It's been a while
-
Wow, it has been a while since I last wrote here on the blog. I keep
thinking I really need to get back to writing on a regular basis. Then I
never actua...
11 years ago
30 June 2008
NetFlix Keeping Profiles!
Yay! Today, in their corporate blog, NetFlix announced that they would be keeping the Profiles feature. They had previously planned to eliminate the feature, which allows one customer to manage multiple queues of movies. This works out great for families, where each member of the family can select their own movies in their own queue, so that everyone gets something to watch. This is great news! I was afraid that we were going to have to resort to movie channels and Pay-Per-View if this NetFlix feature went away... They were persuaded by an outpouring of public response to keep the Profiles feature in place. Thanks, NetFlix!
29 June 2008
eBay is stupid!
We've gotten a couple of collection calls from a company called I.C. System, trying to collect on an account with eBay... Except that we don't even HAVE an account with eBay! Apparently we were victims of an identity theft last year, and someone opened a fake eBay seller's account with the stolen id... They apparently sold something to someone, and eBay wants to collect $45 for their fees.
When we were first called by I.C. Systems, we explained that we had discovered last October that we had been the victim of credit card fraud. My wife had downloaded transactions from our bank, and found several fraudulent transactions had appeared in the preceding days.
Two of the pending transactions were authorizations from eBay, and another was from Juno Online, also on the same date. The only one of these authorizations that became an actual charge transaction was from Juno, which charged our Visa Debit card account for monthly dial-up internet service. We wouldn't need to use Juno for dial-up, as I have a 7Mbps DSL circuit, and host my own website and email!
We immediately contacted our bank to report the fraudulent charges. They closed the account immediately, and issued us a new card and account number.
When the Juno authorization became a transaction, it included their telephone number, which we promptly called and explained our situation. They were very cooperative, and immediately closed the account which had been created fraudulently, and credited all charges. From the information that we were able to obtain from Juno, it appears that an account was opened using my son's name, our address, and using my wife's debit card.
However, since the eBay authorizations never became transactions, there was NO identifying information with which to contact eBay to report the fraud. Our bank advised us that since there was no charge made to the account before it was closed, that we should have no further liability.
During the phone conversation that we had with I.C. Systems, the agent said that while he could make notes in the file, we wouldn't be able to do anything else for us. He said that we would have to contact eBay ourselves. I asked him for a phone number or email address to contact eBay, and was told that they didn't have one! He said that the only way for us
to contact eBay was online, and gave some instructions on using the online “chat” on the eBay website.
When I pointed out to him that since I didn't actually have an account with eBay, I had no way to reference this fraudulent account when talking to eBay. I asked him if he could email me the account information and history for the eBay account. He said that they didn't have email available, only phone, so he read me the account “handle” and gave me the “EID” for the eBay account. This is the only information that I have on the account.
I then attempted to get to the online chat at the eBay website, and discovered that it is damn near impossible to contact anyone at eBay for help without being logged into an account, which I DO NOT HAVE!
After many failed attempts, where I ended up going in circles between the login page and the “help” page to start a chat, I was able to log in as a guest and started a chat. The first person that I chatted with at eBay transferred me to someone in their fraud department. I explained what happened to them, and they said that they would contact me for further information. However, as soon as the chat ended, the text transcript was cleared, so I have no record of this discussion! Neither of the people that I chatted with at eBay have ever followed-up on our conversation.
Since it seems that the ONLY attempt made by eBay to contact the account holder regarding this account before turning it over to collections was to continue to email the fraudulent email account at Juno which was closed in October, we never received any statement from eBay that would have alerted us to the fraudulent account. I can't believe that anyone operating a business would not attempt to send a letter or statement to the physical mailing address for one of their customers before sending them to collections! This seems like it is not only a bad business practice, but is also downright stupid!
The only documentation that I can offer as any kind of evidence is the paperwork from our bank when we reported the fraudulent charges. The eBay transaction was not listed here, since there was never an actual charge to the account, only an authorization. Its sometimes hard enough to prove that you did something when you did it, but how do you prove that you didn't do something?
I have no idea who stole my son's identity, or my wife's debit card number, as we never lost possession of the card. We have not had any further instances of identity theft since this debit account was closed. I would be happy to discuss this with them, and will provide any additional information that I can, but I do not intend to pay any amount on this account, since it was not created by me or any member of my family.
Now, there are a bunch of things that I don't understand about this whole incident...
