CURRENTLY 1733 VISITORS

(Forum Home)--->(System Info & Announcements)--->(Additional Security Measures)
Thread Admin: AuctionArmsCeo (6-0-0) (Last 10 Posts) Posted: 02/20/2009 at 17:47:30
Total Posts: 87
Thread Title: "Additional Security Measures"
AuctionArmsCeo Unfortunately, we've had to implement a new security measure which we hope won't inconvenience too many folks. In closed auctions, we've now screened all bidder nicknames, except to those that have participated in the auction. In other words, if you're a bidder, you can see your nickname and the seller's nickname. If you're the seller, you can see all the bidders. If you're not participating in the auction, you can only see the seller.

The reason we chose to implement this change is because of fraud. "Black Hats" were contacting bidders by taking their nicknames and adding an @aol.com or @hotmail.com, or @yahoo.com to their existing nicknames. They were impersonating the seller, and asking for money, stating that the high bidder had backed out.

The best way to combat this, is to make it hard for the fraud to contact the high bidder be masking the high bidder's nickname.

Let me know what you think, and thanks for your patience.
-manny
(Start a Thread) (Forum Rules)

Buyer: ODOTER(76-0-1) Post#21 - Posted: 02/24/2009 at 09:54:31
(no avatar) Gentlemen: Could we please get back to the original purpose of this thread posted by Manny? I'm curious to see where this leads.

Former Seller: Petesguns(990-0-0) Post#22 - Posted: 02/24/2009 at 19:18:56
Petesguns Perhaps if AA could look at the user names of all of it's members, and determine which ones use the name as their email address, and notify them that either the email or the name will have to be changed. It should be relatively easy to access the database of users vs. their emails. Then contact those whose names are the beginning of the emails to change one or the other. This does seem like a simple fix well within the capability of the AA machine, no?

Buyer: ODOTER(76-0-1) Post#23 - Posted: 02/25/2009 at 03:21:21
(no avatar) I'm really struggling here to understand why AA doesn't give all of the seller's information in the clickable link "Winner, Contact Seller" in the buyer's "My Closed Bids" section. This, I have to assume, is not available to anyone other than the winning bidder. Any buyer sending any payment to any name or address not listed in that link would be assuming his/her own risks. It is the seller's responsibility to keep that information up to date. To help that cause, AA could send an automatic reminder to the seller to confrim that information every time a listing is made. The seller would have to actively click a confirmation box to acknowledge having done so. Someone please tell me where my thinking is flawed.

Former Seller: ELDORADO 1(235-0-0) Post#24 - Posted: 02/25/2009 at 06:20:09
(no avatar) ODOTER....I think you are missing what is actually happening. The black hat is not contacting the winner.....he is contacting one of the losing bidders and trying to get them to believe he was the seller of the item and is trying to get them to send payment to him. The black hat is using the losing bidders nickname and then adding @aol, or @yahoo, or several of the other popular servers in hopes he gets a strike. Bob has repeatedly warned users about having their nickname the same as their e-mail address explictedly to avoid this. Some have changed their nickname or e-mail address and some have not. What AA is attempting to do by not showing complete nicknames in the list of bidders is an attempt to eliminate all the scammers from contacting them with an offer to buy something they (the black hats) have never owned. If you were not the winner but simply a bidder, you would not know if it was the real seller or not and might go ahead and send payment to the black hat which would result in you having a real bad day once you realized you had been taken. Hope this makes it more clear for you.

Buyer: ODOTER(76-0-1) Post#25 - Posted: 02/25/2009 at 11:31:18
(no avatar) ELDORADO 1: Thanks for your response. However, I do understand the problem and I think I am aware of what is actually happening. Let me try this again. No winning bidder, nor second bidder, nor third bidder, etc. should send payment to anyone who is not listed by AA as the seller for that item. The "black hat", as you refer to him as, would not be listed by AA as the seller and the "black hat's" contact information would not be available in the "Winner, Contact Seller" section of "My Closed Bids". Winning bidders must be warned to NEVER send payment to anyone not listed by AA as the seller in the "Winner, Contact Seller" section. That addresses the winning bidder. Now let's address the second bidder. Since the second bidder, or any other successive losing bidder, is not listed as the winner by AA, they won't be shown as the winning bidder by AA in their "My Closed Bids" section. As a result, they can not pull up the "Winner, Contact Seller" information and should know that any attempt by anyone to request payment is a scam. Do you see my point? ALL bidders must rely on AA to announce whether they are the winner. That is the main issue. AA alone notifies bidders who won, not a Black Hat. So, let all the black hats write as many emails to as many second bidders as they like. If members of AA use the system properly, there won't be any successful scams. Possibly, AA could have a special section tutoring bidders of the preferred procedures. As a result, I see no need to hide the bidders nicknames after the auctions have closed.

