eBay Fraud Scams exposed

Finally a step in the right direction! eBay appears to be catching up with the 20th Century - kudos anyway. Today’s announcement is truly a music to our ears:

April 14, 2008 | 11:45AM PST/PT

John Canfield
Hello…I’m John Canfield, Senior Director for Trust & Safety policy management. My team specializes in working to keep the site safe and protected against fraud. Much of the company’s work around safety happens behind the scenes, but some of our efforts are also public-facing. Masking and protecting our Community’s identities on all bidder IDs on auction-style listings, the PayPal Security Key, our work with Yahoo and other domains to block email from unauthenticated addresses, and encouraging safer payments – each of these address a particular aspect of security and is making a dramatic difference in the overall security and safety of the marketplace and consumers’ confidence in shopping online. Our technologies – those that exist today, as well as those that we are designing for tomorrow – are helping to make the internet safer every day.
I’d like to tell you about a new safety initiative that launches on April 14th.

Trusted Selling with Identity Confirmation
One of the ways criminals attempt to defraud people on eBay is by gaining access to member accounts with well-established reputations which they then use to set up listings in that person’s name. They gain this access often through a phishing email that convinces an unsuspecting member to click a link and enter their User ID and password.

To protect the Community against this type of fraud, beginning today, eBay will start noting which computers members typically use to conduct their buying and selling activity. After our data collection phase, sometime in June eBay will begin verifying our sellers when they list an item to ensure they are logging in from the same machines they have successfully used previously – usually a home or business computer.

If you are a seller, and you attempt to list an item from a different computer – for example, from a PC you are borrowing in a hotel or library – eBay will make an automated call to the phone number you have registered with us to confirm it is really you. We may also prompt you to verify your identity in other ways.

Initially, this identity confirmation process will only be applied to selling, although we may be extending this to other high-visibility activity in the future.

Sellers, please update your registered phone numbers
Now more than ever, having a current phone number on file with eBay is vital to the safety of the Community and to your business. A wrong or outdated phone number may delay your ability to list items or respond to your customers, if eBay cannot verify your identity.

Have a cell phone? Registering it could save you time and money
If you carry a mobile phone, we encourage you to add this number as a secondary phone number in your registration details, so that we can reach you when you are away from your business or residence where you normally use your trusted computer

source: http://www2.ebay.com/aw/core/200804.shtml#2008-04-14114255

I just have one question for John:

Knowing this is in place. Won’t the scammers/hijackers first change the phone number on the record, then wait a day or so, then list … so the phone authentication would end up in the lap of the hijacker?

… or does phone number change from a DIFFERENT than usual computer also trigger phone or additional verification? … I hope some multi level logic exists on this.

Update 4-19-2008: My question and few others were answered here: eBay Chatter
This change could not come fast enough, hopefully our steady Romanian Hacker will then be stopped from hijacking eBay seller accounts daily and publishing fake auctions, just like he has hijacked another eBay seller right now and publishing those typical high end scam auctions on eBay as we write this.