General Betting
There is currently 1 person viewing this thread.
Hi All,
The betfair Q&A session is to be held on the 14th December. I think these sessions are always a good opportunity to get ideas/questions aired esp as it goes to the top management. A major issue I have with betfair is the concerns with leaving money in my account. I go to great measures to ensure protection of my pcs to keep away criminal activity such as viruses/trojans/key loggers etc as will become apparent. Below are the ideas I have come up with to try and prevent unlawful account hacks and so I ask if anybody has any further ideas which I can put to betfair with my own. I think it will also be interesting to see which ideas/questions get avoided (if in fact any do).
1) can we have an "Exposure limit" at bet level not just full account? This would be a fantastic extra as many of us will rarely place a bet above a certain amount. If someone hacks your account, they will likely try and transfer your money in several ways (to be explained below) one of which is to place a bet with the hacked funds and lay it off with their other account. This I assume would be done with highly liquid events i.e., an important football match where it is nigh on impossible to see where it would have been transferred. By having a bet exposure limit, the criminal would have to place numerous bets in order to "transfer" funds. This could prevent losing the whole bank immediately with the chance of noticing the hack earlier. Also, it may be possible for betfair security to whittle down the possible criminals (all users betting in same events).
2) Player protection - Another way criminals could transfer funds is to do it via a different route (not just sports betting), through Poker. Seems unlikely that it would be possible via Arcade, Casino or Games (please can someone advise?) as never used and never will. I read elsewhere that to prevent such an action you could exclude yourself from these parts of the site via: My Account -> My Profile. You can exclude yourself from Poker, but the problem is you can only exclude yourself for 6 months. Please can this be extended? I would like to exclude myself permanently and I'm sure many others would!
3) Can we be have an option to be emailed/SMS if our ip address changes? I only ever access my computers from my home pcs as know they are as clean as possible (I don't use them for anything else - casual internet perusal is done on seperate computer - different router/internet point). When I am away from home I will always remote-desktop to my home machine (via https) with other tricks like not typing in full password but copying in and pasting bits of password to crop up any keylogger (as well as sandboxes around internet explorer) etc...okay I'm waffling but thought I'd mention this for anyone who is also wondering how to minimise problems when having to use internet access from an external source.
4) Can we have options to restrict access from other countries (but no option to unrestrict) - this should be possible by analysing the login ip address. If we go on holiday abroad and want to access betfair, maybe lifting of the country restriction should only be allowed by phoning betfair (not a web-account option) - I am assuming there would be security checks done over phone, maybe also some email confirmation (a link you have to click)? I believe something like this used to be an option why has it been removed?
5) I know that if there were unscrupulous employees at betfair, account login info could be easily leaked or could it? What measures do betfair use to ensure the security of member's accounts? I assume there is some kind of top encryption on login details but is there additional security on these databases to prevent say any betfair developer querying this data?
I know these points/ideas aren't all perfect but I think they could help and am happy to be corrected if I have misunderstood or not thought of something - please correct me!
The betfair Q&A session is to be held on the 14th December. I think these sessions are always a good opportunity to get ideas/questions aired esp as it goes to the top management. A major issue I have with betfair is the concerns with leaving money in my account. I go to great measures to ensure protection of my pcs to keep away criminal activity such as viruses/trojans/key loggers etc as will become apparent. Below are the ideas I have come up with to try and prevent unlawful account hacks and so I ask if anybody has any further ideas which I can put to betfair with my own. I think it will also be interesting to see which ideas/questions get avoided (if in fact any do).
1) can we have an "Exposure limit" at bet level not just full account? This would be a fantastic extra as many of us will rarely place a bet above a certain amount. If someone hacks your account, they will likely try and transfer your money in several ways (to be explained below) one of which is to place a bet with the hacked funds and lay it off with their other account. This I assume would be done with highly liquid events i.e., an important football match where it is nigh on impossible to see where it would have been transferred. By having a bet exposure limit, the criminal would have to place numerous bets in order to "transfer" funds. This could prevent losing the whole bank immediately with the chance of noticing the hack earlier. Also, it may be possible for betfair security to whittle down the possible criminals (all users betting in same events).
