eBay is run by a bunch of idiots
eBay apparently (I don't know if it's really true) conducts checks on credit card number usage when registering new accounts. In any case, I received two emails from eBay stating that my credit card number registered with eBay was used to open new accounts.
I simply wanted confirmation from eBay that this situation is actually true. The emails apparently come from eBay (both Received lines and other elements are quite clear), so it should really be an email from them.
You would think there would be a simple and direct way to contact eBay about this abuse situation. Forget it.
The email itself only says something vague about contacting them. But not how. On their websites there is a contact option, but you have to search for the right category for this case - otherwise your email ends up in the wrong pile. Of course, credit card abuse isn't something you need to make directly accessible to customers upfront, no.
Then you send an email there and get a banal standard response that emails can be forged. Yes, and? I didn't want to know that, I wanted confirmation of whether my credit card was really used for other accounts and wanted to know how eBay will proceed with it. Whether the email that alerted me is genuine or not should be irrelevant, right? Forget it.
So I send my email to their wonderful spoof address. Then comes a terse response that they don't know what it's about and what my concern is, and they need my member ID. Okay, so I explain everything again and provide my member ID. Fine. Now they want the headers, even though I've already pointed out that the headers point to eBay. Even the Received lines - why does this miserable bot at eBay think it needs to babble about cryptic and incomprehensible header lines to me? I'm not a layperson, thanks, I can read my headers myself.
And now comes the kicker: for this banal information about how eBay proceeds with actual multiple use of credit card data, I cannot send from a different email address, but must send from the one registered with eBay. Because that's so much more secure. And because it's damn impossible with a mere forwarder address like the one I use for eBay. Idiots. They babble about headers and potentially forged emails (and about not being able to receive attachments because of virus risk - which of course unnecessarily complicates sending unmodified emails), but for security they want the sender registered with eBay. As if that weren't easy to forge.
Of course, the whole thing with back-and-forth takes about a week, because eBay only responds once a day. A week after being informed of possible credit card abuse and still no useful answer about what eBay intends to do - whether they will file a report, or if I have to, whether information is shared (whether it's even secured at all), etc.
What a mess. If there were a direct contact point for this admittedly fairly common situation of credit card abuse (preferably via the web interface, since they could then use the login credentials, which would be much safer for identification), and if competent employees were sitting at the other end instead of just bots, the whole thing could have been handled within a maximum of 2 days. But no, you have to make it extra complicated and extra stupid.
Needless to say, eBay points out that the email address used must be able to receive mail to register, but nowhere does it mention that you also need to be able to send emails from that email address.
