, one has to ask what the point of these changes are. Will they make eBay any more money directly? No. Will they make sellers more money, so making eBay more money indirectly? No. Will they really make buyers feel more secure? I doubt it. Who goes in to an eBay transaction thinking "oh well, if the seller doesn't ship for a week, I can give them a black mark for it"? This is simply a system that rewards the whingers.

It's also likely to mean the end of most sellers leaving feedback first. And that is something that buyers will not like one little bit.

Keynotes sounding flat with sellers

Yesterday, a number of important announcements about changes to eBay were made by Bill Cobb. Leaving aside the question of why the Head of Marketplaces North America is announcing changes that are being implemented anywhere *but* north America, we'll be looking at some of these changes in detail over the next few posts.

Cobb's announcement said that for eBay, 2007 will see them:

• Reinvest in eBay's core by simplifying the site, improving finding, and accentuating the things that make eBay fun and unique.
• Take a more proactive approach to Trust & Safety to protect our members from fraud.
• Improve the buyer experience on the site by holding sellers to higher minimum standards

This all sounds great in theory, but it's already obvious that the implementation is not quite the breeze they'd have us believe.

A bad idea

Sometimes I really hate being right.

More in the morning when I have un-lost my temper.

Southern Comfort auction to support charity

One for the drinkers out there, The publican Website announces a series of charity auctions to benefit the Licensed Trade Charity kicking off with a boxed set of Southern Comfort Playing Cards and a Pub Tricks and Bar Bets DVD.

For anyone that's enjoyed a pint in a pub how can you resist a charity dedicated to supporting those employed or retired from serving you! Bidding starts at just £1.99 so a bargain, it's just a shame that they didn't register through eBay for charity and have the charity ribbon on their auction.

Vote to scrap the hideous green wallpaper

Following on from eBay India's Dream House, eBay.com and Family Circle are running a Small Spaces contest. There are four finalists and it's time to cast your vote for which should be the winner.

Really in my view, there is no competition - it has to be contestant number four who have transformed their rather dated looking hall way into a classic but modern and welcoming space. Gone is the hideous green wallpaper and in comes a warm Beige Two-Tone Stripe complemented with Victorian accessorisation.

You can see all four finalist's designs on the competition website, but make sure you vote soon as the competition ends on 22nd January!

RM Staffs. staff strike again

Royal Mail workers in Staffordshire are to go on strike yet again this week, as talks over changes to working conditions have once more broken down. Four days of strikes are planned, for Friday and Saturday, and Wednesday and Thursday next week. Royal Mail have said that managers will be drafted in to deal with some deliveries.

Marketworks thrown off eBay

You'd think a sizeable service company could keep it's affairs in order but it appears not. Marketworks (previously known as Auctionworks) forgot to renew their domain name leaving users without pictures in their auctions. Anyone that uses the Auctionworks hosting service (mainly those loyal customers that have been with Marketworks the longest!) were affected.

On Saturday morning (1/13/2007) the auctionworks.com domain expired. This was the cause of image URL's not resolving correctly in auctions. We were able to re-register the domain on Saturday morning and that fixed the root cause of the issue.

There really is NO excuse for this - how hard can it be to manage your domain names and renew them in good time, especially for a company that specialises in Internet eCommerce management services?

The domain was renewed within hours and according to an email sent to an affected Marketworks customer they now plan to phase out use of the auctionworks domain entirely.

via Fruity

Another day, another site issue

Having problems with Paypal this morning? You're not alone. If you can't withdraw any funds, messing about with your email addresses should fix it. I wonder if Paypal have any idea how amateur this looks?

Melissa Lamb sold box in a box on eBay

But not just any box, this one was the star of "My box in a box" inspired from the Timberlake and Samberg sketch screened on NBC just before Christmas. Leah Kauffman conceived the idea and contacted Melissa Lamb through a craigslist advert who co-wrote and performed in the video (Craigslist is part owned by eBay).

The auction closed at $1525 with $1000 going to Philabundance and the balance going to Save the Music.

Edinburgh Military Tattoo - cancelled

Alan Smith, the marketing manager of the Edinburgh Military Tattoo, has disappointed many would be attendees that want to buy tickets on eBay. Despite the fact that all 208,848 tickets for the event have been sold they are writing to people selling on their Tattoo tickets on eBay and cancelling those that aren't pulled from the site. With thirty odd sets of tickets currently listed on the site there are going to be a lot of unhappy customers when they find their purchase is worthless.

Smith complains "The public are being asked to pay four or five times over the face value of these tickets, which is plain wrong." However 22 of the tickets for sale are auctions so buyers aren't being asked to pay over the odds, they're trying to buy at the price they're willing to pay for tickets that otherwise are unavailable. Why does Smith think he has the right to deny them the chance to attend when they so obviously are more than willing to pay to do so?

