eBay must face facts about fraud

The online auction company claims to be leading the way in protecting its customers from fraud but won't implement new security technology without consumer pressure

eBay has once again found itself at the centre of a very public fraud trial this week after one of its member sold fictional products and pocketed the very real cash from unsuspecting buyers. The incident, involving an 18-year-old from Wales who amassed around £45,000 over roughly a year, echoes a similar case late last year of a woman convicted of taking £3,000 from five separate eBay customers for non-existent tickets to the Glastonbury music festival.

The judge in the Glastonbury ticket case argued that it's "hardly surprising" that eBay was targeted by criminals given the measures it has put in place to protect users. Now, UK judges may not be renowned for their technical know-how, but given an extremely similar case of fraud has arisen just four months later, this particular adjudicator seems to have a point.

For its part, eBay claims to take fraud extremely seriously and points out that less than 0.01 percent of all listings on its site result in a confirmed case of fraud. This seems very admirable until you consider the sheer scale of eBay's operation. The company claims to have millions of products listed on its site on any one day. If just one million of these auctions finish in any one day, then at the very least there are around 100 confirmed cases of fraud every 24 hours – remember, that's not including the unconfirmed cases.

Eradicating online fraud is virtually impossible. As eBay's director of performance engineering and availability Paul Kilmartin admitted this week, the only way for the company to eradicate fraud completely would be to switch off its site. While this is true enough, to say that eBay is doing everything short of this drastic solution to protect its customers isn't quite accurate.

When Kilmartin was quizzed about eBay's plans for two-factor authentication — using an additional form of identification along with passwords to identify users — he claimed that the company would only implement the technology if customers asked for it. This is a very strange stance to take especially when you consider that late last year, eBay's own chief security officer Howard Schmidt called for greater use of two-factor authentication.

eBay is not alone in dragging its feet over beefing up security — many online banks are failing to keep pace with the technological advancements in this area too. At the end of the day, corporations are happy to live with a certain amount of loss as long as it doesn't impact on their bottom line or their public image too much. This may work out fine for them, but it's not so great for the unlucky 0.01 percent. Implementing two-factor authentication would be costly for eBay to implement, and until customers start voting with their feet it's not going to happen. Given that kind of ultimatum, surely it's time to start voting?