First, someone went through considerable effort to steal the credit card number, including names and addresses... But the only thing that they actually charged on it was $10 for a Juno account? Except that the combination of the fake Juno account and the credit card number allowed them to open an eBay seller account that is pretty much untraceable.
So what would they do with that? My thought would be that they would setup a fake auction for something expensive, collect the money from the sale, but then never ship it to the buyer. If they had done that, though, it seems like eBay fraud/security would have come to us with an angry buyer to find out what happened to their stuff. That's never happened.
So what would be the advantage of having an untraceable, fake eBay account, if you're not ripping off buyers? I would have to guess that it would be to sell stolen goods that couldn't be traced? Seems like their must be easier, lower profile ways to do that?
In the end, they seem to have skipped out on $45 in seller fees on eBay... They took a lot of risk, and went through an awful lot of trouble to save $45 it seems... And they created a real mess for me!
In addition to the obvious problems of the credit card and ID theft that must have resulted from someone's online purchasing system being hacked, it seems like there are a number of flaws/deficiencies in the way that eBay operates...
Since they are only an online business, they don't have any way to physically validate someone's identity. They can't ask for a driver's license or other ID, since everything is automated and remote. They make the assumption that getting a valid credit card is a safe way to validate someone, so they request an authorization on the credit card for a buck. This still only proves that the credit card is valid, and doesn't really prove that the person is who they say they are...
Only creating an account authorization doesn't really prevent fraud, either. As in our case, we knew that the transaction was fraudulent, but there was nothing to report, as no money was taken. It seems like it would be worth the effort for eBay to charge a nominal fee, like $10-12, to open an account. This is small enough that it shouldn't keep legitimate customers away, but would create an actual financial transaction that could be disputed right away when fraud occurred. They could even credit back the fee against any charges if they really wanted, but why wouldn't they want to make the extra money to cover the costs of opening the accounts?
To prevent fraud, it seems like they could mail an account contract to the name and address that they were given, and have the form be signed and returned in order to activate the account. This would also validate the name and address are legitimate, especially if verified as the billing address used on the credit card. This would also get them a signature on an actual contract for legal purposes.
There must have been some advantage to be gained by opening the Juno account. Presumably eBay requires an email address to open an account (I don't know, since I don't have an eBay account!) and they will probably not accept a free account like Yahoo! or Gmail since they could also be easily faked. But requiring a commercial email account as a component of authentication doesn't really prove someone's online identity, either. It only side-steps the issue, and relies on the ISP to have properly verified the identity of the person opening the account. This is a pretty weak assumption.
The next place that eBay's business model falls apart is that they only email statements to the address given in the account setup. We called Juno and had them close the account the day after it was opened, so it would only have accepted email for about 24 hours. If eBay continued to send statements to that address, they must have been bouncing back to them. At that point, they should have mailed a printed statement to the physical mailing address that they had on file. eBay gave our address to their collection agency, so they must have had it themselves. Why not spend the postage to make an effort to contact the account holder themselves? To immediately turn an account over to collections seems lazy and irresponsible...
My other issue with eBay is that there is no way for a fraud victim who doesn't actually even have an ebay account to contact them for assistance. Every avenue to contact eBay seems to be through an online chat, and requires that you be logged in with your account. But what about those of us who don't have accounts? While I can understand their desire to avoid publishing a customer service call center phone number that everyone could call, it seems like they should at least be able to let their collection goons give a phone number to contact to dispute charges.
I've now written letters to both eBay and I.C. System explaining all of this again, and have included copies of the dispute forms from our bank as my only "proof" that I didn't create the account. We'll have to wait to see what happens next, I guess...
When we were first called by I.C. Systems, we explained that we had discovered last October that we had been the victim of credit card fraud. My wife had downloaded transactions from our bank, and found several fraudulent transactions had appeared in the preceding days.
Two of the pending transactions were authorizations from eBay, and another was from Juno Online, also on the same date. The only one of these authorizations that became an actual charge transaction was from Juno, which charged our Visa Debit card account for monthly dial-up internet service. We wouldn't need to use Juno for dial-up, as I have a 7Mbps DSL circuit, and host my own website and email!
We immediately contacted our bank to report the fraudulent charges. They closed the account immediately, and issued us a new card and account number.
When the Juno authorization became a transaction, it included their telephone number, which we promptly called and explained our situation. They were very cooperative, and immediately closed the account which had been created fraudulently, and credited all charges. From the information that we were able to obtain from Juno, it appears that an account was opened using my son's name, our address, and using my wife's debit card.
