General Betting
There is currently 1 person viewing this thread.
02 Jun 11
17:54
Joined:
Date Joined:
10 Jan 02
In response to customer feedback asking for clarity on key aspects of our service we are making a series of commitments. We conducted research in five different countries and Betfair’s Customer Commitment now includes 14 pledges across five key areas: protection for customers and their data; integrity in sport; customer service; clear communication; and the reliability of Betfair’s products and services.
What about integrity in betfair?
What about integrity in betfair?
sort by:
Show
per page
Replies: 41
|
By:
do we get to vote who should be the first customer they commit?
I nominate feck. |
|
By:
about 5 years too late
+ actions speak louder than words imo |
|
By:
about 10 years to late, the slide in shares maybe have something to do with it, but the damage was done years ago when they just fkd everyone off,crashes cost punters fortunes and all they did was send a weak email when you complained
|
|
By:
it reads like yet more Management Consultant guff that shows they don't actually understand what their customers want.
Simple things like getting the Rugby live on Sky turned in-play when it kicks off...not having it auto-suspend and then lock for 10 mins... |
|
By:
Betfair forum chat - December 2010
Protecting clients funds - 6 months on and do we have "protection requested by users"? Betfair Live Chat 14 Dec 10 18:20 Joined: 07 Jun 00 | Topic/replies: 124 | Blogger: Betfair Live Chat's blog Please can we have a tighter login to the website, i.e., what banks use i.e., select letters from a memorable word/password from drop down boxes - this makes it more difficult for keyloggers to pick this info up. Our security team are currently evaluating a number of different authentication options to roll out next year to provide additional protection as requested by our users. This suggestion will be incorporated into that analysis and evaluation. As someone said, words are ok, but actions count. |
|
By:
There are a lot of things they could do to better engage with their customers.
Example is a top 10 new/improved feature list people get to vote on. They could even put up a market on which feature wins. |
|
By:
Protection for customers and data
Does that mean they'll be taking front running seriously? |
|
By:
hazel has pointed something out.
The Sony hack is in the headlines. Recently, I had an email account hacked. No idea how since my surfing habits are to trusted sites. They got into a gmail account that gmail shut down after they sent out something with an attachment to a couple of people on my mailing list. What was interesting is they then tried to hack into one of my other accounts (had my first name in gmail AND this address). When I spoke to my tech, they tried 300 permutations of my gmail password in just over 6 minutes. I know how different, unrelated passwords for every site I have, half an A4 near by if I need to remember any. What betfair need to admit is they are holding "balances" that can be 'transferred' in a blink on a bet. Upgrading security can be done in a blink if they wanted to. |
|
By:
Another obvious one would be allowing you to specify countries whose IP is allowed to use your account.
Someone might have said they USED to have this and dropped it? If you on holiday etc find yourself blocked they could allow enabling via a second password or something, that sends out an email to you that needs OKed or similar. |
|
By:
Talking of a "holding balance" another nice security measure would be a separate internal "wallet" with a second password that you can instantly transfer funds in and out of, so you can hold money there you aren't using, knowing a bad guy need to soemhow get both passwords to access a penny of it. This would be a useful measure, give you piece of mind, and be simple to do surely? Thoughts?
I know other sites can have dual level passwords depending on what you're doing, it's not unusual. |
|
By:
An internal security wallet would also double as a way of preventing costly mistakes due to mistyping etc etc.
Actually more I think about it .. a good idea? It helps solve two problems with one simple measure? |
|
By:
Betfair don't care about our account security. They may publish these vague ethereal 'commitments' but they should be measured by their actions. And Betfair have done nothing to increase account protection. They even removed the country lockout feature, so actually our accounts are less secure than they used to be.
The internal security wallet sounds like a good idea IMO. There's practically no chance that it will happen though. And the site is still insecure when used on a public network. Other websites that have money at risk use SSL (i.e. a secure connection to the website). Betfair don't. Why not? Because it doesn't matter to them. It's not *their* money at risk. |
|
By:
If BF is so insecure, wouldn't it have been hacked to smithereens by now ?
All those juicy big balances just waiting there to be played around with. Surely BF is not under the radar of the hacker community ? PS I'm not a techie, so this is not a sarcastic post in any form or manner. |
|
By:
It wouldn't cost a great deal to set up a log in code via text message i.e. you sign in as normal but have the option of having a 4 digit pin sent to your mobile phone, which you then enter in the website box.
|
|
By:
What if you don't have a mobile phone ?
|
|
By:
As others have said, they couldn't give a toss about security, people (including me) have been asking them for years to restrict countries which can access your account by ip, yet they refuse to implement such a simple measure - why? Maybe it needs someone who loses a load to sue them for negligence, then, just maybe, they might do something!
|
|
By:
I repeat my query.
Has there been any reported case(s) of serious hacking into BF accounts ? If so, what happened exactly and what was BF's response ? |
|
By:
There have been some posts about this happening FAFH, though of course it is difficult to verify.
