# TTOC SCAMMER?



## Gazzer

As the ttoc are seen as taking fast track still to for sale section, who is liable if one of those fast trackers scams a TTFMember or even a ttoc member? I assume some insurance plan is in place to cover this event :?


----------



## Spandex

Gazzer said:


> As the ttoc are seen as taking fast track still to for sale section, who is liable if one of those fast trackers scams a TTFMember or even a ttoc member? I assume some insurance plan is in place to cover this event :?


Why would the TTOC be liable? They're not making any claims about preventing scammers.

If someone posts enough to gain access to the marketplace then scams someone, do you think the TTF should be liable?


----------



## Hoggy

Gazzer said:


> As the ttoc are seen as taking fast track still to for sale section, who is liable if one of those fast trackers scams a TTFMember or even a ttoc member? I assume some insurance plan is in place to cover this event :?


Hi Gazz, No difference to how it's always been, TTOC will still have the finacial & address info, if the Police have to be involved. Still safer than a TTF member having M/P access after having the required number of posts.
As always Buyer Beware & take notice of info in the For Sale section.
Hoggy.


----------



## jamman

Edited - Because just can't be bothered :wink:


----------



## Nem

Hoggy said:


> Gazzer said:
> 
> 
> 
> As the ttoc are seen as taking fast track still to for sale section, who is liable if one of those fast trackers scams a TTFMember or even a ttoc member? I assume some insurance plan is in place to cover this event :?
> 
> 
> 
> Hi Gazz, No difference to how it's always been, TTOC will still have the finacial & address info, if the Police have to be involved. Still safer than a TTF member having M/P access after having the required number of posts.
> As always Buyer Beware & take notice of info in the For Sale section.
> Hoggy.
Click to expand...

Just a shame you are giving access then without any check on actual membership making a mockery of the entire process.


----------



## Gazzer

sorry i was dead tired last night and it didnt come out how i meant it to. my thought pattern was regarding hoggy james and brian doing this new task.....are they covered in the event of a scammer.......however this has been answered via some pm's received.
i havn't seen the ttoc forum....so how comes andrew is no longer doing them anyway?


----------



## Spandex

Nem said:


> Just a shame you are giving access then without any check on actual membership making a mockery of the entire process.


So, what is this TTOC decision which has changed how it's done? As it impacts the TTF as well, I'm surprised it's not been announced on here already.


----------



## Hoggy

Nem said:


> Just a shame you are giving access then without any check on actual membership making a mockery of the entire process.


Hi Nem, Once they have paid their TTOC membership fee & been Emailed their TTOC Membership number.
They produce their TTOC Banner with valid number which means they are a TTOC member, I can then give them access to M/P & PMs. No real change & safer than getting access on required number of posts.
Hoggy.


----------



## Nem

Is this signature valid?










Yes, but it's not my membership number, but what has stopped me displaying it? Nothing, but it's generated using the correct code with a valid membership number in it.

What about this signature?










Again not my number, and also not even any script to generate it. Simply right clicked another members signature and saved it, then displayed it here.

So,

A user buys a membership, gets their confirmation email with membership number, adds their signature to their profile and post on here = you grant immediate access to the Marketplace and PM's.

What if they don't buy a membership, but simply copy either method above and then post in this thread. How do *YOU* know the difference? Well if it's an image with no script powering it you can see *IF* you are actually looking at the users profile and checking but I'm thinking you are not. If they have posted a scripted sig with a valid membership number there is *NO WAY* you can tell and you will simply grant access to someone who is not a member.

The TTOC *DID NOT* ask for this method, the forum administrators have devised it. We now have two members who were going to be doing this task ongoing but the forum administration decided it was too much of a risk letting two very well known members on here have access to the users details in the forum admin panel. Instead they have devised a method with a huge security hole in it instead, while at the same time making the need to be in the TTOC group totally irrelevant.


----------



## Hoggy

Hi Nem, I/We realised that risk was there, but with abit of commonsense it's not that difficult to find out if the number is valid.
I only wish to help, not cause probs, if the TTF decided the risk is too great, then they will change the procedure.
Your post will only make the procedure less secure, but perhaps that is what you want.  :? 
Hoggy.