2) Player protection - Another way criminals could transfer funds is to do it via a different route (not just sports betting), through Poker. Seems unlikely that it would be possible via Arcade, Casino or Games (please can someone advise?) as never used and never will. I read elsewhere that to prevent such an action you could exclude yourself from these parts of the site via: My Account -> My Profile. You can exclude yourself from Poker, but the problem is you can only exclude yourself for 6 months. Please can this be extended? I would like to exclude myself permanently and I'm sure many others would!
3) Can we be have an option to be emailed/SMS if our ip address changes? I only ever access my computers from my home pcs as know they are as clean as possible (I don't use them for anything else - casual internet perusal is done on seperate computer - different router/internet point). When I am away from home I will always remote-desktop to my home machine (via https) with other tricks like not typing in full password but copying in and pasting bits of password to crop up any keylogger (as well as sandboxes around internet explorer) etc...okay I'm waffling but thought I'd mention this for anyone who is also wondering how to minimise problems when having to use internet access from an external source.
4) Can we have options to restrict access from other countries (but no option to unrestrict) - this should be possible by analysing the login ip address. If we go on holiday abroad and want to access betfair, maybe lifting of the country restriction should only be allowed by phoning betfair (not a web-account option) - I am assuming there would be security checks done over phone, maybe also some email confirmation (a link you have to click)? I believe something like this used to be an option why has it been removed?
5) I know that if there were unscrupulous employees at betfair, account login info could be easily leaked or could it? What measures do betfair use to ensure the security of member's accounts? I assume there is some kind of top encryption on login details but is there additional security on these databases to prevent say any betfair developer querying this data?
I know these points/ideas aren't all perfect but I think they could help and am happy to be corrected if I have misunderstood or not thought of something - please correct me!
sort by:
Show
per page
Replies: 48
|
By:
What is the actual history on BF accounts being hacked and monies transferred out ?
Has BF compensated people ? |
|
By:
Great questions, thanks - i'll add them to list.
Just wanted to clarify point 1 above, I meant an optional "Exposure limit" at selection level. I.e., in the Match Odds market in a football match your maximum exposure could be set to a certain amount on each outcome (if possible, taking into consideration exposure reduction when multiple selections bet on, for example, you layed the draw and the home team). |
|
By:
When accounts are comprimised, Betfair deal with it on a case by case basis. There have definitely been threads on here from people who have lost their money and not been reimbursed and this makes your questions very valid.
I too am concerned about security and don't really want to have to go down the route of withdrawing all my funds on a Sunday night and redepositing on Saturday morning (as a football gambler). I know some people who put their money into a long term market (eg. try and back Chelsea at 1000 for the league) so that they have a very low available balance when they do not require the funds but this isn't particularly practical and there is always the risk of a mistake entering the bet. I think other options would be to have a 'cool off' period before any new cards can be added or ip addresses used. So you could register a new card but it would take 5 days before it became active. Another would be an email generated everytime a login is attempted from a new ip or some other fundamental change is made to your account. |
|
By:
Getafix for the player protection #2 they need a written request after the 6 months to reopen those parts of the site but I do agree with all the other points. It's about time betfair starting taking the security of peoples money more seriously even the second stage of a dropdown memorable word like the banks use would be a step in the right direction. I emailed asking why the country restrictions were removed and never even had a reply.
|
|
By:
If you search for hacks into betfair account, there are some on forums but a few years ago. On-line security in general has gotten stronger over the past two years (a friend of mine works in Canada in security) especially with instant alerts for the companies.
Security is as strong as you want to make it. Coming up with a rolling security password is good that you change regularly. If you use public wireless or an internet cafe, change your password as soon as you get in. There are still keystroke programs out there and with wireless, it is even easier (I know someone that found a camera hidden in their coffee shop that was also looking over people's shoulders at the sofa). If you know you are going to use an internet cafe or wireless, change it from your usual before you leave home and change it when you get back. ALSO: use a separate password to other accounts you have. Just changing a letter or a number is enough to flag up blocked attempts to the security team if someone has an old password. |
|
By:
Maximum exposure limits *per market* would be a fantastic addition IMO. Not just for account security, but also for protection against stupid typing mistakes! I asked about this in a previous Q&A and Betfair said they 'might look into it'. Of course, nothing came of it.
