There's a new scam plaguing eBay sellers that I want to bring to your attention.
I've gotten several calls to my Consumer Action Center that lead me to believe one thing: We're seeing a surge in criminals establishing false identities as buyers on eBay, ordering high-end merchandise, and using stolen credit card numbers to fraudulently pay for the merchandise.
The results are predictable: Merchants are having to eat the loss. Many times, these rogue buyers will have behaved straight-up for many transactions to establish a history of good buying behavior. And then they go rogue on you for a high-dollar transaction.
Here's what to do about this latest eBay scam
Unfortunately, there's no real protection for sellers. To its credit, eBay has been good about protecting consumers when they have problems with a merchant. I used to get so many complaints from buyers, but now all the complaints I'm hearing about are on the seller side.
It may take a while for eBay to notify you about a problem with a card when you're a seller. But you'll typically learn about any funny business somewhere between 8 - 12 hours after the transaction.
So if you're selling a high-ticket item -- and that's entirely up to you what dollar amount constitutes a high-ticket item -- you do not want to instantly ship it. You may want to say in your listing that shipping commences 2 days after payment.
A 2-day hold on shipping will generally protect you from harm in most instances involving stolen card numbers. Of course, there's no true ironclad protection. But this approach is better than nothing.
Have you changed your eBay password recently?
Meanwhile, eBay was recently hacked. The hack apparently occurred months ago and they just figured it out now.
News of the hack broke on May 22, when the company began asking people to change their info on their PayPal subsidiary. Then they pulled the warning down without explanation. Later, eBay came out publicly with the info that they were compromised, not PayPal.
So you must change your password on eBay stat, if you haven't already done so. And if you use the same password on eBay as on other sites, you need to immediately change it on the other sites as well.
Of course, using the same password on multiple sites is very, very dangerous.
What you need is a password that's both easy to remember and highly customizable for every different website you visit. Here's one possibility, suggested to me by one of our web people on ClarkHoward.com.
When you go to a website, you use the password you normally use, but have some system in place like appending the first two letters of the site's name to your password. So if your password is 'bluesky,' you would use 'blueskyza' at Zappos or 'blueskyam' at Amazon.
Obviously, if everybody does this exact method, it will be easy for criminals to breach. But what I'm saying is come up with something easy that allows you to do something different that you can remember. Because that's the problem with crazy alphanumeric passwords; nobody can remember them!