AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Mon Apr 14 2008 15:52:04

eBay Launches Anti-Hijacking Initiative

By: Ina Steiner

Sponsored Link

eBay already collects information about the types of items users are browsing and bidding on and shares it with partners in order to serve up targeted advertisements - both on eBay and off. Now eBay will store information about which computers users are logged into when conducting buying and selling activity on eBay. The company announced Monday it was launching a new initiative in an effort to combat fraud perpetrated through account hijacking:

In June eBay will begin verifying our sellers when they list an item to ensure they are logging in from the same machines they have successfully used previously - usually a home or business computer.

If you are a seller, and you attempt to list an item from a different computer - for example, from a PC you are borrowing in a hotel or library - eBay will make an automated call to the phone number you have registered with us to confirm it is really you. We may also prompt you to verify your identity in other ways.

Initially, this identity confirmation process will only be applied to selling, although we may be extending this to other high-visibility activity in the future.

The first lesson here for sellers is to make sure your contact information - especially your phone number - is up-to-date in eBay's system. eBay said, "A wrong or outdated phone number may delay your ability to list items or respond to your customers, if eBay cannot verify your identity." eBay also recommended sellers register their mobile phones as a secondary phone number in registration details.

Says one eBay seller on his blog, "I hope there's an extra-step built in when the phone number on the account has been changed at the same time the different computer has been used!"

Questions that come to mind include:

Is it troublesome that eBay is storing this kind of data on individuals, or is it no big deal? And will it share the information with its ad partners?

Will this data also help eBay detect shill bidding?

Might eBay share this information with LiveWorld to help monitor users' posting activity on its Discussion Boards?

Can eBay do anything to prevent malicious bidding? (How big a problem is this?)

 




Comments (38) | Permalink

Readers Comments

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: dimes

Mon Apr 14 15:58:54 2008

If a seller tries to list an item when away from home, and eBay makes an automated call to their home, how is the fact that they're not at home to answer the phone going to ''confirm it is really you''?

Sounds like another well-thought out eBay plan...

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Upset

Mon Apr 14 16:37:50 2008

I'm sure that's why they recommended using a mobile number as your ''secondary'' number. Possibly if there is no answer on the primary number they dial the second.

How do I feel about this? I'm not sure, nor do I fully understand WHY they need to do this. I guess it's a form of detecting identity theft? If that's the case, then yea, I'm for it, but it seems to me that identity theft is more about how fast someone can steal your money, not list things on your account in your name.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Upset

Mon Apr 14 16:46:44 2008

I guess I should have read the announcement first. I understand what they are trying to do, and maybe this isn't such a bad idea - heck, maybe the first ''good'' thing they've done this year. It sounds like for the next few months they'll collect data (probably IP addresses) from where you usually post, and if you post from elsewhere, you'll need to confirm it's really you. I think this is a rather benign attempt to control hijacked accounts, and probably will keep a few scammers in check. I entered my mobile phone as my contact number, as both my contact phone number fields were blank.

The question is, if another user requests my contact data, do they get my phone number? I don't mind eBay using it to contact me to verify my identity in an emergency, but I'd rather it not be given out to other users.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Upset

Mon Apr 14 16:52:43 2008

Argh, I'm embarrassed to post a 3rd time, but I was just thinking about this phrase: ''I hope there's an extra-step built in when the phone number on the account has been changed at the same time the different computer has been used!''

Think about it. A hijacker knows the first thing he should do is change the phone number field to his own.

EBAY: You reading this? If you are, and somebody comes in to an account with an IP address that would raise the red flag that would prevent a listing from being made, you should ALSO prevent any account information from being updated so the scammer can not do what is mentioned above. A good plan, but CLOSE THE LOOPHOLES!