Another VITAL security feature would be the option to access Betfair completely over a secure connection, ie httpS://www.betfair.com/ - for all betting, not just account login. If you don't think this is important, just google for 'firesheep' and see how easy it is to hack into peoples' facebook accounts and email. Betfair is open and vulnerable to this problem as well. |
|
By:
I log in and out of my account all the time, so the current display of the ip address for the last 10 log-ins is completely useless. It might only go back half an hour. It would be better if they had the last 10 log-ins from each ip-address used to access my account. And the email if the IP address changes is a great idea.
|
|
By:
on your first point I recently tried to transfer some money from my wifes account to mine by placing losing bets in the old days this was never a problem but the next day both accounts were suspended and I was told this was money laundering and if it happened again I would be permanently suspended so I think if someone tried that illegally it would probably be picked up immediately by betfair which is encouraging
|
|
By:
getafix that is a good idea.
I know of at least one major security risk that has been with us for as long as I can remember. I can log into the account of anyone I know without needing to know their password. Indeed betfair customer services staff could also breach this security risk. Its probably not wise to expand further as I might encourage its use. |
|
By:
Thanks for response so far, the list is growing and think there are some great points.
I noticed a mistake in my original post: 3) Can we be have an option to be emailed/SMS if our ip address changes? I only ever access my computers from my home pcs should have been 3) Can we be have an option to be emailed/SMS if our ip address changes? I only ever access my betting accounts from my home pcs but I think you worked out what I was going on about. I would like to just go over a few points: mc selectaI too am concerned about security and don't really want to have to go down the route of withdrawing all my funds on a Sunday night and redepositing on Saturday morning (as a football gambler). this is a problem especially when it takes several days for the money to land in your bank account as you end up with having to have much more in your bank account than that needed to cover your bets over several days. I wonder if the funds, nowadays, can be transferred immediately. I know certain banks can do it within 2 hours. Another question added. I think other options would be to have a 'cool off' period before any new cards can be added or ip addresses used. So you could register a new card but it would take 5 days before it became active. I don't think the ip cooling off would work because people need access straight away. I agree with an email notification if a card is added to your account though in this situation I suspect the new account would be traceable, though I don't purport to understand situation with say Neteller/paypal I assume equally as strict? Ghetto Joe Getafix for the player protection #2 they need a written request after the 6 months to reopen those parts of the site but I do agree with all the other points. In that case, it is probably fine as is - I'll take off list. It's about time betfair starting taking the security of peoples money more seriously even the second stage of a dropdown memorable word like the banks use would be a step in the right direction. I emailed asking why the country restrictions were removed and never even had a reply. I emailed asking why the country restrictions were removed and never even had a reply. Great idea about memorable word with drop downs to select letters, this would certainly get around most of the key loggers. I suspect the country ip became too difficult to maintain? But that is bad you got no reply. Astonishingly, they mustn't see this as being an important issue? Would be interesting the response to Fine As Frog Hair's questions, in case I worry unnecessarily, but I doubt that! SHAPESHIFTER - some good points, the https which Mr Magoo refers to would get round most public wifi issues etc but not sure what the burden would be to betfair. When encrypting the posts to and from the source extra bumf is added to the bandwidth but seeing as the api works completely over https, I don't see why the website can't, I am sure with todays internet speeds the https would be negligable - I'm just trying to gauge what a betfair response would be to this. The https usage would also get rid of that annoying messagebox that appears everytime I want to go to my account (such a simple fix to this - and has been there for years...anyway I am going off topic!). Mr Magoo - Thinking this through more, I think your idea of exposure at the market level, instead of selection, would be better. I am thinking of which would be better for the majority of customers (I still need to think this through more)? The idea here which touches on what "The Management" says about cost to betfair to implement this would be to keep this as low as possible. Betfair already have the mechanism in place to prevent exposure over a set amount. It would take very little IT development work, to add a little extra logic to use this same functionality at a market/selection level. So I wouldn't be too bothered whether market or selection I think, as long as bf could implement something quickly on current mechanism. The Management - I have made requests to the betfair api team before, still not been implemented but is always worth a try as you never know lol. Thanks for acknowledgement with thought and time, I am sure many others consider these points and have emailed as expressed, fortunately with the q&a and this thread(hopefully), there will be no way bf can avoid answering/action? One other point, it is of interest to betfair for the following 2 reasons: 1) if the customers are more comfortable with regards their account security they are more likely to leave their funds in their accounts. I assume betfair make interest from the money in our accounts (admittedly, not much by today's standards but still extra money and esp when the economic conditions improve again) - another question for the list (interest on customer's accounts) ;) 2) bad publicity. I am the one and only223 I log in and out of my account all the time, so the current display of the ip address for the last 10 log-ins is completely useless. It might only go back half an hour. It would be better if they had the last 10 log-ins from each ip-address used to access my account. I have often thought the same, good point and thanks for reminding me. Added to list. cragihol on your first point I recently tried to transfer some money from my wifes account to mine by placing losing bets in the old days this was never a problem but the next day both accounts were suspended and I was told this was money laundering and if it happened again I would be permanently suspended so I think if someone tried that illegally it would probably be picked up immediately by betfair which is encouraging I can't see how betfair would pick up this information on a highly liquid market, I suspect this was more the result of additional information being used such as a cross-check against surname/address and bet amounts? hazel That is very worrying, esp if not to do with the issue expressed by Mr Magoo? I will post a summary in the next few days, once the topic has been saturated. |
|
By:
Getafix, have a look at this thread.