Former Seller: ELDORADO 1(235-0-0) Post#26 - Posted: 02/25/2009 at 15:16:55
(no avatar) If everyone was in tune with the system as you then you would be 100% correct. However, the black hats are not fishing for experienced people as yourself. They are fishing for the inexperienced and have disguised their e-mails to look like they are official Auction Arms contacts. I agree with you 100% in what you are saying but AA is simply trying to avoid them from scamming someone not as experienced as yourself.

Former Seller: Witnessguy(35-0-0) Post#27 - Posted: 02/25/2009 at 15:32:08
(no avatar) I think this is one subject which AA thinks it's trying to do the right thing. But evidently more people than me like to see who has bid on an auction for varying reasons. A few people who are too ignorant to verify where their funds are going, too asleep at the wheel to do a little checking before they blindly send money off, are going to inconvenience the hell out of the rest of us. I can hear AA now, "just how does it inconvenience you?". Some like Willie Ta use it for bidder screening, while I dont agree with that, it's his right to screen whoever he wants. I like to be able to see who's been bidding on items in a particular catagory. It makes NO differnce what reason you have for not likeing the hidden bidder, evidently a bunch of us dont. It makes the site look like Ebay without the guns in my opinion. Wguy

Former Seller: Petesguns(991-0-0) Post#28 - Posted: 02/25/2009 at 16:00:42
Petesguns I understand what AA is doing to try to combat scammers. I simply feel there are other ways to combat these problems. AA could access their computer database for user names vs. email addresses and require those who use their email prefix as their user name to change one or the other. AA could also make a one time, REFUNDABLE charge, via a credit card for all new members who sign up on AA. THAT way, their identity could be compared via the credit card info to confirm validity. Once confirmed, it could be refunded or voided. Way too many people are signing up with bogus info. Heck, Wile E. Coyote could sign up if he wanted and would never be caught until AFTER he/she has wreacked havoc with someone's auction. AA could actually provide TOTAL conatct info to the seller or the winner of an item to show the actual person one will be dealing with. None of these methods will totally solve the deadbeat/scammer issue, but it sure could go a long way towards addressing the actual perpetrators of these frauds, instead of attacking the honest members of the site. OH MY!!!! It's kinda like gun control........they only target the lawful gun owners instead of the criminals. Total paranoia of "black hats" and "evildoers" will ony further the effects on honest members and not affect the bad guys at all.

Seller: Hartwell Gun(1060-1-2) Post#29 - Posted: 02/25/2009 at 16:06:15
Hartwell Gun Just forbid the use of your e-mail address as your auction name!! Most of these scams,if successful, are self inflected wounds-either from greed or hate to say it-stupidity.Some people like to see who they are budding against before they jump in-Is it a pro bidding or a green horn!!!JMO

Seller: AA-bob(3-0-0) Post#30 - Posted: 02/25/2009 at 17:07:19
AA-bob

ODOTER, thanks for your input. To address your question regarding not providing a seller's address information, even to winning bidders. We want sellers to provide specific payment instructions and the specific address to where payment is to be sent.

This is important for several reasons.

One, sometimes a seller will have many items on auto-relist but, god forbid, the seller expires, moves or otherwise is no longer available to service his sales. By requiring positive contact between a seller and a buyer, post-auction, we have positive instructions provided to a buyer and re-enforcement that the seller is still alive and kicking with up-to-date info on where payment/FFL is to be sent.

Two, many times a seller will have a lock-box set up exclusively to accept payments and wants no other correspondence sent to that address, all other address information such as his FFL and registered address will be to a different address and is the one his account/Credit Card address is registered to.

Three, we want a positive contact with specific information from a seller to a buyer. This gives the buyer some added peace of mind prior to sending off a payment.

Buyers should always check and compare the email address from which payment instructions are sent to the registered email address of the seller which we provide them.

Hope this helps.

Petesguns, as always appreciate your suggestions and insight. We have reviewed your (again) suggestion many times regarding taking a bidder credit card. After analyzing the risk/benefit, we have declined from doing this as it would unnecessarily decrease the number of bidders the site brings to compete on your auctions. It would do absolutely nothing to counter this scam in particular since the scammers are not registered with AuctionArms, but merely preying on the information we were posting about bidders.

Your suggestion regarding trying to get users to change their email addresses or user nickname was investigated. We decided against something along these lines as it would be a major inconvenience to many users, who rather than complying, would simply go dormant, something non of us want, I think you'll agree. Balanced against the "need" of other users to see information on auction participants in auctions they are not involved in we found no justifiable "need" for non-participants to view this information.

Thanks again to all who have contributed to this discussion.

(Beginning)   (Go Back 10 Posts)   (Next 10 Posts)   (Ending)