This is what I've resorted to doing: keeping as small a balance as possible in Betfair.Alpha322 wrote:The best souloution is if you want to trade with a £5000 bank work out your maximum liability say 20% pre race markets and leave say £1200 in Betfair and the other £3800 on a deposit card you use with BF and top it up every time you have a bad drawdown or withdraw to your card when in profit, at least your not keeping a big attractive balance for hackers
WARNING - Betfair account hacked / fraud
Something odd happened yesterday.
May be connected (or not) but I got a call from the fraud department of my Credit Card company who said my number had been compromised. As it happens I had attempted a BF transaction just several hours earlier that had failed because I had selected the wrong card. I quickly realised my error and completed the transaction on the correct card.
However, when I queried my complaining CC company as to how my CC had been compromised they refused to name the website as it was under investigation. Betfair is the only website that that particular card is attached to and I have never used that card for any online purchases.
I do think BF has a major issue with security and it was only when I read this thread that yesterdays conversation made sense to me.
Play careful.
May be connected (or not) but I got a call from the fraud department of my Credit Card company who said my number had been compromised. As it happens I had attempted a BF transaction just several hours earlier that had failed because I had selected the wrong card. I quickly realised my error and completed the transaction on the correct card.
However, when I queried my complaining CC company as to how my CC had been compromised they refused to name the website as it was under investigation. Betfair is the only website that that particular card is attached to and I have never used that card for any online purchases.
I do think BF has a major issue with security and it was only when I read this thread that yesterdays conversation made sense to me.
Play careful.
-
enzabella2009
- Posts: 747
- Joined: Tue Nov 03, 2009 3:58 pm
I have watched an Interview last night which gave me a good clue how weak is in general online security.
A journalist interviewed a member of the Anonymous group, ( http://en.wikipedia.org/wiki/Anonymous_%28group%29), and asked him how long did it take to bridge the bank security? He answeared: 15 minutes. Then the journalist asked him what about the FBI and CIA? He answeared: a bit longer then 15 minutes
.
The journalist asked him which websites are the most difficult to get in? He answeared: Facebook, Google and Twitter.
The group has not denied such interview, the member which spoke in TV was given permission to answear a few questions then it is assumed that it was genuine.
A journalist interviewed a member of the Anonymous group, ( http://en.wikipedia.org/wiki/Anonymous_%28group%29), and asked him how long did it take to bridge the bank security? He answeared: 15 minutes. Then the journalist asked him what about the FBI and CIA? He answeared: a bit longer then 15 minutes
.The journalist asked him which websites are the most difficult to get in? He answeared: Facebook, Google and Twitter.
The group has not denied such interview, the member which spoke in TV was given permission to answear a few questions then it is assumed that it was genuine.
I emailed Betfair this morning to let them know my concerns re. security. I asked:
Does Betfair have any plans to bolster its security arrangements, for example by introducing pin entry systems of the type used by retail banks, or sending a confirmation email to customers when they want to make add a new payment method, requiring them to click a link to verify that the request was made by them?
This was their response:
I can confirm that we already send an automated email in the event that your details are changed, for example if a password is amended, then an email will be sent to your accounts registered email address to confirm this.
We also have in place a closed loop policy which is there to prevent money laundering, in which you have to level off all payment methods by withdrawing back the same amount you have deposited before you can choose which way the funds return.
Obviously the customer from there own computer needs to ensure that they are secure also, as they're ultimately responsible for there own security by having a strong password as well as a good anti virus package which is run regularly.
As a company that prides itself on being the worlds largest betting exchange, I can confirm that we're always investing in ways to make us as secure as possible, and will continue to do so to be compliant with Industry standards.
A pin entry system for your cards would not work with Betfair as we have no access to banking information such as pin codes, which is why we have a password entry system to confirm a deposit or withdrawal for example.
Most banks providing Visa or Mastercards as payment methods will also have in place Verified by Visa or Securecodes attached, however you may need to speak to your bank about how to set this up.
http://www.mastercard.us/support/securecode.html
http://www.visaeurope.com/en/cardholder ... _visa.aspx
Please also remember that if you wanted to change any of your security questions to stronger ones that you can contact the Helpdesk on the number below and amend these for you.
Jeff
Does Betfair have any plans to bolster its security arrangements, for example by introducing pin entry systems of the type used by retail banks, or sending a confirmation email to customers when they want to make add a new payment method, requiring them to click a link to verify that the request was made by them?
This was their response:
I can confirm that we already send an automated email in the event that your details are changed, for example if a password is amended, then an email will be sent to your accounts registered email address to confirm this.
We also have in place a closed loop policy which is there to prevent money laundering, in which you have to level off all payment methods by withdrawing back the same amount you have deposited before you can choose which way the funds return.
Obviously the customer from there own computer needs to ensure that they are secure also, as they're ultimately responsible for there own security by having a strong password as well as a good anti virus package which is run regularly.
As a company that prides itself on being the worlds largest betting exchange, I can confirm that we're always investing in ways to make us as secure as possible, and will continue to do so to be compliant with Industry standards.
A pin entry system for your cards would not work with Betfair as we have no access to banking information such as pin codes, which is why we have a password entry system to confirm a deposit or withdrawal for example.
Most banks providing Visa or Mastercards as payment methods will also have in place Verified by Visa or Securecodes attached, however you may need to speak to your bank about how to set this up.
http://www.mastercard.us/support/securecode.html
http://www.visaeurope.com/en/cardholder ... _visa.aspx
Please also remember that if you wanted to change any of your security questions to stronger ones that you can contact the Helpdesk on the number below and amend these for you.