http://community.betfair.com/general_betting/go/thread/view/94082/24896773/Where039;s_the_thread_on_hacked_Betfair_accounts_amp;_Security |
|
By:
Thanks investor, will check that in a minute.
cragihol - just thought, bf could have picked up on this "transferral" if you were using the same internet connection (ip address)? |
|
By:
The Investor, I remember these threads, I even remember the one that has disappeared, I think that in fact initiated my concerns. I do remember you posting questions about anti-keylogging software. I did my own research and wasn't entirely convinced these anti-keylogging solutions actually worked, they talked of low level capture then encryption but the bugging question was if they can catch it at that level and encrypt it, why can't a keylogger do the same? I read on other forums that they would cut out many keyloggers but the more advanced would get round it for the reason I just specified. This lead my research to the conclusion that there is no way of preventing keylogging (not sure about macs), however there is a way of preventing the download of malicious software (to an extent) over the internet, and thus, the keylogging software in the first place. I found some software called Sandboxie, google it, it'll become clear but you really need a "clean" computer before you can use it confidently. I suspect the same could be done for free using "virtual pc", but you would have to give it some thought which I have not.
My concerns are more with the possibility of unscrupulous employees (due to my setup), but if I ever fell foul to such a theft, there is no way of proving one way or the other! |
|
By:
don't really want to have to go down the route of withdrawing all my funds on a Sunday night and redepositing on Saturday morning
What is difficult about doing that? a few clicks of a mouse is all it takes. |
|
By:
Betfair withdrawals take from 3-5 working days to clear (to a bank - not sure of other methods i.e., paypal/neteller if accepted?). So this means you need 5-7x your req'd liability sitting in your bank as deposit should be immediate. The other problem is the maximum withdrawal allowed which is around £30k. UK banks only guarantee £50k so becomes difficult for the big UK players. Setting up many bank accounts is the only way, but that becomes extremely messy.
|
|
By:
You can withdraw more than 30k i think.
|
|
By:
Withdrawls from betfair are usually quite quick for me, 3 days maximum.
might depend wht bank you're with though |
|
By:
Avocado, I think it is the Visa restriction I refer to.
