Tag Archives: eBay

Bank Security?

Posted on by

Here in the UK things such as ID-theft and bank fraud are “big news.” It feels like almost every day there is a news item about the government or large organisations losing personal data or a scare about how many people are out there stealing our online banking details. While I have a professional interest in people worrying about information security (and will provide a wonderful consultancy service for a discount if you quote WhyDontYou Blog) I have to say there is more than a small dose of hype and overkill in this.

That said, there is a risk and it is only sensible that people are aware of the potential risks and given the correct advice to mitigate against them.

The important bit is the “correct advice.”

In the UK at least, the Banks are largely responsible for making good any fraudulent use of an account unless they can prove it was the account owners fault. This is a good thing and while the banks will suffer a bit because of some stupid people, the majority of “innocent” victims are protected.

Obviously the banks dont like this. They could take measures to improve their banking security or they could take measures that give a superficial improvement but, on the whole, only shift the burden onto the account holder. Not too long ago, in the UK, if you wanted to buy something with a card you had to sign to prove who you were. The shop owner compared this with the signature on the card and verified your ID – if they were in doubt, they could seek additional documentation. Despite what people think, signatures are hard to forge. This method also forced the shop keeper to physically check the card and read the details.

Despite this, there was still some residual fraudulent activity so the banks changed the process to “Chip and PIN” where you now enter your card into a reader and type in a 4 digit PIN. Wonderful. This is a reasonably secure system but it has a few pitfalls. The most basic is often the shop staff have no contact with the card during the transaction. This means they don’t carry out the basic authentication check of seeing if the person before them is the owner of the card. My wife regularly uses my credit card to shop, because nowhere we go checks that the person in front of them is Mr **** ****** despite it saying that on the front of the card in big letters. This is less important because the 4 digit PIN becomes the safeguard, but basically, it makes it easier to pass of a cloned / fraudently created card – 4 numbers are reasonably easy to find out or, if the card is “created” then they are irrelevant. As far as security goes, this is (largely) marking time. But it does the important task of moving the burden away from the bank.

The latest brainwave the banks have come up with actually annoys me.

Barclays Bank has decided to implement “PINSentry” when you log into their online banking or try to make online payments. Wonderful idea. Well, maybe.

In a nutshell, they have sent everyone a card reader that you use when you log in. To do online banking, you enter your password (etc) as normal, then you have to enter your card into the reader, get an authorisation code and enter that. All well and good – in fact this is a wide scale implementation of a time-worn authorisation system. Previously the entry system was username+password, then a “secret” code. Now the secret code has been replaced by this token generation system.

The problem is that it undermines one of the reasons you do online banking. For me, I like to use online banking from various locations – I often use it from work and if I am travelling. If I were a Barclays’ customer I would now be forced to carry this bloody stupid PINsentry device around with me. Should my bag be stolen, the thief would have my card and the PINsentry, defeating any security improvement it gives.

From the banks point of view, however, it is a good idea. It shifts the burden of blame in the event of a fraudulent transaction. Now you have to prove your PINsentry was compromised, not them having to prove their systems were not compromised.

This is not a good change. It doesn’t really make your transactions any more secure. It just makes you more to blame if something goes wrong. (Even, I suspect, if the bank has sold your details on eBay…)

Ebay and pay more

Posted on by

Now, given that this blog has an amazingly technical readership (who often put Heather and me to shame) it will probably come as no surprise to most of you that Ebay is actually a more expensive way of buying things. However, it was a bit of a shock to me.

Today, I was looking around for books on the CISSP course and out of idle curiosity I did a search for CISSP for dummies (yeah, yeah). On ebay today, the cheapest I could find was £13.99 plus £2.75 postage (visit auction page – auction ends 12 May 08 so the link might die).

Compare against Amazon.co.uk where the same book costs £13.49 plus £2.75 postage (here).

Now this is a trivial example, and most people wouldn’t bat an eyelid over saving 50p (I would but that is because no one ever makes donations here and I am poor). However, if we look at it a bit further…

Ebay has the CISSP Exam Cram 2 book available as a Buy It Now for the discounted price of £21.37 plus £2.75 postage. Can Amazon beat that?

Well, yes. On Amazon, the CISSP Exam Cram 2 is £14.99 (postage seems to be a grey area here but I think it will be £2.75). That is no mere £0.50 saving, that is a whopping £6.38.

There is a change in the balance of power over the CISSP all in one exam guide (Ebay, Amazon) where Ebay is actually about £3 cheaper, but by and large you actually pay for the privilege of using Ebay. It strikes me, from talking to all the ebayers I know, that people have a strange attitude towards Ebay. When people go to shop there, the idea of checking prices becomes alien.

For some reason, people seem to get caught in some weird mindset when they are faced with an auction and apparently regularly pay prices close to, or in excess of, the market rate for an item. I have experienced this a bit in the past when I’ve been bidding on cameras or camera parts – I have never won a single auction because almost every one of them has gone over the price you could buy it from a camera shop.

Why on Earth does Ebay have this effect on people? Great for sellers but, methinks, not so good for the buyer…

Scientologist Woo Spread Over eBay

Posted on by

Well, the internet really is a wonderful, entertaining, educating thing…

Today, I was looking over eBay trying to find some things to buy (as you do). I started off my search looking for camera filters but after a while I got fed up reading page after page of “UV Filters” for sale from Hong Kong (I have a UV filter…) and searched for other things. I have a certain amount of interest in philosophical topics, so I thought checking out what philosophy books were available would be worthwhile.

