eBay: Let's wait and see on tighter security

WASHINGTON--eBay and its customers must accept that fraud goes with the territory of online transactions, a top executive at the auction giant said.

Paul Kilmartin, director of performance engineering and availability at eBay, said the company could introduce security technology such as two-factor authentication, but the sure way to eradicate all fraud from its business would be to stop trading. "The one easy way to stop all the fraud would be to turn off the site tomorrow, and there would be no more illegal activity," he said.

Kilmartin, a 10-year eBay veteran, made the comments at Sun Microsystems' quarterly release event here on Tuesday following questions about whether eBay has any plans to introduce two-factor authentication technology to combat fraud among its users.

Two-factor authentication means requiring a second security device, such as a smart card or fingerprint, in addition to a password, to verify the identity of an IT user.

Kilmartin said that eBay has no plans to alter its authentication process for now. "We have no specific plans in this area yet, unless we start to see real demand for it," he said.

Kilmartin's remarks are at odds with comments made earlier this year by Howard Schmidt, the chief security officer for eBay and former White House cybersecurity advisor, who has called for greater use of two-factor authentication.

Speaking at a press briefing in Barcelona last November, Schmidt said that businesses had clearly improved their security practices, but that the technology is now available for them to use two-factor authentication.

"We're doing better security now, but we still depend on usernames and passwords as a way of getting online. We now have the technology for the end-user to have two-factor authentication. We expect to see security grow and be federated," said Schmidt, adding that people had to accept the need to supply more credentials.

Microsoft's chief security strategist, Scott Charney, recently said that companies had failed to adopt two-factor authentication as fast as he would have liked.

"We haven't had as much adoption as you would hope for," Charney said. "A lot of solutions for two-factor authentication are for enterprise spaces. If you get two-factor authentication to the consumer level, you reduce the phishing threat."

eBay was criticized by a U.K. judge late last year for not doing enough to protect its users from the dangers of fraud. Judge Richard Bray said it was "hardly surprising" that eBay was targeted by criminals, given the measures it has put in place to protect users.

The judge was presiding over the trial of a woman convicted of taking $5,700 (3,000 pounds) from five separate eBay customers for nonexistent tickets to the Glastonbury music festival.

And on Wednesday, a teenager who used eBay to defraud more than 100 people of a total of $85,000 (45,000 pounds) was sentenced to 12 months detention and training.

eBay insists that its systems are safe and secure. "Fewer than 0.01 percent of all listings on eBay result in a confirmed case of fraud, and when used properly the site is a safe and secure place to buy and sell," an eBay spokesperson said in response to Judge Bray's comments.

eBay has been using Sun's server technology for the past eight years and says the technology has been fundamental to ensuring that the online trader has maintained consistent availability during that time.

According to Kilmartin, eBay has some 147 million registered users worldwide and trades more than $1,344 in goods on the site every second. He explained that maintaining that kind of availability meant staying vigilant against online fraudsters and attacks against the auction site's network security defenses.

Andrew Donoghue of London-based ZDNet UK reported from Washington.

[PCPrivacyTech]

eBay is not the problem

The article makes it seem hypocritical that Howard Schmidt has called for two-factor autentication while eBay does not have it. It is not at all.....Those calling for two-factor authentication are not talking about sites like eBay! It would destroy the site to attempt such a thing with its trade base. However, it is WAY past time for large financial interests to introduce 2FA. A token would be given to banking customers at the time an account is opened, or sent registered mail by other financial institutions and always used w/ passkey to access sensitive online areas.

Two-factor autentication is not for large trading (or even retail) sites like eBay.

[PCPrivacyTech]

eBay is not the problem

The article makes it seem hypocritical that Howard Schmidt has called for two-factor autentication while eBay does not have it. It is not at all.....Those calling for two-factor authentication are not talking about sites like eBay! It would destroy the site to attempt such a thing with its trade base. However, it is WAY past time for large financial interests to introduce 2FA. A token would be given to banking customers at the time an account is opened, or sent registered mail by other financial institutions and always used w/ passkey to access sensitive online areas.

Two-factor autentication is not for large trading (or even retail) sites like eBay.

[ldbrlnd]

Fraud reporting to E-Bay

In my case the effort to report the fraud to E-Bay was greater than the $28 that I was defrauded of.
This helps explain why E-Bay's fraud statistics are so low.

ldbrlnd

[ldbrlnd]

Fraud reporting to E-Bay

In my case the effort to report the fraud to E-Bay was greater than the $28 that I was defrauded of.
This helps explain why E-Bay's fraud statistics are so low.

ldbrlnd

[Anon-Y-mous]

They don't count deadbeat bidders in the counts

If they did, fraud would be in the 5%10% range, as most sellers experience at least 1 in 10 deadbeats, while many (especially if you refuse to deal with the scamers who try to use PayPal who later illegally chargeback) will see a 1 in 6 or 1 in 7 deadbeat ratio.

To a seller, that's FRAUD since you're still stuck paying listing fees and have to jump through hoops and wait 2 separate periods of time to just get back the commissions, all the while eBay rakes in the listing fees caused by deadbeats.

As a buyer, about 1 in 100 purchases ends up in outright fraud: 1%, EVEN when you are very careful about who you buy from. Therefore I believe real fraud is higher because most buyers do not know or report. As a buyer, about 1 in 25 end up in "not as described" complaints that sometimes you can work out between buyer/seller.

But outright fraud by buyers scamming PayPal or never paying has to be about 10%, and by sellers not shipping or doing other outright (not quality of goods) fraud has to be at least 1%.... far from their regularly stated 1 hundreth of 1% they always use.

[Anon-Y-mous]

They don't count deadbeat bidders in the counts

If they did, fraud would be in the 5%10% range, as most sellers experience at least 1 in 10 deadbeats, while many (especially if you refuse to deal with the scamers who try to use PayPal who later illegally chargeback) will see a 1 in 6 or 1 in 7 deadbeat ratio.

To a seller, that's FRAUD since you're still stuck paying listing fees and have to jump through hoops and wait 2 separate periods of time to just get back the commissions, all the while eBay rakes in the listing fees caused by deadbeats.

As a buyer, about 1 in 100 purchases ends up in outright fraud: 1%, EVEN when you are very careful about who you buy from. Therefore I believe real fraud is higher because most buyers do not know or report. As a buyer, about 1 in 25 end up in "not as described" complaints that sometimes you can work out between buyer/seller.

But outright fraud by buyers scamming PayPal or never paying has to be about 10%, and by sellers not shipping or doing other outright (not quality of goods) fraud has to be at least 1%.... far from their regularly stated 1 hundreth of 1% they always use.