January 18, 2009 — In his time as eBay’s vice president of global trust and safety, Matt Halprin used to hear from plenty of eBay members wondering why he or other company executives had apparently sent them e-mail flagging a problem with their account and asking them to re-register.
Halprin, now a rookie venture capitalist, said the actual problem was that cybercrime operations based in Romania or China were "spoofing" eBay’s identity, trying to trick some its 84.5 million members worldwide into giving up valuable data that would be turned into illicit profits.
Founded by Pierre Omidyar in 1995, eBay ranks as one of the great e-commerce success stories of the Internet revolution, facilitating about $80 billion worth of transactions in 2007. Starting with the first customer feedback system developed by Omidyar, efforts to ensure trust and security was paramount at eBay while the Web became rife with tech-savvy scamsters.
Six months ago, Halprin moved from eBay to Omidyar Network to lead a new initiative for the unorthodox philanthropic venture firm, wholly funded by Omidyar, still eBay’s chairman, and wife Pam. Perhaps best known for promoting microfinance in developing nations and grants to groups promoting human rights, Omidyar Network brought Halprin aboard as a partner to oversee its "media, markets and transparency" investments.
Halprin’s six years at eBay gave him an intimate perspective on the long-running battle between Internet scam artists and legitimate companies and legal authorities trying to combat so-called "social engineering" schemes. Some "phish" for private data and some place malware that criminals use to record and analyze computer key strokes. He recently met with the Mercury News to offer his perspective and advice on Internet security. The following is an edited transcript.
Q What should Internet users know about the perils of commerce over the Internet?
A The simplest answer is you have to behave online like you do offline. You have to have your wits about you and exercise good judgment. In the offline world, you wouldn’t walk into that dark alley when someone says, "Hey, I can sell you a purse for less than that store over there," because you’d recognize it was a dark alley. You wouldn’t buy from a stranger you’d just met without some cues that they have a reputation you can trust. And people get sucked in through greed, looking for a great deal. If a deal is too good to be true, it probably is.
Q As the Web evolves, where are you seeing possible scams?
A Facebook, I believe, is about to get a whole lot of social engineering scams. One of my colleagues’ wife in the last seven days had a request from one of her friends saying they were in the U.K., they had lost their wallet and they needed to get some money somehow because they were stuck.
Well, the (Facebook) account had been taken over. And how did they get that account in the first place? They probably just sent e-mails saying ‘Your Facebook account is about to be closed, and you’re going to lose all your contacts, if you don’t respond in 24 hours.’
Q Why are such scams an emphasis for Omidyar Network?
A We like technology platforms that enable lots of people to connect and do great things. If you give people the right tools and the right environment, we are huge believers people can do great things to improve their own lives. The power of individuals is great.
It’s not top-down government that should be doing things. Individuals, if you give them the right circumstances, can do a lot. Trust is a key enabler, a key piece of infrastructure for the Internet and therefore for all those organizations to do well. If there’s an absence of trust online, all these organizations we’re making investments in aren’t going to be as successful because people are going to fear using the Internet.
Online, we can’t see these people. We don’t know them. And even when we think we do, maybe we don’t because it’s someone purporting to be a personal friend on Facebook or a trading partner on eBay. More and more criminals are moving online to do their work. So we’re looking more for tools that will promote trust, whether they’re reputation-system-based, verification-system-based or better detection-system-based.
Q Omidyar Network is a kind of hybrid firm in how it backs both nonprofit and for-profit ventures. Can you explain its philosophy?
A I know Pierre, I know the way he thinks. He’s incredibly idealistic. His idealism is inspiring. But as idealistic and inspiring as he is, he’s also rather ruthless about making sure individual incentives and disincentives make sense. There’s a hard-core belief in market-based principles.
Q You’ve long been involved in Management Leadership for Tomorrow, an organization that helps minorities gain acceptance to business schools and corporate jobs. What impact will the election of Barack Obama as president have on this cause?
A It’s great. At MLT, we believe a great way to accomplish social change with respect to diversity in America is to have top leaders in business come from diverse backgrounds, because then young people would look up and see role models, and say, "If I work hard and set my mind to it, I can do that, too." So we look at it and say, "What better way to help America realize its vision to be a land of opportunity than to have Barack Obama as president."