So, off I go to books -> educational textbooks -> philosophy and I am presented with a list of books. Second on my search is one titled “ALL ABOUT RADIATION.” Now, call me old fashioned, but I really found it hard to work out what was philosophical about radiation, so I had a look. Boy was I in for a treat. Now this auction (see it for yourself) only has 11 hours left to go as I write this, so in case it is gone by the time you read this post, I have taken a screenshot of it for you:

Scientologists disguise dianetics book to sell on ebay

This priceless bit of nonsense reads:

Written by L. Ron Hubbard and two well-known medical doctors, this book provides the facts surrounding the effect of radiation on the body and spirit and offers solutions to those harmful effects. An immediate sellout in bookstores when originally released, All About Radiation tells the truth about the little known and talked about subject of radiation, and introduces the Purification program as the technology to handle its cumulative effects. (See companion lecture series, Radiation and Your Survival where L. Ron Hubbard details the subject of radiation and its effects.)

Amazing. It almost beggars belief that people actually fall for this sort of nonsense, but that is a topic which has been done to death many a time in the past. The idea that radiation is harmful to the “spirit” is comical, as is the idea that these two unnamed yet “well-known” medical doctors have had any scientific input into this drivel.

What interests me in this auction, is the way this woo-filled nonsense is being sold.

Obviously the proponents of this dianetic / scientologist gibberish are aware that if they label it as scientologist people will steer clear en masse. To get round this, and obviously draw some level of interest, they have:

  1. Marked it as a Medical / Nursing book (which I suppose is almost close to the truth… almost)
  2. Placed it in the “philosophy” category
  3. Been strangely not-forthcoming in the title (most ebay titles read like the whole item description…)

I cant help but think that if Scientology / Dianetics is such a “sensible” and genuine “school of thought” (sorry for all the sneer quotes, but I cant help but sneer at this), then they wouldn’t have to resort to underhand tactics. Sadly, and in a blow against my innocent view of the world, it seems scientologists rely on this as their main form of recruitment.

The one bit which really made me laugh was the idea that radiation is “little known and talked about…” That might have been true in 1920, but this is 2007. People shouldn’t be jumping to mad ideas about electromagnetism and radiation. (Ah… I might be wrong here…)

Well Done Amazon.co.uk

Posted on by

Now, in the past I have been very quick to rant here about the slightest customer service infraction – mainly this is because Ebuyer and Pipex are terminally bad companies – so it is only fair that I try to re-dress the balance at least occasionally.

So, with this in mind, I need to say a big well done to Amazon.co.uk. They have an actual understanding about customer service and appear able to maintain their promises.

A few months ago I was sent £20 in Amazon vouchers, so eventually I decided to spend them. Not really having anything in mind, I spent quite a while searching Amazon looking for the right combination of things to hit the £20 mark exactly and not incur any P&P charges (yes, I am that cheapskate). Eventually I found some filters for my camera so I ordered them. Everything went smoothly and the order was processed then confirmed.

A few hours later I glanced over the confirmation email and, to my horror, I realised I’d ordered the wrong size filter (52mm instead of 67mm if anyone cares) and panicked trying to cancel the order. In previous dealings with e-commerce sites, this is normally where everything goes wrong, however with Amazon it was painless, quick and effective. They were even able to refund the gift voucher without any problems at all.

Being unable to find any suitable filters of the correct size, I cracked and bought a few books (history, Pratchett and the like), going over the £20 but not by much. As I live a few miles more remote than the middle of nowhere, I was expecting the delivery charges for this (heavier) bundle to be painful. When I have bought from other suppliers (who also use Royal Mail to deliver) postage charges have been astronomical but no, Amazon offered the normal range of options, including the free “standard delivery.”

Despite the site being littered with warnings about the Royal Mail strikes causing problems to post etc., I decided I was in no hurry and standard delivery (estimated 5-7 days) would be fine. This was during the evening of 10 Oct 07. I placed the order, got all the confirmations (and this time there was no panic over the thread sizes…) and all was well.

Today (13 Oct 07), I get home from work only to discover the parcel has arrived. So, in effect, the standard delivery took less than 3 days to complete. To be honest, this is pretty good going. If some one posts me a single page of A4 it normally takes that much time to get here, if not longer. When I have ordered from other companies, I have had to pay a fortune (often as much as 20% of the cost of the total order) for items which have taken a week or two to get here from the centre of England.

I realise it is strange to say well done to a company for doing what they should do (i.e. serve their customers), but sadly it has become a rare thing in my experience. Companies no longer care about negative opinions, because largely they are all rubbish. In this instance though, Amazon have exceeded my expectations and, in doing so, have greatly increased the chances I will shop there again. Will they care? I doubt it. But I will.

(Note 1: Interestingly, in this instance, Amazon exceeded my expectations by ensuring they were low to begin with. Amazon emphasised how the parcel could take up to a week, longer with the postal strikes. This meant anything less was a bonus to me. Too many e-commerce organisations try to boast about getting things to you before you even realised you wanted them that disappointment is sure to follow.)

(Note 2: One negative point. Despite the books being supposedly “brand new” all four show distinct signs of wear. One is pretty dog eared and all smell of stale tobacco. If I was planning to sell these on eBay, I would never get away with calling them new… The parcel used to wrap the four up was open at both ends, so I am amazed nothing fell out and was lost. I think this includes a well done to the local postie. )

[tags]Amazon, e-commerce, society, culture, raves, Good Shop, Postal Strikes, Royal Mail, Books, Shopping, eBay, eBuyer, Pipex, Customer Service[/tags]