----------



## Nem

That's fine and we appreciate that, but what I don't understand is why there should be any risk at all?

The access should depend solely on being in the TTOC group, and the TTOC group should depend solely on having the signature displayed and checked by a TTOC official.

Bypassing that process and just granting access on displaying a signature is not the way forward.

What happens is this process fails and a scammer does get access and rips someone off? Who's going to be to blame? As I'll bet the TTOC takes the brunt of it as it's our security of having membership details stored which gives this extra benefit. Or are you going to be personally liable as it was your sole decision of granting access?

This is all wrong.



Hoggy said:


> Your post will only make the procedure less secure, but perhaps that is what you want.  :?
> Hoggy.


My post shouldn't change anything if the membership checks were being made before access was just granted.


----------



## Hoggy

Hi Nem, Perhaps the TTOC members system should be made more secure, so that the members name is tied to the membership number, more secure & less work for the TTOC committee.
Hoggy.


----------



## Nem

So you've implemented a flawed system yet we need to improve our methods.

Yeah, good one.


----------



## Spandex

The more I see stuff like this, the more I wonder why the TTF bothers maintaining this kind of relationship with the TTOC. It has a non-existent impact on security (no scammer will pay to join the TTOC - they'll either achieve the required post count, or not bother at all) so the only people who benefit are TTOC members (who get fastracked access to premium TTF features) and the TTOC itself, who get a revenue share of advertising and possibly a small increase in memberships due to the value added by the fastracking.

I honestly can't see any benefit to the forum. The fact that the TTOC has the gall to actually complain about it is outrageous. If they had any sense, they'd be keeping their head down whilst they milked this for as long as possible.


----------



## John-H

There has been no announcement on TTF because there should have been no effective change to the TTF market place policy, only who was implementing it.

There were votes decided at the TTOC AGM which brought about changes in roles. The two votes put forward *by the committee* for approval by the TTOC membership were *(a) that no TTOC committee member should hold an administrative position on TT Forum* and *(b) The fast track access to the TT Forum market place for new TTOC members should be withdrawn.* The first motion was passed by members but the second was not.

This meant that Andrew could no longer administrate TTOC group memberships on TTF and so Brian and James volunteered (non committee) to do this. TTOC group control could be provided in isolation but in order to remove new members from the "newly registered members" group and thereby remove the new member restrictions, control of all groups including administrators and moderators unavoidably needed to be provided as well as the ability to create and edit accounts and permissions and access to personal information, which needs to be restricted.

As the TTOC committee is no longer administering the TTF it was therefore decided to split the role and simplify the arrangements - Brian and James administer the TTOC group directly (plus any other volunteers the club wants to include) and Hoggy being part of the TTF admin/moderator team administers the New member group.

So this way the TTOC can add members to the TTOC group under the club's control and the TTF maintains forum and member security and provides access to its own PM system and market place, under its control, in keeping with the original agreement Jae made for supporting the club and benefiting the TTF market place. This simplifies things for both club and forum and provides a way of working together for continued mutual benefit.

When a sig strip appears the club can verify by adding the same member to the TTOC group and at the same time Hoggy can add access to the market place. It really isn't that hard. It becomes hard when the committee tell their voluntiers to stop adding members to the group and use bogus account posts and spurious arguments to try and pick holes in a system meant to provide mutual support for both club and forum members. Anyone would think they didn't want it to work.

The restrictions to new members as a fraud prevention measure is only simple risk management. It's designed to put off casual scammers by providing a hurdle that they don't have to jump if they went elsewhere. A determined fraudster can still buy TTOC membership or bide their time posting and getting known, so there's no guarantee or any point in being pedantic about it - it just puts off casual scammers, benefits the market place and benefits the club.


----------



## Nem

But you agree though that there is a major security flaw in this new process?


----------



## John-H

No, and especially not if you do your bit and add members to the group - come on play ball it's not that hard - your own members voted to keep the fast track in place despite you wanting to remove it so really thier wishes should be respected.


