They have no security concept. After notifying me about the possible creation of new accounts using my credit card data - and thus potential credit card fraud - I have received no confirmation from eBay to this day as to whether the notification is genuine and whether my credit card data was actually used in full.

Credit card numbers can be automatically generated and then used - only through combination with address and name does a potential misuse result. Preventive blocking based on a non-detailed report would make credit cards pretty unusable.

Although I have meanwhile fulfilled all the strange requirements from these support trolls, there is no confirmation and no information about what eBay is now doing in this case. It would also be far too easy if they actually provided support.

The simplest thing would have been to just answer my question with "no, our data shows no multiple use of your data" or "yes, we have account registrations that use your complete data" or something similar. But no, instead you have to jump through a pile of pointless hoops and in the end you simply don't get an answer anymore. Really great.

Update: today I finally got a terse response (filled with technical incompetence about supposedly non-falsifiable header lines that point to some identities in emails - nonsense, the only non-falsifiable headers are server forwards, that says nothing about identity), stating that there are no irregularities and no double use of my credit card. Where exactly the emails came from that informed me about this double use (and where the non-falsifiable headers clearly mentioned eBay servers), they didn't tell me. Although they previously wanted to know exactly in several emails from me which headers these emails had so they could verify their authenticity.

In summary: a lot of blabber, a lot of delay, but in the end the whole thing leaves at best a feeling of confusion and technical incompetence at eBay. Given that they also operate one of the larger internet payment services with PayPal...

At heise online news there's the original article.