ebay increasing user security with verification
Published by on June 24th, 2008 Comments Off
Logging in to check progress of a recent sale on ebay this morning I got this interesting message. On the surface it looks like a good way for ebay to have confidence it is indeed you that is placing products for sale in their listings. But this may be more about appearance than real security.
Confirming your identity is easy. We’ll make an automated call to one of the phone numbers on your account – you can choose which one. If you can’t receive a call at one of those numbers, you’ll be able to add another number by answering your secret question, or verify your identity with us in Live Chat.
I had my ebay account compromised a little while ago, with the hacker placing several small items in listings (this meant I would end up paying the listing and selling fees). Ebay’s security system caught it and locked my account down while they dealt with it – thus I was not out of pocket.
When any account – ebay or otherwise – is compromised the hacker has access to your account details, including your contact details. With knowledge that ebay is likely to make a phone call to double check the identity of the user, surely the first thing the hacker will do is change the contact information in the account so that he is the one receiving the security call, not you.
I suppose I should have some trust in ebay that they have considered this eventuality, perhaps by detecting account contact information changes just before a listing, or region/country code changes in the contact phone numbers. I do hope so otherwise this additional measure becomes impotent.
