Verification Errors & Banned Accounts - What's Up With eBay Security?

Liz Morton ~ Founder
Liz Morton ~ Founder


Comments

Back in December eBay had what many presumed was an automated bots gone wild situation with a massive wave of accounts being permanently suspended from the platform that inadvertently took down many legitimate accounts.

Has Your eBay Account Been Suspended Without Explanation?
Reports are pouring in on social media of 100s of eBay accounts being suspended with no explanation.

It's not uncommon to see these complaints about being banned after creating an account, but they do seem to come in waves and I'm definitely seeing more reports cropping up in the last week or so, along with reports of receiving errors when trying to complete eBay's verification process.

Raw Deal: Buyer bemused by online ban after eBay brands her a risky business
For almost 20 years, Nicola Morrison had enjoyed buying and selling small items on her favourite online marketplace.

For almost 20 years, Nicola Morrison had enjoyed buying and selling small items on her favourite online marketplace.

But she was stunned when, out the blue, she received an email from eBay saying that her account had been suspended after it was deemed a “risk to the community”...

...Nicola was further dismayed when she was told that there was no way to appeal against the suspension.


It's also interesting to note several recent observed changes or explicit updates that may be related to account security on eBay.

Back in December, I noted the explicit inclusion of port scanning technology (used to detect if a user on eBay is logged in via a remote desktop session) in eBay's Privacy Policy update (emphasis mine).

Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of captchas, a port enumeration technology to identify user sessions using remote desktop tools or the telephone number stored in your eBay account for risk assessments and two-factor authentication), unless there is a statutory obligation to this effect.

eBay Privacy Policy Update December 23 2021
eBay has a new privacy policy update, effective December 23, 2021.

In the recent User Agreement update, eBay explicitly states users must agree to not share their log in credentials with any third parties, the first time I can remember eBay calling out Multi-User Account Access specifically as a security feature.

In connection with using or accessing our Services you agree to comply with this User Agreement, our policies, our terms, and all applicable laws, rules, and regulations, and you will not:...

...share your log in credentials with any third parties. If you require that authorized third parties (employees, agents, etc) have access to your account we offer a Multi-User Account Access program for that purpose.

eBay User Agreement Update 2-9-22 Comparison
Exclusive comparison of the important changes in eBay’s February 2022 User Agreement update.

And Twitter user, FidoMaster shared what appears to be eBay testing out a new session timeout feature which would require uses to log in again after a period of inactivity - a security feature that was rightly applauded.

While some of these security measures my lead to friction or annoyance for legitimate users, it's encouraging to see that someone at eBay at least seems to be waking up to the account takeover fraud that appears to be happening on the site.

I reported over 150 suspected hijacked accounts engaging in triangulation fraud to eBay back on 2020.

Triangulation Fraud - What Is It & How Can You Protect Yourself?
Multi-channel ecommerce businesses using 3rd party marketplaces may be targeted by this sophisticated fraud.

Multiple times a week, users identify and report compromised accounts being used to create thousands of fraudulent listings for cars as well as high end Rolex watches, trading cards, and more!

Why Doesn’t eBay Do More To Stop Car Scams?
It seems like eBay car scams have been around forever, why doesn’t eBay do more to curb this particular kind of fraud?
Grimsby businessman facing ruin after eBay account ‘hacked’
Phil Green has had to lay off staff and more could suffer after £14,000 hacking scam on his Nunsthorpe business

If eBay really is starting to take steps to address account security issues on the platform, I'm all for it. However, they're going to have to do a whole lot better than the broken verification links and AI powered dragnets that appear to be catching a lot of legitimate accounts in the crossfire with no clear way to appeal and recover banned accounts.

FraudTech IssueseBay

Support VAR