I tried to sell something on eBay the other day. I’m not a prolific user of eBay, though I’ve had an account for perhaps a decade. I’ve bought a few things but never sold anything. Crafting the description took quite some time – I wanted to be sure of a sale of course – so I worked to figure out the right price, get a good photo and that kind of thing.
Twenty minutes after I listed it, someone had clicked “buy it now.”. Rats, I thought. Too cheap.
Five minutes later I got an email from the buyer asking for my PayPal id and some better photos – apparently mine were “blurred”. So someone wants my PayPal ID sent direct to them and some better photos … suspicious. The eBay ID had been set up not more than 15 minutes before the email arrived. And the name of the account came with a big fat zero results when I searched for it. A made up name.
Plainly a scam. Took me 90 seconds to realise that and verify my conclusion. And, contrary to eBay’s excited email, I hadn’t sold it, no one was happy “right now” and, oh, I hadn’t pocketed the cash.
I ignored it and waited to see what happened. Effectively, the thing I was selling was sold but I wasn’t sending it to the London address I was given. I wanted to know, though, what eBay would do about it. If I was wrong and it was legitimate, then I’d be in trouble for not sending it. And if it was a fraud, eBay should get in touch with me.
Five days later, eBay’s Advanced Automated Anti-Fraud tools kicked in and alerted me that I was the possible victim of fraud and urged me not to send the item, or get in touch with the buyer, or provide them any more information. Five days!
It’s absurd, really, that in 2012 we have not yet put in place a system for proving identities on the web – where such a proof of identity makes sense (I’m not going down the “real names” rabbit hole). In a financial transaction, everything relies on trust. And a higher level of trust – and so a lower level of fraud – can be achieved through such identity proving.
The Cabinet Office is pursuing this through the Identity Assurance programme, although initially for government transactions. But, by establishing a market and seeding that market with funding (by committing that Universal Credits, in the first instance, will require such identity checking), that opens up the possibility of the private sector hooking onto that same service.
Imagine if eBay users had an attribute that said “Trusted Identity” (along with who had verified it) … It can’t be that far off surely?
I suppose if there was an 'identity assured' status it may make the fraudsters more reluctant to have a go. But it means whoever then provides that assurance would need to cover the liability. I.e. if you relied upon it and sent something off only to be defrauded then you would expect compensation. Given that identity is only part of the fraud issue then I wonder whether the assurer would provide such cover, or at least at a cost that is reasonable. It starts to feel like insurance is the way forward.