Think about it.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: JAW

Mon Apr 14 17:03:59 2008

How ridiculous is this new system? 1st of all like any NEW eBay system it will not work right for a few weeks or more secondly, there are only 2 options for keeping track of the computer being used - 1 record the IP address or 2 read the internal registration information of the computer. Well the IP address can change any time a router is reset or if dial up, every time you connect. If it is reading the internal information on the computer then that is an invasion of privacy and we would have no control of how much information they could extract from our computers.

Brace yourself there is worse to come - eBay AU is requiring all sellers to accept Paypal and eBay UK is now forcing sellers to give refunds for at least 14 days. US eBay sellers get ready - it will be here soon.

JUST ANOTHER LOSE - LOSE FOR ebay SELLERS!!!!!!!!!!!!!!!!!!!!

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Laura

Mon Apr 14 17:10:58 2008

I agree with what has been said so far. It might be a good way to help prevent shill bidding and it should be used when someone tries to change account information. But, other then that it seems a little intrusive.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Upset

Mon Apr 14 19:39:43 2008

Well, JAW does have a point about IP addresses changing frequently, especially on dial-up, and even broadband, so that probably means the IP can't be used. Something I didn't think of. Well, whatever they are using, I'm still for it if it can reduce fraud, shilling, and other internet crime. Come'on, give it a rest already. This could be a good thing. They already know ''who you are'' from a cookie in your browser, what are you so afraid of if it can control some of the fraud you people complain about?

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: patricia

Mon Apr 14 21:57:33 2008

I think maybe they need to hire a couple of professional scammers to help them make a good anti-scam policy.  I read where big businesses - banks and such actually hire hackers to test their systems.  Ahhhh...perhaps that would make too much sense for ebay to process?

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: sam

Mon Apr 14 23:40:12 2008

according to this statement, they aren't targeting shill bidders :''Initially, this identity confirmation process will only be applied to selling, although we MAY be extending this to other high-visibility activity in the future.'' (they May extend it , may not)
I don't understand what eBays hopes to accomplish except to inconvenience sellers who own more than one PC or use a laptop when away from home or who have someone post items for them, or who travel and are often using different machines.
I mean is this really geared at Account Hijacking?
Is there really  a huge problem of hijackers logging into a sellers account , going to MY EBAYS, answering messages and then proceeding to list 100’s of items that are identical to the sellers  normal listings ?
I’ve heard of a few instances where someone hijacks account info and then lists a boat or a car.
So if eBay wants to be diligent, when someone logs into my account from a different computer  & starts listing  high ticket items and items not within my normal listing practices, then fine, call me )
Sort of like how credit card companies sometimes  call you if all of a sudden there is a huge purchase on your account, or something that isn’t of the norm.
But calling every time a seller is at a different computer? (Gee eBays, grow up- some people actually
have multiple PC’s at home) And if your PC dies, and you replace it with a new one, are you now suppose to call eBays and tell them “I have a new PC guys”.
eBay customer support is not the greatest as it is -   the threat of a newbie  in Customer service over reacting in lieu of common sense looms as a real possibility.
And if eBay already knows who I am from cookies they collect, why is this necessary? What's next?
Trying to match my voice print over the phone, OR ELSE???
Will there be a major shutdown of all things with my name on it or will they feel they are within their rights to call my Credit cards or freeze my Pay Pal account because they fear it might not be me posting items for sale under my user ID.
I don’t know what this is about, but it doesn’t sound like it’s about hijacked accounts.
If they were telling us this was mainly to prevent  shill bidders , it might even be more plausible except they say upfront, it’s only being applied to sellers.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: tj

Tue Apr 15 05:29:39 2008

Where do eBay dream up these ridicules ideas?

1) What if you go on Holiday (abroad) & still like to keep track of your selling

2) What if you don’t own a computer….only use multiple Internet café’s etc

3) What if you have multiple selling accounts on 1 computer?

4) What if you Block your MAC address

5) What if you clean your cookies daily

6) What if eBay knew what they were doing

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Tim

Tue Apr 15 11:52:28 2008

What annoys me is when they make a vague announcement like this, but don't provide any of the details until some much later date.  Most of the questions above are legitimate.  eBay has probably (hopefully?) considered them.  Why not give us all the details from the start and avoid all the speculation?