However, since the eBay authorizations never became transactions, there was NO identifying information with which to contact eBay to report the fraud. Our bank advised us that since there was no charge made to the account before it was closed, that we should have no further liability.
During the phone conversation that we had with I.C. Systems, the agent said that while he could make notes in the file, we wouldn't be able to do anything else for us. He said that we would have to contact eBay ourselves. I asked him for a phone number or email address to contact eBay, and was told that they didn't have one! He said that the only way for us
to contact eBay was online, and gave some instructions on using the online “chat” on the eBay website.
When I pointed out to him that since I didn't actually have an account with eBay, I had no way to reference this fraudulent account when talking to eBay. I asked him if he could email me the account information and history for the eBay account. He said that they didn't have email available, only phone, so he read me the account “handle” and gave me the “EID” for the eBay account. This is the only information that I have on the account.
I then attempted to get to the online chat at the eBay website, and discovered that it is damn near impossible to contact anyone at eBay for help without being logged into an account, which I DO NOT HAVE!
After many failed attempts, where I ended up going in circles between the login page and the “help” page to start a chat, I was able to log in as a guest and started a chat. The first person that I chatted with at eBay transferred me to someone in their fraud department. I explained what happened to them, and they said that they would contact me for further information. However, as soon as the chat ended, the text transcript was cleared, so I have no record of this discussion! Neither of the people that I chatted with at eBay have ever followed-up on our conversation.
Since it seems that the ONLY attempt made by eBay to contact the account holder regarding this account before turning it over to collections was to continue to email the fraudulent email account at Juno which was closed in October, we never received any statement from eBay that would have alerted us to the fraudulent account. I can't believe that anyone operating a business would not attempt to send a letter or statement to the physical mailing address for one of their customers before sending them to collections! This seems like it is not only a bad business practice, but is also downright stupid!
The only documentation that I can offer as any kind of evidence is the paperwork from our bank when we reported the fraudulent charges. The eBay transaction was not listed here, since there was never an actual charge to the account, only an authorization. Its sometimes hard enough to prove that you did something when you did it, but how do you prove that you didn't do something?
I have no idea who stole my son's identity, or my wife's debit card number, as we never lost possession of the card. We have not had any further instances of identity theft since this debit account was closed. I would be happy to discuss this with them, and will provide any additional information that I can, but I do not intend to pay any amount on this account, since it was not created by me or any member of my family.
Now, there are a bunch of things that I don't understand about this whole incident...
First, someone went through considerable effort to steal the credit card number, including names and addresses... But the only thing that they actually charged on it was $10 for a Juno account? Except that the combination of the fake Juno account and the credit card number allowed them to open an eBay seller account that is pretty much untraceable.
So what would they do with that? My thought would be that they would setup a fake auction for something expensive, collect the money from the sale, but then never ship it to the buyer. If they had done that, though, it seems like eBay fraud/security would have come to us with an angry buyer to find out what happened to their stuff. That's never happened.
So what would be the advantage of having an untraceable, fake eBay account, if you're not ripping off buyers? I would have to guess that it would be to sell stolen goods that couldn't be traced? Seems like their must be easier, lower profile ways to do that?
In the end, they seem to have skipped out on $45 in seller fees on eBay... They took a lot of risk, and went through an awful lot of trouble to save $45 it seems... And they created a real mess for me!
In addition to the obvious problems of the credit card and ID theft that must have resulted from someone's online purchasing system being hacked, it seems like there are a number of flaws/deficiencies in the way that eBay operates...
Since they are only an online business, they don't have any way to physically validate someone's identity. They can't ask for a driver's license or other ID, since everything is automated and remote. They make the assumption that getting a valid credit card is a safe way to validate someone, so they request an authorization on the credit card for a buck. This still only proves that the credit card is valid, and doesn't really prove that the person is who they say they are...
Only creating an account authorization doesn't really prevent fraud, either. As in our case, we knew that the transaction was fraudulent, but there was nothing to report, as no money was taken. It seems like it would be worth the effort for eBay to charge a nominal fee, like $10-12, to open an account. This is small enough that it shouldn't keep legitimate customers away, but would create an actual financial transaction that could be disputed right away when fraud occurred. They could even credit back the fee against any charges if they really wanted, but why wouldn't they want to make the extra money to cover the costs of opening the accounts?
To prevent fraud, it seems like they could mail an account contract to the name and address that they were given, and have the form be signed and returned in order to activate the account. This would also validate the name and address are legitimate, especially if verified as the billing address used on the credit card. This would also get them a signature on an actual contract for legal purposes.
