E-Commerce and Internet Auction Fraud: The E-Bay Community Model
Date: April 29, 2004Source: Computer Crime Research Center
By:
NextOn a financial level, eBay boasts yearly sales of nearly $105 million and is valued by Wall Street at more than $11 billion. The company now has more than 95 million registered users, with more than five million transactions per week, and more than twelve million items on sale at any given time. In 2004, eBay expects revenue for the year to be as high a $3 billion. The company’s net income for the fourth quarter jumped 64 percent to $142.5 million from $87 million a year earlier.
As the world’s largest online market, eBay offers its users a comprehensive website and a full range of services. It offers both buyers and sellers helpful tips for safe online trading and provides comprehensive safety information on trading, authentication, dispute resolution, payment options, verification and protection, members’ reputation, and warranty options.
Nevertheless, despite these efforts and continuous enhancements in security and fraud prevention schemes, eBay is not immune to online auction fraud. In one of the largest Internet scam cases on record, eBay was used as a platform.
In the case of the United States v. Teresa Smith, No.02CR40029-NMG (D. Mass.), over 300 victims were involved, totaling more than $800,000 in losses. The first complaint on Ms. Smith to the Internet Fraud Complaint Centre (IFCC) came in February 2002 and was sent to the Massachusetts State Police. At that time no one was aware that over 300 more complaints on the same subject would be filed through IFCC. From April 2001 through October 2002, Ms. Smith was selling hundreds of computers to individual buyers through Internet auction Web sites. Her scheme was simple: she would defraud her victims by selling a computer, requiring them to pay up front, and then not sending any of the merchandise and refusing any type of refund requested. It was also discovered that Ms. Smith was using a number of different identities through eBay to perpetrate her fraud. Each time eBay would receive complaints regarding Ms. Smith they would suspend her actions on their site. However, Ms. Smith would then simply change to another identity and the process would start all over again. Ms. Smith sentenced on 4/10/03 to 4 years, 9 months in federal prison.
This is definitely not the only case of fraud but there are many other encounters of Internet auction fraud even on eBay. More recently, hackers managed to deceive several online businessmen who use eBay's PayPal payment system, and obtained their user names and passwords, and then logged into their accounts and downloaded lists of customer names, e-mail addresses, home addresses and transactions. Although this scam involves a very small percentage of eBay users and no credit card or financial information were compromised due to the utilisation of encryption technologies, yet eBay fears that the compromised data might lead to “spoof emails” which are deceptive emails claiming to be sent by well-known companies, and ask consumers to reply with personal information, such as their credit card number, social security number or account password.
Nevertheless, with such strong financial standing, increased user registration, acquisition of well-established companies such as PayPal, and the close cooperation with dispute resolution organisations, governmental, and non-governmental anti-fraud agencies, eBay is becoming an empire and a self-sustaining community, which for many users represent their only source of income.
By and large, online auction fraud is a persisting phenomenon even on the largest and most successful auction sites. Thus, it is necessary to analyse some of the anti-fraud measures available to reduce fraudulent behaviour in order to have a safer market place and promote e-commerce transactions.
II. Online Auction Fraud and Safe Harbour Measures:
Although the importance of the hallowed principles of caveat emptor and caveat venditor, which require the buyers and sellers to be aware and exercise caution when buying and selling has regressed in light of the surge of consumer protection rules and the increased level of regulation, it seems that these principles are of some relevance for buyers and sellers in online auctions.
Both buyers and sellers, especially in C2C transactions should exercise great care when engaging in cyber trading. Although sellers are under legal obligations to present precise and accurate information concerning the status, quality, and condition of the goods advertised or placed up for a bid, and buyers are equally required to act in good faith and pay for the items delivered according to the agreed terms, the principles of caveat emptor and caveat venditor are still important, as reasonable care should be exercised when dealing with a total stranger in the absence of face-to-face interaction.
Being aware in online auctions involves simple precautions before bidding or putting up an item for sale: (a) learning about the auction site: user agreements describing bidding procedures, protection and warranty schemes, selling information, privacy policies, and payment options; (b) security concerns: use online auction sites that utilise secure technology such as SSL in signing in and payment using secure technology; (c) learning about the other party: getting accurate contact information and ascertaining reputation through the schemes offered by the auction site.
These simple precautionary procedures could largely minimise the risk of fraud.
On a different note, there is a myriad of anti-fraud measures that could be utilised by global online auction sites to emasculate fraud, enhance confidence, and render online auctioning a safe experience. Amongst these measures are: identity verification systems, fraud protection programmes, secure payment mechanisms, escrow services, feed back rating systems, trust mark seals, and complaint centres and online dispute resolution services.
In the following pages, each of the above-mentioned processes will be examined with reference to eBay when applicable.
(A) Identity Verification Systems:
Identity verification is a trust inducing process that enables trading partners to establish a proof of identity. The scheme does not perform credit check but works by submitting personal contact information including addresses, and this information will be cross-checked against consumer and business databases for verification. Once verified, the buyer or the seller will be granted an icon or a mark that proves that his/her identity has been verified.
Utilisation of identity verification systems minimises the risk of using fake contact information or addresses, which reduces the risk of fraud.
eBay is currently using Verisign, one of the leading providers of digital trust services, to provide verification services for buyers and sellers using their Consumer Authentication Service (CAS), which is an XML-based web service for risk management and fraud prevention. However, this service is currently offered for residents of the USA and US territories (Puerto Rico, US Virgin
Islands, and Guam) only for a nominal fee of $ 5.
The benefits of getting ID verification on eBay includes: bidding above $15,000, selling on eBay's Mature Audiences category, and buying with eBay's ‘Buy It Now’ feature.
The drawbacks of ID verification are the territorial limitations and the fact that contact information can generally be changed after a short period of time (30 days in the case of eBay).
(B) Fraud Protection Programmes:
Most online auction sites provide fraud protection programmes for safe electronic trading. These programmes have a wide range of applications for both buyers and sellers, the most important of which are: (i) fraud detection software programmes that scan databases and screens users for certain patterns of fraud thus enabling online auction sites to monitor or check suspected buyers or sellers to prevent fraud; (ii) partial reimbursement for losses resulting from non-delivery or misrepresentation; and (iii) protecting sellers against fraudulent chargebacks and unwarranted claims of non-delivery or misrepresentation.
These fraud protection schemes are available under the auspices of eBay. Firstly, eBay runs a Fraud Automated Detection Engine (FADE) which aims to detect fraud by screening and analysing eBay databases for fraud patterns and comparing transactions with reported fraud and scammer modus-operandi in general.
The drawback of automated fraud detection software is that it is not 100% accurate and in some cases no fraudulent patters was detected yet the transaction was fraudulent.
Secondly, eBay operates a standard purchase protection program for buyers to provide them with coverage of up to $200.00 with $25.00 deductible fee to cover processing costs in cases of non-shipment or significant misrepresentation. PayPal equally offers eBay buyers with coverage of up to $500 for claims of non-delivery or significant misrepresentation on qualified eBay listings that are paid for with PayPal. Thirdly, although sellers are not eligible for the eBay Fraud Alert and Protection Claim programs, PayPal which is now owned by eBay offers a Seller Protection Policy only to U.S. or Canadian sellers transacting with U.S. buyers, and for U.K. sellers transacting with U.K. or U.S. buyers against chargebacks due to fraud.
The drawback of some of these policies, especially the seller protection schemes is their territorial limitations, which is inconsistent with the nature of fraud. Moreover, the value of coverage in such protection schemes could be relatively low if the transaction involved paying a large amount of money....
Add comment
Email to a Friend