With eBay buying the Stubhub ticket sales website it'll be interesting to see what happens in the future.

Hey, good looking!

eBay have given us a sneaky preview of the new design for their home page. It's a lovely clean design, with sexy curved corners not dissimilar to the ones I made for a certain Shop ;-) And at long last, Shops are being conspicuously featured:


We're pleased to see that eBay for Charity has a prominent spot. As well as doing great work for good causes, this part of the site does bring in both punters and publicity that eBay would otherwise most likely miss: it absolutely deserves a headline spot.

Also new are a space to talk about site safety issues - long overdue this, it's nice to see eBay finally being more upfront about the need for members to protect themselves while using the site - and 'Look At This', which "will highlight an area of the site that we feel helps make eBay the fun and interesting place it is". The example they give shows Cabbage Patch dolls, "due for a revival". I'm not convinced about Cabbage Patch dolls any more this time than I was the first time around, but it'll be interesting to see what other items Richmond use to fill this spot.

Altogether it's a much more coherent look, a great change from its messy and illogical predecessor.

For a nostalgic look at eBay home pages past, the Way Back Machine has dozens going back to 1999. This one was there when I first visited the site: what a dull start compared with today's!

Death of the Caravan

No, not the Brainiac style blowing up of a caravan as below, but death of the caravan on eBay Pulse. The Brits love their caravans, and for almost the whole of 2006 the search term "Caravan" appeared in the top 10 searches on the front page of Pulse. Sadly the mad rush for the latest must have games consoles have pushed the faithful caravan from the most searched for items on eBay.



eBay Pulse is a tool for sellers although many mistakenly think having their item showing on Pulse (which means it's the most watched on eBay) is a sure fire way to sell it. The truth of the matter is buyers don't know pulse exists, and neither do many sellers. What Pulse is fantastic for is letting you know the most searched for terms in any particular eBay category. This is priceless information for sellers when constructing an item title, do you for instance describe your caravan as a "Touring Caravan" or a "Swift Caravan" (or both if you have room in your title! Were you aware that "VW" (the good old VW Camper) is the third most popular search term in the caravan category currently?

Similar information is available specifically for your own customers from eBay Traffic Reports for those that have an eBay shop, and in this case it tells you the search terms your customers are using in your shop. If you know what people are looking for and give them what they want you'll get more sales. It's as simple as blowing up a caravan!

eBay seek Irish Seller of the Year

eBay have launched a competion to find the Irish seller of the year the top prize of €5000, a trip to eBay Live and a brand new Sony Viao laptop. Two runners up will receive €2500 and a laptop with a further €1000 for three semi finalists. Entrants will be judged on

* The number of successful sales made by each entrant
* The quality of each entrant's listings (taking into account descriptions, titles, customer-friendly policies etc…)
* Feedback received by each entrant from buyers
* The level of creativity demonstrated by each entrant
* The level of community focus demonstrated by each entrant

Entires are available in three categories - New eBay sellers and new eBay businesses that have previously sold less than ten items, and a third category for existing eBay businesses.

The competition is only open to residents in the Republic of Ireland and registration has to be in by 4th February. We look forward to seeing the winner in Boston!

Aviation industry say PayPal wins over Google Checkout

IAG who specialise in business services for the aviation and travel industry conclude that PayPal is a better solution than Google Checkout for payment services. The crux of the matter is that regardless of PayPal fees Google insist on a buyer opening an account prior to sending a payment. They suggest that buyers have enough accounts and passwords to remember already and call Google arrogant for insisting a buyer open an account with them to make a payment to a third party.

Pointing out that while users who already have accounts will have no problem logging in and making a payment there's a reluctance to use sites which constantly insist you open yet another account that you may never use again. IAG conclude that if you can accept both payment methods you should, but if you can only integrate one tool then PayPal is the one to use!

Sundance tickets? You're kidding!

The Sundance Film Festival has become the latest event to try to crack down on eBay ticket re-sales. Officials say they are scanning eBay, and have "contacted those sellers and informed them of our policy and what actions we are taking. I wouldn’t advise people to buy tickets off of eBay or any other site".

As of this afternoon, more than fifty sellers have tickets listed. We'd advise potential buyers to trade very carefully.

Don't steal from your company to sell on eBay

It's almost comical, you open an eBay account yesterday, you steal $9300 worth of electrical products from the company you work for today, and take tomorrow off work to list them on eBay. Unbelievable? Well that's exactly what an employee of GE Energy in Nevada thought they could get away with!

Top marks to the supervisor that thought to check eBay for the missing items, but honestly - you couldn't make it up!