----------



## Nem

But Hoggy is giving people access before they are in the TTOC group on the strength of an image in a signature.

We are sorting out a secure membership checker which Brittan and Jaman can use, but it's not that which is the issue.


----------



## Hoggy

Hi, Perhaps if the TTF doesn't inform new members about the TTOC membership fast access to the TTF M/P & PMs, there will be alot less new TTOC members & the risk will be substantially reduced.
Hoggy.


----------



## Hoggy

Nem said:


> But Hoggy is giving people access before they are in the TTOC group on the strength of an image in a signature.
> 
> We are sorting out a secure membership checker which Brittan and Jaman can use, but it's not that which is the issue.


Hi, If you really wanted to help, I'm sure tying the members name to the membership number would be quite simple.
Hoggy.


----------



## Nem

Christ, and to think I was being accused of trying to split the TTOC from the TTF! :roll:


----------



## Spandex

John-H said:


> The restrictions to new members as a fraud prevention measure is only simple risk management. It's designed to put off casual scammers by providing a hurdle that they don't have to jump if they went elsewhere. A determined fraudster can still buy TTOC membership or bide their time posting and getting known, so there's no guarantee or any point in being pedantic about it - it just puts off casual scammers, benefits the market place and benefits the club.


A determined fraudster won't buy TTOC membership. There is no point when there is a more simple (if marginally more time consuming) method which doesn't require them to hand over personal info as part of a payment. There's no point placing a security guard by an upstairs window when the front door is open. I think we should stop perpetuating the myth that TTOC fast tracking is a security measure.

The only problem is, once you accept that, you have to ask what purpose it really serves the forum.


----------



## Nem

Hoggy said:


> Nem said:
> 
> 
> 
> But Hoggy is giving people access before they are in the TTOC group on the strength of an image in a signature.
> 
> We are sorting out a secure membership checker which Brittan and Jaman can use, but it's not that which is the issue.
> 
> 
> 
> Hi, If you really wanted to help, I'm sure tying the members name to the membership number would be quite simple.
> Hoggy.
Click to expand...

But I'm not sure how that would help? It doesn't stop someone simply saving the image, or even looking at the code and copying it.

Look, there has to be a better way of doing this. We've got two people who are more than willing to help, we have a system 90% ready for them to be able to check a membership number and surname to check for a valid membership so from our end we're doing everything we can. It's just that the TTF has devised your end to bypass the check.

A simple solution has to be here somewhere.


----------



## Hoggy

Hi, I quite capable of looking at the "elements" of the Sig, before granting access. :? 
If the name & number are tied together, then even easier.
My discussion on this subject finished.
Hoggy.


----------



## John-H

The chances of a sig strip that a member displays from Andrew turning out to be fake is pretty unlikely but ithe whole thing about the market place access is only meant to shift the probabiliy to make it less likely that a casual scammer can be bothered to gain access. Given that there are no hard guarantees about how people turn out down the line it seems good enough a presumption especially when the TTOC can always point out any errors and I did ask for verification info to be supplied to Hoggy only this was refused but if the TTOC add members to the group straight away then it's presumably verified anyway.

If you want to wait to sort your end of things out a bit better then we could wait too but you might get new members complaining in the mean time. How long would you want to wait and can you not verify things manually for now?


----------



## Gazzer

jesus effin christ.......ttoc want new members and the membership said no to removing fast track!!! so what is the problem??? Hoggy has put his hand up and said yes i will help.....james and brian have also said the same. so work together admins to find a solution that is beneficial to both sides and stop the open air bitching and move along as it really is boring now.