There must have been some advantage to be gained by opening the Juno account. Presumably eBay requires an email address to open an account (I don't know, since I don't have an eBay account!) and they will probably not accept a free account like Yahoo! or Gmail since they could also be easily faked. But requiring a commercial email account as a component of authentication doesn't really prove someone's online identity, either. It only side-steps the issue, and relies on the ISP to have properly verified the identity of the person opening the account. This is a pretty weak assumption.
The next place that eBay's business model falls apart is that they only email statements to the address given in the account setup. We called Juno and had them close the account the day after it was opened, so it would only have accepted email for about 24 hours. If eBay continued to send statements to that address, they must have been bouncing back to them. At that point, they should have mailed a printed statement to the physical mailing address that they had on file. eBay gave our address to their collection agency, so they must have had it themselves. Why not spend the postage to make an effort to contact the account holder themselves? To immediately turn an account over to collections seems lazy and irresponsible...
My other issue with eBay is that there is no way for a fraud victim who doesn't actually even have an ebay account to contact them for assistance. Every avenue to contact eBay seems to be through an online chat, and requires that you be logged in with your account. But what about those of us who don't have accounts? While I can understand their desire to avoid publishing a customer service call center phone number that everyone could call, it seems like they should at least be able to let their collection goons give a phone number to contact to dispute charges.
I've now written letters to both eBay and I.C. System explaining all of this again, and have included copies of the dispute forms from our bank as my only "proof" that I didn't create the account. We'll have to wait to see what happens next, I guess...
19 June 2008
Save NetFlix Profiles!
Yesterday NetFlix announced that it was going to be removing the Profiles feature of its subscription service. I think that this is a huge mistake! Profiles turned out to be the best feature of NetFlix when we switched from Blockbuster a year ago. With one account, we could have one queue for me, one for Jeannette and Melissa, and one for Eric. We all have different interests in movies, so using separate queues allowed each of us to have a movie that we would like. This also helped with the Recommendations, since it would suggest the right kinds of movies for each of us. If we were all using the same queue, the recommendations would only be able to show action/adventure/romantic comedy/science fiction movies from Disney!
I can't really understand what NetFlix hopes to gain by eliminating profiles. While it will reduce some of the complexity of multiple queues under a single account, its no different than managing subscribers and dependents for health insurance plans, or many other common scenarios. It won't reduce the number or frequency of movies being rented, which is where I would imagine their capital expenses are tied up.
It really seems like netFlix is trying to drive its customers to use several individual accounts that cost more per movie than the multiple-movies-per-month plans that are more cost effective for consumers.
Since we have already had so many issues with BlockBuster, I'm not sure that we would return to their online service. They still don't have a store that would be convenient for us, which is part of the reason we left them. Being able to return the online movie at the store in exchange for a free rental gave us a lot of flexibility.
I think that if NetFlix removes the Profiles, we are likely to cancel, and get movie channels or use the Pay-Per-View on DirecTV instead. We've also rented movies from the grocery store or checked them out from the library. Its not as convenient, but beats paying more to NetFlix to get back the functionality that we already have today...
There is an online petition to try to convince NetFlix to keep the Profile feature. If you are a NetFlix subscriber who uses the Profiles feature, please consider signing the petition to encourage them to reconsider.
I can't really understand what NetFlix hopes to gain by eliminating profiles. While it will reduce some of the complexity of multiple queues under a single account, its no different than managing subscribers and dependents for health insurance plans, or many other common scenarios. It won't reduce the number or frequency of movies being rented, which is where I would imagine their capital expenses are tied up.
It really seems like netFlix is trying to drive its customers to use several individual accounts that cost more per movie than the multiple-movies-per-month plans that are more cost effective for consumers.
Since we have already had so many issues with BlockBuster, I'm not sure that we would return to their online service. They still don't have a store that would be convenient for us, which is part of the reason we left them. Being able to return the online movie at the store in exchange for a free rental gave us a lot of flexibility.
I think that if NetFlix removes the Profiles, we are likely to cancel, and get movie channels or use the Pay-Per-View on DirecTV instead. We've also rented movies from the grocery store or checked them out from the library. Its not as convenient, but beats paying more to NetFlix to get back the functionality that we already have today...
There is an online petition to try to convince NetFlix to keep the Profile feature. If you are a NetFlix subscriber who uses the Profiles feature, please consider signing the petition to encourage them to reconsider.
Subscribe to:
Posts (Atom)
