eBay 2FA complaints say it’s impacting business

eBay 2FA complaints say it's impacting business

A week ago we advised that a more robust eBay 2FA (Two-Factor authentication) implementation with enhanced security procedures was rolling out and, judging by the messages landing in my inbox this morning, it looks like it was dialled up in the past 24 hours to encompass more sellers.

The aim is simple, eBay 2FA is a requirement under the revised Payment Services Directive (PSD2), a regulation affecting users in the United Kingdom and the EU. As a result, you may be subject to additional verification, including by asking you to re-enter your login credentials or a one-time code sent to you via SMS when you undertake certain activities on eBay.

In itself, this shouldn’t cause a problem but unfortunately it is. eBay, even with multi-user accounts, isn’t developed enough to make enhanced security procedures easy for sellers with multiple employees. The truth is that even if you use multi-user accounts it’s likely that for many functions you’re still forced to share your eBay password with those that need access to the finance side of your account.

The result of the more stringent eBay 2FA is that all the text messages/eBay App log in confirmation requests go to a single user who has to guess who is trying to access their account and run across the office or warehouse to tell them the one time password from an SMS, or via the eBay App take a guess whether it’s a legitimate employee carrying out their work or if it’s someone trying to hack their account.

eBay development is something that users have put up with for years. The problem is that dev always seems to be behind the curve and dev roll outs in one space impact many other areas of selling activities. In this case, multi-user accounts are a start but need further dev and what looks like simple enhanced security procedures are highlighting that eBay are behind the curve on development.

If you are a sole trader and the only person that ever logs into your eBay account you shouldn’t have any problems. If you’re a larger business and need to give multiple people access, you’re going to have to get used to your mobile phone pinging on a regular basis and granting access so that your employees can get on with the job you’re paying them to do.

4 likes0 dislikes

Comments

we have a phone in a fixed position, that every one that needs to can access the code or re text the code to those that are out of office. it sort of makes a pigs lug out of security but gets the job done

r • 30th June 2022 •

I understand eBay have no choice but to implement this, but when you read the forums, it's turned into a disaster for so many people. I haven't been impacted too much so far, as I use a different desktop browser for each account, and stay logged in. Strangely for one account I only had the option for email verification and for the other I could choose between SMS or email. I chose the latter as I have poor mobile reception and my phone doesn't process SMS. Some people are asked to login and run through the verification every few minutes. That would drive me insane. Like others I often get automated emails asking if it is me trying to sign in, as the IP is only an approximation and sometimes varies a little.

Gareth • 30th June 2022 •

I just can't log-in for 9 days in the row. I don't receive any "verification messages" The system is totally broken. I try for 9 days in the row to get help and no-one help me. I have more than 10 orders and I can't log-in to handle the orders. Clients are mad and ask to cancel and for refund. eBay doesn't even try to help, for first time in my entire file I see a situation like this, for 9 days I can't log-in and they don't even care...

Daniel Anabille • 30th June 2022 •

we've had to set up a virtual web based mobile number, lord knows how insecure that is? its like having a security door with so many locks that people just wedge it open. i appreciate they HAVE to have this now they're a payment provider but 1) you get asked for 2FA for things nothing to do with payments all the time 2) the current delegate access tool isn't fit for purpose. I've spoken to a few other sellers and they all feel the same, it's just ANOTHER straw that eBay are laying on the camel's bag... I've been on ebay for years but im starting to think about going amazon-only this summer. eBay break things and never get round to fixing them

robert • 30th June 2022 •

Great article Chris. years ago loads of us advised eBay that if they went down the managed payments route they would need to properly address multi user login but what we have is an absolute joke and not fit for purpose. I do not know any sellers who can make it work therefore we are all still sharing our master passwords. We have outsourced employees so not in the same office so cannot have the 'shared mobile' approach advocated around the communities and I am spending half the day messaging codes on slack. All for a platform which already doesn't bring in anywhere near as much as others (all of which have multi user login nailed on) . another example where eBay's greed to take PayPal's slice of seller revenue without actually making any investment of money or time in building a decent product which was ready for sellers is their downfall. I suppose we just chalk this one up on the list headed 'why managed payments made us all realise how fabulous PayPal really was and that eBay is not relevant for businesses anymore'. The case that the ebay is a platform for anyone other than the one man band hobby seller is now unarguable. I think we have to start asking ourselves whether eBay is even relevant in 2022.