I have emailed the following: Hi, My questions are mainly to do with client security. I would be extremely grateful if you could answer, advise and possibly commit to some of the questions/ideas/recommendations that follow. I started a thread to discuss this in more detail here: http://community.betfair.com/general_betting/go/thread/view/94082/26407401/Betfair_Security_Improvement_IdeasQuestions because I have no idea when the next q&a session would be I thought a thread would be better to discuss upfront the interests of fellow clients. The points are discussed in much depth in the above thread but I will rewrite (more succinctly) below: 1) Please can we have an "Exposure limit" at market/selection level not just full account? This would be a fantastic extra as many of us will rarely place a bet above a certain amount. If someone hacks your account, they will likely try and transfer your money in several ways (to be explained below) one of which is to place a bet with the hacked funds and lay it off with their other account. This I assume would be done with highly liquid events i.e., an important football match where it is nigh on impossible to see where it would have been transferred. By having a bet exposure limit, the criminal would have to place numerous bets in order to "transfer" funds. This could prevent losing the whole bank immediately with the chance of noticing the hack earlier. Also, it may be possible for betfair security to whittle down the possible criminals (all users betting in same events). This option would also have another massive improvement as it could help protect clients against spelling mistakes i.e., backing for £1000 when you meant £100 could be avoided if client had say a limit of £500 defined! 2) Please can we be have an option to be emailed/SMS if our login ip address changes? Letting us know when an ip login address changes allows us to change passwords / contact the betfair security team immediately if we know it isn't us. 3) Please can we have options to restrict access from other countries (but no option to unrestrict) - this should be possible by analysing the login ip address. If we go on holiday abroad and want to access betfair, maybe lifting of the country restriction should only be allowed by phoning betfair (not a web-account option) - I am assuming there would be security checks done over phone, maybe also some email confirmation (a link you have to click)? I believe something like this used to be an option why has it been removed? 4) I know that if there were unscrupulous employees at betfair, account login info could be easily leaked or could it? What measures do betfair use to ensure the security of member's accounts? I assume there is some kind of top encryption on login details but is there additional security on these databases to prevent say any betfair developer querying this data? 5) What is the actual history on BF accounts being hacked and monies transferred out ? Has BF compensated people ? 6) What happens when people add new bank cards to their betfair accounts, can they withdraw funds immediately to these different accounts? If immediate withdrawal possible and money was withdrawn to a criminal bank account would this be the responsibility of betfair/the bank/the client? Perhaps a cool off period would be beneficial for withdrawals to new cards? This leads onto next question: 7) Please can we be have an option to be emailed/SMS if sensitive data is changed on the site i.e., password changes, address changes, bank/credit cards added to account etc. 8) Please can we have a tighter login to the website, i.e., what banks use i.e., select letters from a memorable word/password from drop down boxes - this makes it more difficult for keyloggers to pick this info up. 9) Please can the whole website be changed to use https (like the api) so that users using public wifi etc have more security (prevent their sessions being cloned etc)? 10) The current security feature on the website shows the last 10 logins, this is not very practical as many users login multiple times during the day. Instead could we have a list of all distinct ip addresses with the last time it was used to login (say for last 6 months)? 11) Please can you contact the forumite known as Hazel to rectify a known security problem - "I can log into the account of anyone I know without needing to know their password. Indeed betfair customer services staff could also breach this security risk." 12) Do betfair have any additional security improvements planned for the future which is not contained in the above list? Non security related questions: 1) Do betfair earn interest on client's funds? If so, are client's funds higher than £50k protected? Hopefully you will see the recommendations as reasonable and push forward such implementation. I believe this would be a win-win for both betfair and client. Please keep an eye on the above thread as I am sure there will be more to debate when your response is published. I will republish the thread if it get culled after a certain amount of time (not sure if content expires on this new forum), so just search for the title "Betfair Security Improvement Ideas/Questions" in the General Betting section in such an event. Many thanks Getafix P.S. - this has taken me a long time to write so please confirm receipt of this email. |
|
By:
Sorry about formatting,
also Hazel, I hope you don't mind me asking them to contact you as think it extremely important they should be aware of such issues for the benefit of all of us. |
|
By:
excellant stuff lads
|
|
By:
3 days for a withdrawal is a joke. I'm sure somebody asked them in the last Q&A if they had plans to offer quicker withdrawals. Worth asking them again I suppose, I'll send an email.
|
|
By:
Good email, btw.
|
|
By:
Thanks all for input into this :)
Got a quick confirmation which is good: Dear Sir/Madam, Thank you for your contribution to the forum Q&A session. It is greatly appreciated and will assist us making improvements to our product. Unfortunately it is not possible for us to respond to each email individually but we will endeavour to answer all questions raised via the live Q&A session. Should you have any queries about the site or your account, please e-mail our Helpdesk on info@betfair.com. Kind regards, The Betfair Team |
|
By:
getafix i don't mind if they contact me. If they don't contact me by Monday I will add the detail to this thread so you can then add it to your Q&A request if you want.