----------



## Bartsimpsonhead

Spandex said:


> John-H said:
> 
> 
> 
> The restrictions to new members as a fraud prevention measure is only simple risk management. It's designed to put off casual scammers by providing a hurdle that they don't have to jump if they went elsewhere. A determined fraudster can still buy TTOC membership or bide their time posting and getting known, so there's no guarantee or any point in being pedantic about it - it just puts off casual scammers, benefits the market place and benefits the club.
> 
> 
> 
> A determined fraudster won't buy TTOC membership. There is no point when there is a more simple (if marginally more time consuming) method which doesn't require them to hand over personal info as part of a payment. There's no point placing a security guard by an upstairs window when the front door is open. I think we should stop perpetuating the myth that TTOC fast tracking is a security measure.
> 
> The only problem is, once you accept that, you have to ask what purpose it really serves the forum.
Click to expand...

Case in point?
viewtopic.php?f=31&t=139615
(Towards the bottom)


----------



## John-H

I did hear of a "determined" fraudster buying a club (not TTOC) membership with the deliberate intention of becoming trusted for the cost of membership, then ripping members off for thousands (club fees were a small overhead to his operation). Police were informed but the address was just a mail box and no trace could be made. There will always be "determined" fraudsters who can be very clever and convincing and there's no simple way of stopping this.

With a payment trail and member details on file these are available to the police in the event of fraud. Ok these details could be fake but the vast majority will be genuine and if ever anyone should be tempted into crime at a later date (people do change) then this information being on file will still be useful to both deter and trace.

Jae saw TTOC members as more trusted for that reason (compared to a TTF member's email address) and allowing them market place access immediately brought keen new TT owners into the market place and improved it as a market place. It was also a benefit to being a club member. Jae saw it as a win win scenario helping the TTF market and TTOC recruitment.

At the same time, and following member demands for the forum to do something, a restriction was imposed on new forum members who now initially have PM and market place access denied. This is only meant to deter "casual" scammers. The problem previously was that anyone could join and instantly get access to private messages and go looking for a victim with a need and then play a confidence trick. Now they have to post and bide their time to gain the same access level and there will be easier pickings elsewhere so hopefully they don't bother - it's simply meant to filter out "casual" scammers. It has no effect on "determined" scammers. Casual fraud has been certainly been reduced by this measure.

These are just measures to make fraud more difficult and therefore less likely. It's not a guarantee it only shifts the balance of probability. People should still be wary on line as the "determined" fraudster can always find ways round any measure - but the fact that you can still get them does not justify removing all restrictions and making the community "easy pickings".


----------



## Spandex

Sure, TTOC members can be seen as 'more trusted' due to the personal info they've handed over, but that's missing the point. Making life easier for 'more trusted' members doesn't increase security - it's just a benefit for TTOC members and by association, the TTOC as an organisation.

Also, as you've pointed out in your example, a determined scammer won't hand over their genuine personal info even if they do buy TTOC membership, so again, security isn't increased (in fact it's decreased, as you've given them a means to look 'more trusted' to potential victims).

I have no problem with the fast tracking service, as it doesn't really impact the forum in any way, but I do think it's completely illogical to claim it increases security or has any benefit to the TTF. The TTOC and it's members are the only ones who gain from it. Paying them revenue share on top of that seems a bit bonkers though.

<edit> Whilst it's easy to link the post-limit with a reduction in casual fraudsters, I would defy anyone to explain how the fast-tracking has any connection to this. The fast tracking is a means of *bypassing *a security restriction (in a hopefully secure fashion) - it is not a security restriction itself.


----------



## Mark Davies

Spandex, you're arguing that because someone can smash a window to break into your house then you may as well just leave your front door wide open because locking your door doesn't guarantee security, so why bother? It's a completely fascile and ridiculous line of argument. *Of course* the current arrangements can only help to reduce the risk of fraud - any idiot can appreciate that. It's never been about eliminating risk - just trying to manage it.


----------



## Spandex

Mark Davies said:


> Spandex, you're arguing that because someone can smash a window to break into your house then you may as well just leave your front door wide open because locking your door doesn't guarantee security, so why bother? It's a completely fascile and ridiculous line of argument. *Of course* the current arrangements can only help to reduce the risk of fraud - any idiot can appreciate that. It's never been about eliminating risk - just trying to manage it.


Sweet Jesus. That analogy has nothing to do with what I'm saying. If that's what you understood from this, no wonder you're confused.

