OT: eBay/Paypal security

[Curt at Atari Museum]

With all of the rampant phishing and other crap going on around the net 
from people trying to steal ebay and paypal accounts, I think this is 
well past due, especially for paypal since it deals with money.

Having a keyfob as a 3rd line entry to access your account (I have this 
with my Citibusiness account - ID, password, keyfob entry) so this would 
virtually eliminate all of the stolen account attempts, phoney login 
screens and fake phishing sites at long last.      The real key to 
implementing this is that the keyfob code has to be manually entered by 
requiring mouse over clicks across a number bar on the screen, not 
typing it into a text box, otherwise a fake site could grab the login 
info, relay it into paypal via a script and then process and run an 
automated script once logged in to transfer/remove funds.

Having the mouse over and click to a graphic bar (which could be shown 
in multiple ways and arrangements which could vary with each session) 
the keyfob code could not be simply cut & pasted from a fake to real 
site.    Having the keyfob code rotating every 30 seconds really cuts 
down on the damage someone can do, they'll literally have to be sitting 
at the keyboard 24/7 hoping to grab a keyfob code and use it fast enough 
to log in.

Its not perfect, nothing ever is, but its a HUGE leap in the right 
direction of responsibility on Paypals part...   Now if they would just 
do a charge verification and processing check BEFORE allowing payments 
to go through instead of subjecting people to a 6 month window of 
"Oppps, that $500 you got 2 months ago, well the charge card was a 
fraud, so we'll just take that money back and you now owe us $500, 
please pay now before we sic our collections agents on you, have a nice 
day...."

Google Checkout does a full security and verification check BEFORE the 
charge is completed for each transaction, this is why I now use them 
over paypal.    Ebay is being hit with a major anti-trust suit because 
its blocking Google and other payment services in lieu of forcing people 
to choose paypal for payment (since ebay owns paypal) so that is looking 
like ebay has no leg to stand on and once the door opens for google, 
paypal is going to have to be far more competitive and really going to 
be forced to clean up its act.

We you read the horror stories over at paypalsucks.com and see the 
stealing of funds from people's bank accounts, the instantly frozen 
accounts with $1,000's of dollars in them that have to wait 6 months 
while paypal performs its own internal investigation, leaving people 
without their money, its just disgusting to see how paypal - which was 
in its infancy - supposed to be this great new era of electronic funding 
perverted into a Racketeering and Extortion Enterprise.

Curt



Doc Shipley wrote:
>   This isn't even close to on-topic, but maybe it's of general interest.
>
>   Paypal is offering a SecureID fob, the "Paypal Security Key", for 
> authentication to your Paypal account.  I haven't seen it mentioned on 
> the Paypal descriptions, but the coworker who showed me his tells me 
> that it works with eBay too.  Worth mention, I suppose, is that it's 
> *in addition to* your email/password login info, not instead of.
>
>   Also, it's $5 USD shipped.  :)
>
>
>     Doc
>