Well done on bringing all this together. |
|
By:
I am really glad you don't mind, after I had sent the email I kicked myself, I should not have sent that without asking your permission first (sorry). I need to learn to think a bit more before going headlong into things (like some of my bets earlier
 lol ).If the issue is not related to cloning sessions over say a public network, it perhaps best not to publish details here like you originally said as I am doubtful you will be contacted anyway - would like to be proved wrong though? Maybe send direct to them via that q&a email address on Monday if you have not heard anything? |
|
By:
Good email getafix,
I can answer the non security question: Non security related questions: 1) Do betfair earn interest on client's funds? If so, are client's funds higher than £50k protected? Yes they do. "In addition, revenue from management of customer funds fell by £5.7 million to £2.6 million during the year as a result of the low interest rate environment." this is a quote from Betfair investor relations. [b]Obviously funds are not protected even below £50k (if you are referring to government guarantees for bank accounts, which I guess you are), that doesn't apply at all. |
|
By:
That's scary The Investor, so in essence, if the banks which betfair earn interest from go bust, we will lose all our account money?
I assume it isn't that straight-forward, they probably hold the money in hundreds(?) of different bank accounts so the threat is minimalised. It begs the question though as to whether they would push the losses in such an event onto the customer!? |
|
By:
Getafix, I don't think that's a big worry to be honest.
I know Betfair do indeed hold their money with a wide variety of institutions to minimalise this risk. You can be extremely confident that Betfair will take the loss if funds are lost, as it would kill the business if they didn't. Betfair have colossal cash reserves, so I think in this respect your money is safer with Betfair than with a bank. In other ways your funds are far less secure though. Fraudulent activity being one example. I have had my credit card cloned before, and the bank took the losses (I didn't need to pay), there are rules and laws covering these kind of events, which don't apply to Betting exchanges. That is a far larger concern than a bank holding customer funds going bust. |
|
By:
Hi The Investor, I agree, probably not a big worry to be honest. As long as betfair don't have their colossal cash reserves in the bank that goes bust lol. No seriously, I know these reserves will likely be spread with rest. From my limited understanding of these things (I will read up on) the 50k guarantee is just that, a guarantee! So imo has to be safer in a bank account than betfair because you know for definite it will not disappear with the bank. I can imagine it would be almost impossible for betfair or any exchange to ever compensate fraudulent activity as people could dishonestly claim the huge bet they just lost was the result of their account being hacked? All we can hope for (imo) is for betfair to take some of the advice above to limit these problems as much as possible.
I am thinking about your example of a credit card being cloned and the difference between that and say a huge bet being placed from an alternate ip address in irregular fashion? I wish I knew more about the methods banks use to compensate they must be insured or something, could betfair follow such a lead? Would it be possible? Do they already? Who knows!? Probably getting ahead of myself, as hopefully the answers to FAFH's questions will shed light on this! |
|
By:
Getafix - this knowledge is from 3 years ago but i don't think much has changed.. if your card is fraudulently used and your bank returns the money to you, it is likely although not 100% certain that the funds will be taken off the merchant where the funds were spent. so if someone gets your card details and buys a macbook on Dixons website, your bank will ask Dixons for proof it was you that made the transaction. They will almost certainly be unable to do this, and then your bank will take the money from Dixons and give it to you. It is the exception to the rule where a bank will actually lose money itself by compensating a victim of fraud when the bank is not directly responsible itself.
|
|
By:
getafix I did get a call from betfair. I am not sure if they feel it is such a security risk as I do. I will let you decide if you want to include it.
It concerns "forgot my password" procedure. You can log into someone else's account without knowing their password. All you need to know is their username, email and 2 security questions. The 2 security questions can be as little as D.O.B and where born. Some people at betfair know all four requirements. For instance if you phone with an account query you give them the answer to your 2 security questions. They could write them down and pass the information onto a third party residing anywhere in the world. You cannot change your security questions online, you have to phone betfair customer services and allow them to make the changes. Again adding to the risk. Anyone who is a close friend of yours may also know the answers by default and be able to access your account. All my bank accounts require more secure methods if you forget your password, such as emailing you with a code or a temporary password. One of my banks only allows postal method. Security questions are just that, they are not a replacement for a password. I can see that a third party who may be given such details would need to act carefully, but their is a good chance that anyone who has had their account password changed and bets placed without their knowledge has fallen foul to this security risk. |
|
By:
Is anyone asking any of these on the Q&A tomorrow?
|
|
By:
Yojimbo - that is very interesting, using an analogy for betfair it would be almost impossible for them to know where the fradulent part of the bet went so would have to be betfair giving the refund (if they would) in such an event.