Please explain how the *fast track* increases security.

<edit> And just to be clear, as you've managed to miss the point so far, I'm asking how it increases security compared with having *no* fast track, whilst keeping the post limit in place.


----------



## John-H

Spandex, I think your strict point is that although TTOC members are more trusted by virtue of their personal details on file, the fast track access, in itself, does not improve security - it's the fact that a club member has details on file that makes them more trusted and the speed at which they gain market place access does not alter security. I'd agree with that strict point.

I would say that having TTOC members in the market place does benefit the market place however just by getting keen people in quick to do business with. Ok, the speed of it is not a security improvement just a market place improvement and a convenience to the TTOC members. That's Jae's win win and the speed at which they enter justified on the basis of trust.

Where it actually would improve security is if someone is encouraged to join the TTOC who would otherwise not bother. The contrast is that they become more trusted due to their details on file and that would be a security improvement in the overall balance of probability for the market.

Your argument that making them seem trustworthy reduces security, given that they could be running a clever scam and don't mind losing a few quid to get the ball rolling, is a possibility. I'd think it was likely rare and it would only be worth doing if the returns were high before they got found out. I think anyone would/should still be suspicious of even a new TTOC member nobody knows suddenly dealing with desireable high value items and asking to be paid PayPal gift or bank transfer or running a group buy with payment up front. Commoon sense comes into play hopefully that one doesn't put too much faith in something which is only "probably" more likely to be safe.

As stated, restrictions to new members is all about shifting the balance of probability in order to mitigate the risk and the fast track an acknowledgement that some have already provided their own extra security reassurance, which is then coupled with convenience, improvement and mutual benefit. Nothing is perfect and there are no absolute guarantees but it seems on the whole helpful.


----------



## Spandex

To use an analogy, the TTOC fast track doesn't secure an existing door, it creates a *new door* then puts a security guard on it. The old door is still there and it's still the easiest way in.

I also disagree that persuading people to join who would normally not bother increases security. Scams serious enough to warrant Police involvement (and therefore make use of TTOC members personal details) are ones carried out en mass by determined fraudsters. These are not the people who are signing up to the TTOC (with genuine details).

As I've said, I don't care if the fast track is there or not, but we should understand what it does in the context of security and also who is actually benefiting from it. When you look at the actual benefit to those selling items in the marketplace, I think it's negligible. As a percentage of potential buyers, the people without access to the M/P is going to be tiny compared to the percentage with access. Factor in the number of those without access who will actually join the TTOC and the percentage gets even smaller.

So, back to my original point, it's in the TTOCs interest to make this system work, as they are the only ones really benefiting from it. It's ridiculous that they would actually complain that the TTF isn't doing enough to make the system work the way they want it to.


----------



## Gazzer

Spandex said:


> To use an analogy, the TTOC fast track doesn't secure an existing door, it creates a *new door* then puts a security guard on it. The old door is still there and it's still the easiest way in.
> 
> I also disagree that persuading people to join who would normally not bother increases security. Scams serious enough to warrant Police involvement (and therefore make use of TTOC members personal details) are ones carried out en mass by determined fraudsters. These are not the people who are signing up to the TTOC (with genuine details).
> 
> As I've said, I don't care if the fast track is there or not, but we should understand what it does in the context of security and also who is actually benefiting from it. When you look at the actual benefit to those selling items in the marketplace, I think it's negligible. As a percentage of potential buyers, the people without access to the M/P is going to be tiny compared to the percentage with access. Factor in the number of those without access who will actually join the TTOC and the percentage gets even smaller.
> 
> So, back to my original point, it's in the TTOCs interest to make this system work, as they are the only ones really benefiting from it. It's ridiculous that they would actually complain that the TTF isn't doing enough to make the system work the way they want it to.


