<tldr> both eBay and PayPal should implement MANDATORY 2-step auth to protect both their buyers and sellers.</tldr>
I’ve never been a big fan of PayPal. The first ever decent money I made online was frozen by them and I never managed to recover the funds. It is the single worst payment system when it comes to sell digital goods. No matter what happens they always favor the buyer.
It is kind of OK when you sell software or ebooks:
- When someone asks for an (un-rightful) refund for your software it sucks, but you don’t actually lose money. Also you can cancel the software’s license, if you have proper licensing
- There are plenty of alternatives to process payments
- You don’t have to rely on eBay’s buying power, you can just sell on your site or other marketplaces
But it sucks balls when it comes to sell products which you can’t recover after the transaction.
A couple of week ago I came up with a pretty profitable way to make money on eBay. I started selling voucher codes from cex.io. CEX is a cloud mining platform where you can buy hasing power to mine Bitcoin. You can only buy the hashing power with Bitcoin itself and Bitcoin is still fairly hard to aquire. So I was like what the hell, let’s buy a lot for cheap and try selling it on eBay for more. It is not against CEX’s nor eBay’s policy to sell such item.
And it worked. I had days where I made over £500 profit with very little effort. Nice passive income.
Then the kaka hit the fan. A bunch of “Unauthorized transaction” claims started coming in and PayPal always refunded the money to the buyers. Of course I had no way to recover my vouchers. Money down the drain.
Even at the beginning I was trying to be careful. Compared the buyer’s eBay details with their PayPal details and sent the codes to the PayPal email address. So a potential scammer should have access to all 3 accounts (eBay, PayPal, email). But its apparently wasn’t enough. It is kind of annoying that PayPal actually favors the buyer who is stupid enough to get 3 of their accounts hacked against the seller who did everything (almost) in his power to protect against scam, but that is a different story.
Since then I improved my verification method. I still do my email verification but I added 2 new ways of verification which my customers can choose from:
- Ask my customer for their Facebook account, if it’s match the name and the city of the PayPal details and it is relatively active I send the voucher as a Facebook message.
- While browsing the (surprisingly good) eBay knowledge base, I found an interesting link. This forms allows sellers to ask for the customers contact details. And guess what? eBay requires phone number on sign up. And that phone number is really hard to change. A 4 digit pin sent to the phone number and all is verified. Easy.
Well, it is not that simple. Turns out lots of people uses landline numbers for eBay so I have to call them up and ask them if they made the transaction or not. Since about 3 out of 5 times it is a hacked account this phone call takes ages. About an hour ago I had a 15 minutes conversation with a technologically impaired women explaining to her why she should use different passwords for all her accounts, and why should she change her password right now. Sigh.
So dear eBay (and PayPal): You are a billion dollar company dealing with millions and millions of transactions. Why? Why the hell aren’t you implementing a mandatory 2 step auth system? Would it so bad if both your sellers and buyers were happy and make transactions without any doubt that the person they are dealing with is legit? Would it be so bad to re-train the people in your payment review team to do something actually useful instead of clicking the “refund” button mindlessly?