Hazel, I phoned betfair at the weekend and I recall having to say my name and dob into a "speech recognition" program. I suspect this will get round some of the worry about betfair employee's tracking your info? I don't know whether you are asked again by the operator for such details as I wasn't phoning to place a bet/change account details. It has been around 6 years since I opened my original account and can't even remember entering security questions? Maybe I should pretend I have lost my password for an account and see what the procedure is? Unless one of you who know the procedure are happy to email some suggestions/questions about this part of "can't remember password" to betfair? The only questions I have emailed so far are those as per my 09 Dec 10 12:17 post. |
|
By:
I forgot to mention, it's a credit to betfair that they did get in touch with you Hazel, indicates they do take security extremely seriously.
|
|
By:
Getafix is sent the following to livechat;
"Further to the questions submitted by Getafix, do you believe that your procedure for customers to obtain new passwords when they have forgotten theirs is as secure from fraudulent use as that provided by mainstream online banks?" |
|
By:
Getafix sorry for typo - I should have said - I sent the following to livechat
|
|
By:
Thanks Hazel
|
|
By:
Betfair Live Chat Date Joined: 07 Jun 00
Add contact | Send message When: 14 Dec 10 18:06 Welcome to the forum Q&A, apologies for being 5 minutes late. We will start to post answers to questions which have been emailed into us in advance. Customers who wish to ask further questions during this session can either respond in this thread, or email their questions to livechat@betfair.com. Among the Betfair representatives answering questions this evening are Andrew French (UK Community Manager) and Lee Cowles (Director of our UK business). No option for me to respond in that thread! Shame. I'll try and get the main question answered again as it doesn't even look like they've read the question!: Betfair Live Chat Date Joined: 07 Jun 00 Add contact | Send message When: 14 Dec 10 18:13 Please can we have an "Exposure limit" at market/selection level not just full account? This would be a fantastic extra as many of us will rarely place a bet above a certain amount. If someone hacks your account, they will likely try and transfer your money in several ways (to be explained below) one of which is to place a bet with the hacked funds and lay it off with their other account. This I assume would be done with highly liquid events i.e., an important football match where it is nigh on impossible to see where it would have been transferred. By having a bet exposure limit, the criminal would have to place numerous bets in order to "transfer" funds. This could prevent losing the whole bank immediately with the chance of noticing the hack earlier. Also, it may be possible for betfair security to whittle down the possible criminals (all users betting in same events). This option would also have another massive improvement as it could help protect clients against spelling mistakes i.e., backing for £1000 when you meant £100 could be avoided if client had say a limit of £500 defined! We currently offer Loss Limits on our Arcade & Quick Play and Poker products, and there is also transfer limits functionality available on our Exchange Games and Casino products. |
|
By:
Email sent as below:
Hi Andrew, Lee, I sent the following question for which you have replied (I quote below) Please can we have an "Exposure limit" at market/selection level not just full account? This would be a fantastic extra as many of us will rarely place a bet above a certain amount. If someone hacks your account, they will likely try and transfer your money in several ways (to be explained below) one of which is to place a bet with the hacked funds and lay it off with their other account. This I assume would be done with highly liquid events i.e., an important football match where it is nigh on impossible to see where it would have been transferred. By having a bet exposure limit, the criminal would have to place numerous bets in order to "transfer" funds. This could prevent losing the whole bank immediately with the chance of noticing the hack earlier. Also, it may be possible for betfair security to whittle down the possible criminals (all users betting in same events). This option would also have another massive improvement as it could help protect clients against spelling mistakes i.e., backing for £1000 when you meant £100 could be avoided if client had say a limit of £500 defined! We currently offer Loss Limits on our Arcade & Quick Play and Poker products, and there is also transfer limits functionality available on our Exchange Games and Casino products. Please can you re-read the question as I don't think you understood what I was getting at? This is to do with possible fraud via the sports exchange - nothing to do with loss limits on any of the other betfair products . Many kind regards Getafix P.S. - we can't reply directly to the thread as stated in your opening post: Welcome to the forum Q&A, apologies for being 5 minutes late. We will start to post answers to questions which have been emailed into us in advance. Customers who wish to ask further questions during this session can either respond in this thread, or email their questions to livechat@betfair.com. Among the Betfair representatives answering questions this evening are Andrew French (UK Community Manager) and Lee Cowles (Director of our UK business). |