I agree spandy, but....if a scammer is from the ttoc group who will the scammed come to for help and support? As they were scammed on the ttf not ttoc site's own for sale section. So the ttoc benefit from new membership and if scammed it isn't they that have to waste time dealing with it is it in reality. ( win win for ttoc)


----------



## John-H

Spandex said:


> To use an analogy, the TTOC fast track doesn't secure an existing door, it creates a *new door* then puts a security guard on it. The old door is still there and it's still the easiest way in.
> 
> I also disagree that persuading people to join who would normally not bother increases security. Scams serious enough to warrant Police involvement (and therefore make use of TTOC members personal details) are ones carried out en mass by determined fraudsters. These are not the people who are signing up to the TTOC (with genuine details).
> 
> As I've said, I don't care if the fast track is there or not, but we should understand what it does in the context of security and also who is actually benefiting from it. When you look at the actual benefit to those selling items in the marketplace, I think it's negligible. As a percentage of potential buyers, the people without access to the M/P is going to be tiny compared to the percentage with access. Factor in the number of those without access who will actually join the TTOC and the percentage gets even smaller.
> 
> So, back to my original point, it's in the TTOCs interest to make this system work, as they are the only ones really benefiting from it. It's ridiculous that they would actually complain that the TTF isn't doing enough to make the system work the way they want it to.


I suppose it's a debatable point that the proportion of TTOC members making up the market place is not the majority. Some may feel safer dealing with them but you can offset that with those non TTOC who have a long history on here also being trusted so the overall effect may not be huge.

There have been TTOC members who have turned rogue and become involved with the police eventually and the forum has helped to resolve the situation. Not all "scams" are deliberate either. The vast majority we deal with are just an unfortunate situation that has got out of hand and some dialogue and persuasion is all that's needed. It can get more involved however.

Your last 'original' point is a good observation



Gazzer said:


> I agree spandy, but....if a scammer is from the ttoc group who will the scammed come to for help and support? As they were scammed on the ttf not ttoc site's own for sale section. So the ttoc benefit from new membership and if scammed it isn't they that have to waste time dealing with it is it in reality. ( win win for ttoc)


A good point Gary. I once had some good help from the club treasurer to set up an escrow service to refund someone overseas who had lost a sizeable amount of money. It worked and funds were returned. I later tried the same thing in another situation and was refused as it was "not the concern of the club". Even when I was an officer of the club I was refused member information to aid investigations despite clearing it with the DPA. Now I am not an officer of the club I quite rightly don't have access, so the only access would be by request of the police or court etc when things get serious. Thankfully we usually manage to get the information we need from forum members or a bit of sleuthing.


----------



## Gazzer

Then I would suggest that Sara as club secretary have a role within the TTF for just this purpose as a moderator perhaps? As her role is to oversee the smooth running of the club and her legal background would be perfect to ensure any problems that may arise are swiftly dealt with.


----------



## Ikon66

Gazzer said:


> Then I would suggest that Sara as club secretary have a role within the TTF for just this purpose as a moderator perhaps? As her role is to oversee the smooth running of the club and her legal background would be perfect to ensure any problems that may arise are swiftly dealt with.


But that would go against the TTOC rules as no committee member can be a moderator on the TTF :wink:


----------



## Gazzer

Ikon66 said:


> Gazzer said:
> 
> 
> 
> Then I would suggest that Sara as club secretary have a role within the TTF for just this purpose as a moderator perhaps? As her role is to oversee the smooth running of the club and her legal background would be perfect to ensure any problems that may arise are swiftly dealt with.
> 
> 
> 
> But that would go against the TTOC rules as no committee member can be a moderator on the TTF :wink:
Click to expand...

Ahh sozz forgot that Paul.....shot in the foot once again :roll:


----------



## Hoggy

Gazzer said:


> Ahh sozz forgot that Paul.....shot in the foot once again :roll:












not again. :lol: :lol:  :wink: 
Hoggy.


----------



## Gazzer

Hoggy said:


> Gazzer said:
> 
> 
> 
> Ahh sozz forgot that Paul.....shot in the foot once again :roll:
> 
> 
> 
> 
> 
> not again. :lol: :lol:  :wink:
> Hoggy.
Click to expand...

Behave Hoggers lol


----------