It appears that it is at Betfair's discretion whether you get your money back if someone is able to take your money. There have been people claiming they got refunded by bf, and people saying they didn't. I'd quite happily pay 0.1% of my average balance on a yearly basis if someone was willing to insure. |
|
By:
I suppose the hard part is proving you were hacked as opposed to stupidly or deliberately exposing your password to others .
|
|
By:
It may well be hard to prove whether or not a customer is negligent with regards to security, but it would be very easy to prove that betfair is.
|
|
By:
I repeat turtleshead.
On what evidence do you base this opinion. Or are you just predicting what you think is some sort of inevitable apocalypse ?. |
|
By:
I've already said, the fact that anyone can use your account from a country you've never been to without it flagging up anything at betfair towers, like it would with a bank, for example. Anyone who can't see this as negligence is clueless, to put it bluntly.
|
|
By:
Yeah I suppose that is pretty blunt.
But as I am really clueless on technical matters, I ask whether or not any reasonably competent hacker could be expected to be able to disguise his IP address and, if so, what would be the point of BF implementing this type of superficial check ? Just cosmetics ? |
|
By:
Okay then, how about simply restricting your ip to the one from your normal computer unless you specify otherwise?
|
|
By:
I don't know.
I just assume that hackers, being what they are, could get around any and all such obvious type basic restrictions. Hackers can't transfer your monies out of your account can they ? They can only make losing bets, offset by gains elswhere. Correct ? Presumably that makes the whole exercise trackable by BF to a large degree, and thus not worth doing by the hackers. Again, please correct me, if I'm getting all this wrong due to my lack of technical computer knowledge. |
|
By:
They could provide the option of disabling certain features - like adding and removing cards, choosing which countries you can log in from, and limiting login to a certain ip. And how about email alerts sent notifying of key events like login, withdrawal, failed login, etc - like facebook does.
|
|
By:
Catfloppo
Couldn't any competent hacker also just play around at will with these disabling features also.? |
|
By:
Isn't the key protection that hackers can simply transfer monies out of your account.?
They have to place bets with it in some form or manner. And if you can quite clearly prove that these bets are way outside of your normal, regular modus operandi, then BF will presumably listen to you and protect you accordingly. Or am I being extremely naive on this ? |
|
By:
" -- hackers can't simply transfer ---"
|
|
By:
seems to me that once your balance gets up to a certain level, they should offer you some kind of optional hardware solution in addition to your password.
some kind of USB dongle would surely be easy to implement, and I can't imagine anyone with a 10K+ account to protect moaning at being asked to pay a tenner or so for it. |
|
By:
FAFH
I wouldn't propose them as configurable online for that very reason. I would be very happy to go through the helpdesk each time I wanted to add or remove a card in exchange for the safety of knowing someone can't hack into my account, add their own card and withdraw my money. I am aware that betfair have procedures in place to prevent this from happening but I haven't changed my card details for 6 years and it seems daft to have the facility permanently enabled. Same with the ip addresses, if someone only ever logs in from one place why not allow them to specify this? Another possibility is to issue a security code via email each time we login. The code has to be entered in addition to the password in order to authenticate. I'm sure most users would find this too fussy, but I would use it. Again it could be optional. |
|
By:
FAFH
Betfair offer no protection or guarantees against obvious betting mistakes, e.g. backing something pre-race at 1.01. If you tried phoning the helpdesk to cancel such a dumb error, you would have no luck. So you aren't going to fare much better if you phone up and claimed someone else placed those bets instead of you. Betfair would blame you or would allege you had given away the password to your account. If someone eavesdrops on your connection to Betfair, they can place bets using your account without needing to discover your password. They could then just maliciously place rubbish bets, or steal your money by ensuring they match these bets with one of their own accounts. There is nothing you can do to stop this, because Betfair's website is not secure. |
|
By:
catflappo,
Having extra security for the login to Betfair's site doesn't solve the problem. Once you are logged in, you communicate with Betfair through a non-secure, unencrypted web page. When you place a bet, the command, together with Betfair's cookies which show you are logged in, are sent over this connection. Anyone using a computer on the same wireless network, or any computer between you and Betfair's servers can listen in and grab these cookies. They can then pretend to be you and place bets as if they were you. It is the same security weakness that many other popular sites had (Facebook, Twitter, GMail etc) and the proper fix is for the service to offer a completely secure and encrypted website. Unfortunately, while Betfair acknowledge the problem, they don't seem to care and don't seem interested in fixing it. |
|
By:
My suggestions would not solve that particular problem but would make me happier as I believe I am more prone to attack by people logging into my account than those managing to trap network traffic and placing spurious bets. I am no expert on the matter but I thought my wireless network was itself encrypted?
|
|
By:
The wireless network problem is for free, open WIFI, if your own network is protected then that's fine. (Still, all the computers between you, your ISP and Betfair can still listen in on the connection).
Extra login security still makes sense, your idea would be useful. Google have a similar system where they will text your phone with a security code when you want to log in. |
|
By:
Yes so do logmein which is where I got the idea from (just in case anyone is under the illusion that I cleverly thought of it myself ;) )
|
|
By:
Would your suggestion impact on the site's performance, Mr Magoo?
|
|
By:
It should have no real impact on performance, other sites that have switched claim that they needed no new hardware. Betfair's performance problems already come from other issues :)
|
|
By:
If Betfair do eventually deign to improve their site, all I ask is that they don't use the same people who built this new forum...
|