Security based on MAC is easy to defeat with spoofing.  Security based on IP has all the issues mentioned above (and more).  As a practical matter, it's a mobile society.  And freedom from being tied down to a physical location is one of the joys of running an eBay business!  I could just as easily be listing from my home, my office, my parent's house, my local coffee shop, a hotel room in Hong Kong, anywhere on the T-Mobile EDGE/GPRS network (or any of their roaming partners'), an Internet cafe in Belgium, or virtually anywhere else on the planet.  And I spend several weeks every year outside of my "home" country.  So is eBay going to run up my cell phone roaming bill at $1.99/minute every time I check in from some Wi-Fi hotspot (via my VPN, of course) halfway around the world?

Again, why not give us the answers when they make an announcement, rather than forcing us to wait and wonder?

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Zeke McAlister

Tue Apr 15 12:51:43 2008

Has Ebay been Hacked Again?
Ebay's Log In Page:  when I enter my User ID and Password, I am taken to a page asking for my Social Security Number,  my ATM PIN Number, my DOB, etc.  The page also has poor grammar, typical of Nigerian Scams (''please enter as MORE information as  possible'').  I have tried logging in from my home computer, and from a public library.  The same Log In page comes up on both computers.  What gives?

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Raia

Tue Apr 15 13:09:07 2008

What a shame that ebay doesn't use this for their #1 problem/crime against buyers... shill bidding.

But then again, they wouldn't want to do that, because that takes extra FVF pennies out of their pocket and they don't care if the unsuspecting buyer is ripped off in the process.

It's interesting... they go from a policy of posting what you buy in your FB, to a new policy of hiding your ID when bidding... kinda' doing a 360 there eh?

Typical ebayal thinking.

It's a shill bidder's paradise now.

So, so sad, what ebay has become.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Ann

Tue Apr 15 13:35:01 2008

''Is it troublesome that eBay is storing this kind of data on individuals, or is it no big deal? And will it share the information with its ad partners?'' VERY TROUBLESOME. eBay has actually been logging IP addresses for years. They've used them to tie accounts together in the past. The difference is now they are being up front about it. And sharing my information with their ad partners - A huge no-no!

''Will this data also help eBay detect shill bidding?'' Again, this is not new. They've been doing this for several years. However, this is the ONLY legitimate use for this in my opinion.

''Might eBay share this information with LiveWorld to help monitor users' posting activity on its Discussion Boards?'' Again, totally unethical. It defeats the point of having a ''posting ID'' to help keep our complaints about eBay at least semi-anonymous. This way they can shut down those of us who say anything bad about them. CENSORSHIP!

''Can eBay do anything to prevent malicious bidding? (How big a problem is this?)'' No, eBay has no desire to prevent this. They get extra fees from it. They don't want to fix it. And no, although it happens, and has happened to me, (no help from eBay, btw (29 BIN items purchased in 5 minutes from a brand new fake secondary ID of someone upset with me, filled out with completely made-up contact information and NPB on all of them - I had to pay all new listing fees to relist them and the FVFs etc!!)), I don't think it's a wide enough spread problem to concentrate on at this point.

This is NOT an initiative to combat fraud - if it were, it'd be targeted towards shill bidding. Come on now, really, how many account hi-jacks are really aimed at sellers and used to LIST items? 99.9% of accounts that are hijacked are used to purchase items fraudulently. Be honest eBay, at least tell us what your real motives are.

Most sellers, esp. in this mobile society list from more than one IP address. As stated above, IP addresses are reset with every dial-up, router reset etc. Most sellers have at least one desktop computer, a laptop computer and travel. A growing number have employees that list for them, often from home or other locations. After all, this is an INTERNET business, making it possible to sell from whereever you are - at home, work or on vacation in Cancun! This is a horrible idea on eBay's part.  