Jeff
Re: 'A pin entry system for your cards would not work with Betfair as we have no access to banking information such as pin codes, which is why we have a password entry system to confirm a deposit or withdrawal for example.'
Betfair seem to be missing the obvious point that they could set up a pin no, which could be entered into a Betfair-issued hand-held device before money can be withdrawn from Betfair...
Jeff
Betfair seem to be missing the obvious point that they could set up a pin no, which could be entered into a Betfair-issued hand-held device before money can be withdrawn from Betfair...
Jeff
-
SamWilson82
- Posts: 95
- Joined: Sat Jan 02, 2010 11:23 am
I got done as-well and have published the bones of it on my blog.
Not sure I'm allowed to link to it from here.
Not sure I'm allowed to link to it from here.
Do it, this is an important subject. You're not trying to sell us anythingSamWilson82 wrote:I got done as-well and have published the bones of it on my blog.
Not sure I'm allowed to link to it from here.
I'd be interested to know if all victims compared notes, whether there's something, no matter how small, that highlights potential patterns
I'd also be interested to see what happens if someone developed a website asking for victims to join forces, highlighting BF's inadequate systems and their appalling attitude to them.
Would BF respond positively, or would they try to close it down, or threaten legal action?
-
SamWilson82
- Posts: 95
- Joined: Sat Jan 02, 2010 11:23 am
I agree its a huge problem.
Since reading about hgodden's recent story and with Cheltenham just round the corner i think its important people know my story.
http://samwilson82.blogspot.com/2012/03 ... fraud.html
Since reading about hgodden's recent story and with Cheltenham just round the corner i think its important people know my story.
http://samwilson82.blogspot.com/2012/03 ... fraud.html
-
superfrank
- Posts: 2762
- Joined: Fri Aug 14, 2009 8:28 pm
thanks for the info Sam.
pwd changed (although i'm gonna have problems if i ever need to login in a rush!).
i hadn't changed my pwd for years, so if i get done in the near future i'll know it's the Change Password page that has been hacked.
my general advice is to clear browser cookies after each trading session (if you login via a browser too) and don't use password storing tools.
also i can recommend Microsoft Security Essentials for anti-virus, it's free and doesn't hammer your machine like Norton, AVG etc.
http://windows.microsoft.com/en-GB/wind ... essentials
edit: can BetAngel confirm that when the password is entered in BA Pro that it is not recorded in any local files?
pwd changed (although i'm gonna have problems if i ever need to login in a rush!).
i hadn't changed my pwd for years, so if i get done in the near future i'll know it's the Change Password page that has been hacked.
my general advice is to clear browser cookies after each trading session (if you login via a browser too) and don't use password storing tools.
also i can recommend Microsoft Security Essentials for anti-virus, it's free and doesn't hammer your machine like Norton, AVG etc.
http://windows.microsoft.com/en-GB/wind ... essentials
edit: can BetAngel confirm that when the password is entered in BA Pro that it is not recorded in any local files?
-
convoysur-2
- Posts: 1110
- Joined: Thu Jan 12, 2012 10:00 am
Hi SAM
IM reading your blog,its very interesting ,all of it.
Thanks you for running a blog ,they are invaluable for people trying to make a living from this .
Marc
IM reading your blog,its very interesting ,all of it.
Thanks you for running a blog ,they are invaluable for people trying to make a living from this .
Marc
-
spreadbetting
- Posts: 3140
- Joined: Sun Jan 31, 2010 8:06 pm
SamWilson82 wrote:I agree its a huge problem.
Since reading about hgodden's recent story and with Cheltenham just round the corner i think its important people know my story.
http://samwilson82.blogspot.com/2012/03 ... fraud.html
Seems to be happening all over the place, I saw on the geeks toy chat one of their users was also hacked and they'd dumped his balance on a winning bet to withdraw the cash via another withdrawal method. Dunno if he got to keep the cash.
I've been considering setting up some bot to monitor and alert me to any odd access to my account via monitoring the security tab https://accountservices.betfair.com/acc ... ecurity.do
Be easier if they allowed us access to those details via the API.
Need to think of some way to freeze the account if any odd activity is detected though so if any one has any ideas just post. I think incorrect logins will lock the account but possibly not for anyone already logged in.
Harder to withdraw your balance, much easier and more opaque to shuffle the money off in a losing bet.
I also know somebody who has been de-frauded and Betfair just washed their hands of it despite the fact he was a 60% payer and it was just a fraction of his previous months commission. They said it was a case of joy riding, somebody placing bets for 'a laugh' yeah, really funny.
I think Betfair have a problem and they are not letting us know about it. You hear about the odd fraud everywhere, but it seems very widespread on Betfair. They don't seem to take it seriously either.
What annoys me more is they would if it meant they had money at risk. But because they can force the lose onto somebody else, they don't seemed too bothered by it.
I also know somebody who has been de-frauded and Betfair just washed their hands of it despite the fact he was a 60% payer and it was just a fraction of his previous months commission. They said it was a case of joy riding, somebody placing bets for 'a laugh' yeah, really funny.
I think Betfair have a problem and they are not letting us know about it. You hear about the odd fraud everywhere, but it seems very widespread on Betfair. They don't seem to take it seriously either.
What annoys me more is they would if it meant they had money at risk. But because they can force the lose onto somebody else, they don't seemed too bothered by it.