Horatio • 30th June 2022 •

This has been a major pain. We were first locked out a few weeks ago for an entire day, before changing our main number to someones mobile. This past few days has been a blizzard of sms while trying to do anything on ebay. Of course this is necessary as part of being a payments provider, something eBay seized on divorce with Paypal - and by and large threw enough resources at it to be no worse and delighted in telling Wall Street how it had got more revenue per seller. With this change it highlight's one of eBay's core weaknesses: the inflexibility in the tech stack and insufficient high quality tech resource to develop it past the inherited status quo. The multi-user function took forever to arrive and then when it did it turned out to be half-baked in terms of permissions. The 2FA requires a mobile phone to be the main number - as ebay tech has identified the verification number with the customer service number. It does allow email but we found this to be so slow amd unreliable to arrive that the chances are the screen had timed out. Verification by app - as paypal does - isn't possible as the app is the pride and joy ... for buyers ... once again lacks many seller functions (and in fact isn't all that great for buyers) If eBay wants to play at the forefront of commerce, then it will have regulations like this to comply with, and it needs to raise its tech game considerably if it is to avoid getting in the way of sellers trying to make it money.

David Brackin • 30th June 2022 •

And as ALLWAYS - it is completely broken :( When those morons will do ANYTHING right first time ???? Why do we have to be guinea pigs - and pay for the priviledge ?!?!?

robin • 1st July 2022 •

With regards to Multi user access, it is not possible to despatch an item from a staff members account if the item does not have a tracking number!!! 90% of our items are sent untracked.

lee graves • 1st July 2022 •

Agree with the comments here. The multi user access is very sub par and not fit for purpose. As an example, someone with order detail access can not access feedback details.

Alan • 1st July 2022 •

This has been going on for many days now. Calls to merchant support are met with "we know, its happening to all big sellers". We created a bunch of new accounts to at least do some of the tasks the multi user accounts allow you to do but when we created them, some were suspended because eBay's fraud detection thought we were setting up a lot of accounts from the same IP address for malicious purposes! When I spoke to merchant support they explained that the devs expected employees to use their PERSONAL eBay accounts for work - its bad enough having to use personal phones for 2FA who is going to want to see their work eBay account when they are looking at eBay at home? What about if they didn't have an eBay account? Amazon, for all their faults at least has a has proper multi user facilities. Messages, reports, other selling pages such as performance simply not there on the child accounts. It seems like there is no seller interaction when they are planning this stuff. To cap it off, our 3rd party provider implemented changes to their platform to adopt a new eBay API version and VAT rules, GSP addresses, handling times have all had to be corrected on the fly - not sure who I blame there but it certainly wasn't our fault. Its been a bad week with all these problems. I need a beer!

Mike • 1st July 2022 •

Usual eBay deployment - UTTER GARBAGE ! We have 9 people logged into eBay most days and they're ALL getting these stupid requests multiple times a day. Each time I have to either get a text or email to MY mobile phone and when I asked Concierge what happens when I go on holiday they actually said to get a PAYG mobile phone and change the number on eBay so the texts go to that. Multi user access does not exist to these clowns and this is why all the other platforms are trampelling all over eBay in every aspect. The site is a joke, I cannot WAIT until we're gone from it onto Shopify.

Noel • 1st July 2022 •

Well, I guess it follows from the old addage that "you can't polish a t**d" that it is indeed equally difficult to secure one. The questions I struggle with are 'Did eBay know the grief they were going cause?' and 'Did they bother to find out ahead of time?', or just thought it would be fun to see what happened. To balance this concern I see the Account Setting for Sign-in and Security has a "Devices you trust" section, and "These are the devices you've said you trust. You won't go through 2-step verification for them." ... the fact that I'm still required to run 2FA on them, sadly, isn't a surprise. I'm now trying to work out if this is a functionality bug (that it still prompts for 2FA on my devices) or a bug that this section exists and just hasn't been removed from the UI due to some oversight.

Chris C • 2nd July 2022 •

If we can afford the cost were going to buy lottery tickets using the numbers

R • 2nd July 2022 •

Sodding things just locked us out for the rest of the day Falsely saying the text numbers entered were not a match Yet we were extra diligent with the last 2attempts

R • 5th July 2022 •

This is causing MAJOR problems for our business. Multi access does not work either. eBay, PLEASE FIX!!

Mark • 6th July 2022 •

Why am I writing about YET MORE eBay problems? The site is a shambles, I just can’t carry on any more.

Jonty • 6th July 2022 •