I certainly don't want to have eBay calling me every time I list from one of my many computers. And what if I usually list from home, but want to check my listings from work? Calling my home number wouldn't work. And I definitely don't want to give them my work number!!! I definitely don't want them to have my cell phone number either.

Why should I provide them with all my phone numbers? After all, eBay doesn't give me their phone number at all!!!! And certainly, not their cell phones. If you want my cell phone number, give me Mr. Donahoe's personal cell phone number first!

Additionally, as a previous poster commmented, eBay even GIVES OUT our phone numbers to strangers who request our contact information. I don't want my phone number given to anyone, let alone my cell phone information! I have to pay for my limited cell minutes, do they want to pay my cell phone bill? And I definitely don't want my cell phone number given out to an upset customer who could then call and harass me.

Get real, eBay. Use your time and (my) money to fight the real fraud being committed on eBay - from the buyers. 99.99% of sellers are honest, innocent victims in your recent campaign of terror against sellers. You are trying to get rid of us in favor of a ''retail'' environment with only big sellers like Sears and Circuit City on there. At least be honest about it.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Helpful

Tue Apr 15 13:40:28 2008

Zeke McAlister - YOU'VE been hacked or spoofed, not eBay. And this is definitely the wrong forum for your concern. You are clicking on a link from a hacker. Never enter any of that information online. Try entering www.ebay.com in the address line instead of clicking on a link. Also check any login page for the https:// in the URL. The S indicates a secure page. Right click on any link that looks legitimate and check the properties, it will tell you if you are being redirected to another site, such as www.ebay.fraud.com. Unless the ebay is directly in front of the .com, it is not their page. A little Internet savvy goes a long way and will protect you from becoming the victim of a scam again.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: dumpebaynow

Tue Apr 15 14:09:47 2008

This is a little too Big Brother for my taste, and there are ways to circumvent it, anyway.  I don't trust flee bay to begin with, so I'm sure there's an ulterior motive to tracking our computers.  It's not just altruistic on their part.  They'll be using that information for other things.

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Ozark

Tue Apr 15 14:12:49 2008

I am interested in seeing how eBay handles listings scheduled through
3rd parties; Auctiva, for example.

I have several listings scheduled for 9:45 p.m. my time. I'm going to
be a little unhappy if my phone starts to ring every evening.


eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Bess

Tue Apr 15 14:18:43 2008

I used to help my elderly father sell stuff so there were many times when we were both logged in under his id.  There are many times when I have been on the road and logged in on other computers to check my stuff.  So now big brother will be wasting time calling me.  I am on the National Do Not Call list and hate intrusive calls.  I would call these calls intrusive.  

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: tula

Tue Apr 15 14:29:34 2008

This is a common anti-fraud practice.  I worked in a security group at a financial company once and this was one of the metrics they used to track fraud.  It was easy to pinpoint potential fraud if someone logged in from say, California, then logged in 10 minutes later from China.  It's not foolproof; nothing is.  But, it's one useful tool in combating fraudulent account access.  

Yes, there are privacy concerns, but most Joe Users don't know enough about how all of this stuff works to do an adequate job of protecting themselves.  Even experts can find some of the hacking techniques baffling.  How many people still click on phishing URLs, for instance?  I think it's a good trade-off for the average user.  Those who know enough to block eBay from doing this kind of checking are probably savvy enough not to get hacked in the first place :-)

eBay Launches Anti-Hijacking Initiative   eBay Launches Anti-Hijacking Initiative

by: Zeke Mcalister

Tue Apr 15 14:30:54 2008

Helpful, thanks for the response. My mistake on posting it to this column.  I want to get the word out.  Ebay Trust and Safety Board has a new Thread from somebody else that got this Bogus Page.
And no, I did NOT enter any info, I know better.  Thanks again for your response and I will not Hijack this thread again.  Best wishes, Zeke McAlister

Click to view more comments
1 2  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.