13 July 2012
Whenever a new penny auction site pops up, it seems that there are hundreds of forum members who flock to the site and sign up, many sight - unseen! Some may read the terms and conditions, other go as far as the how it works, but I'll bet that rarely does anyone question the site's software and security. In this day and age, there are so many cases of identity theft, that you would think people who spend hundreds or thousands of dollar on penny auctions might take their personal security more seriously.
Over the last three years, there have been several occurrences of players who have lost hundreds of dollars in Amazon Credit, Bank Withdrawals, etc because they quickly and sometimes anxiously gave out their personal information to a new Penny Auction site. There have been some sites that have shut down and sold their member's list to mass marketers and spammers for the email, but what else did they get in those files.
Many sites at a minimum request or require that you give your full First Name, Last Name, Address, and Date of Birth, and Email to them. Then the ask you to register and fill in password fields. Now most of this information is all well and good. After all, they need your address to ship you stuff, and verify that duplicate accounts don't exist (if rules stipulate that). How many of these sites utilize your birth-date when you call or submit a support ticket? Is it necessary? Can an unscrupulous site owner have enough information to steal your identity.
How about passwords? Does the site employ software which encrypts the password to the point where they are unable to determine it. IT SHOULD! Say you forget to keep your password on a site different from Amazon, or PayPal where you may store large balance of gift cards or cash. Having your email and password is all it takes to wipe out those accounts.
Always ask the new penny auction website if their software employs Hashed MD-5 Password encryption or better. If they don't know or say "NO", don't spend your money with them.
Make sure the Email you have on file with Penny Auction website is not the same as that of PayPal or Amazon, Facebook or other payment gateways. Always protect password integrity by using different ones on all those sites. Gmail, Hotmail, and such can be insecure mail clients to use and once someone has breached one account, say Facebook; chances are they will get to your others.
Have an algorithm of using the same birthday among sites, but one that is not your own. Maybe change the Month or Day, or Year by one increment. So instead of 10/12/1990, maybe 10/12/1991. If they try to used it on a credit app, or something, and it doesn't go through, most likely they'll think it's bogus and wouldn't try too hard to figure out what it is. You will know what that answer will be when a Penny Auction may ask for it as a security question.
Make copies of the site's WhoIs domain registration infomation. You can get this via GoDaddy, by looking up the domain in the search, and when it says that it's taken, click the "More Info". Although this information may be bogus, or hidden behind Domain Privacy, It's worth taking a look and keep the information in a file in case the site shuts down.
This may sound like a scary talk or that penny auctions cannot be a trusted source of entertainment and shopping, but really this good information for any e-commerce site you visit and spend you money. It doesn't hurt to do your homework, protect yourself, your money and/or assets.
Penny Auctions are a form of Shopping. Make sure your personal information isn't something someone else is shoppping for.