Monday, 12 March 2012

Following on about Betfairs Security

Just want to follow on from my post at the weekend and clear up a few other points that have been raised on some of forums and some other facts.

Firstly If Betfair are refunding victims using the trapped funds which were proven to be fraudulent  then of course I'm happy about that and I would like to hear some stories where this is the case. Others may have the opinion that trapped funds generated by their accounts are rightly theirs so I think this needs clearing up for a start. I do also understand why Betfair policy on fraud is in place and I can see why they can and probably will stand by it in the future. But one thing they can surely look at now is how to improve the security of the site and how to implement advanced safety measures for those who use the exchange regularly.

The Core of the problem is clearly security and how easy it appears to be for hackers to access other people accounts. I still have no idea how I got hacked. I keep my internet security as tight as possible and have only ever logged in from what I consider a very secure network. I do this for a living so security is one of the highest priorities for me but with Betfair there is only so much you can currently do to prevent this.

Going back to my particular situation and the foreseeable events that could have arisen.
Firstly you should know that my balance was left in its exact state it was in before it  was breached which to me suggests they wanted to slip back and have another free ride hoping that I wouldn’t notice in my settled bets page.
 I was lucky in that when they attempted to move the funds a trigger kicked in because the account used to match me must of been flagged by Betfairs fraud department.So Betfair aren’t blind to this kind of activity and do have measures in place which is a start. However, If this “flagging” didn’t happen I don’t think it would of been long before they were back in having another pop, being someone who understands probability pretty well too it would NOT have been long before my trading bank was cleaned out.
The harder part for these criminals I would imagine is getting funds out of the system once they have generated the profit on the victim’s behalf. I got lucky twice.

1. The hacker won
2. The other account was already flagged therefore triggering a block.

It all gets much worse when 1. Says “The hacker lost”,
This lost money goes to genuine punters and this is where Betfairs policy kicks in. Unless they decide to change this policy there can only be one solution which is to 


I also want to state that I don’t  like making this story public and don’t enjoy making Betfair look bad. My experience on the exchange has been life changing and I’m grateful of Betfairs exchange concept and platform but I feel it’s important people know what can happen and how they can prevent it happening to them. For a trader to lose his/her bank is absolutely devastating and even if it wasn’t their fault I can almost guarantee it would a have serious physiological impact on their future trading and confidence. I know personally that it would of been a big knock to lose my bank  especially when I know how safe I try to be with my personal details and Internet security.

Saturday, 10 March 2012

How FAIR is Betfairs policy on Fraud and Online Security and do they really refund customers that have lost out from Trapped Funds?

This is not something I really want to be talking about a few days before Cheltenham but this is extremely relevant as many traders will be increasing their bank size to match the increased volumes and opportunity that a big race festival brings. My story happened in the last 3 months and I can’t go into exact details but I'm sure you’ll get the idea. Once you've read it please take time to Please poll your vote on the top right of this page regarding the issue. Thanks.

Dear Sam,

Following an investigation into the activities on your account we have concluded that unauthorised access has been gained to your Betfair account. As such your account has been suspended and will remain so until further instructions on this matter are received from yourself.

If you wish to continue to use Betfair please choose one of the following options:

1. Change your password and ensure that you run appropriate anti-spyware, firewall and virus protection on your computer

2. Create a new account to which we can transfer any remaining funds and Betfair Points to your new account.

Betfair cannot accept liability for funds lost from your account under these circumstances. Under section 1 of our Account terms and conditions of use:

"You are solely responsible for the security and confidentiality of your account. In particular, you agree to keep your username, password and/or TAN strictly confidential and you are responsible for any misuse of your password and/or TAN. Provided that we have been correctly supplied with the account information requested, we are entitled to assume that offers and payments are made by you. You should change your password on a regular basis and never disclose it to any third party. You undertake to protect your username and password in the same way that you would in respect of your bank cards and any failure to do so shall be at your sole risk and expense. If another person accesses your account, you are solely responsible for all their actions whether or not their access was authorised by you and you hereby indemnify us and hold us harmless against all costs, claims, expenses and damages howsoever arising in connection with the use of or access to your account by any third party..


Investigations Team

So after changing my pants I call Betfair and prepare for the worst. 
The first thing I wanted to know was my current balance and I was so relieved to hear it was where it should have been. Next I wanted to know what kind of activity has caused the suspension of my account.
 It turns out someone was able to log into my account and make bets  exposing 50 % of my bank on American sports markets. To cut a long story short they generated profit of almost 50% (which should tell you the amount of risk involved) and dumped the winnings on a very short priced market that clearly had Fuck All liquidity. They were almost certainly the account on the other side trying to take the “Free money” they had just generated whilst risking my hard earned cash. 

The account suspension kicked in because the other account that they tried to match “my bets” with was.....  And I quote: “Already under investigation” 

Ok great thanks Betfair so where has this “dumped” money gone because its not back in my account? If I would have lost from this activity would I be refunded?

They got back to me  with a phone number and summed up our discussion with a follow up email along the lines of  "As per our  conversation tonight, we have answered all your questions.  We can confirm the funds trapped in the fraudulent account who compromise your account, were used to compensate two other victims involved in the same situation who lost funds."

I had asked during the phone call for evidence that others had been refunded but of course this kind of information is strictly confidential. I guess I’ll just  have to take you word for it Betfair. You’ve never lied to me in the past..... you did forget to tell me about that data hack in March'10' but hey we all make mistakes. 

Go and Open two tabs in Google & copy and paste the two quotes

·        Betfair account Hacked
·        Betfair account Refunded after hack

 I'm not the best at looking for things just ask the missus that but I definitely can't find much on refunded funds from fraud. All I can see are stories similar to my own but where I got lucky in that the fraudster made profit... many others have lost out. 

This thread on the Bet-Angel forum also shares some stories.

My advice for now would be to change your password regularly and check your security tab daily to make sure no-one else is logging in to your account.
Again I'm Sorry to put a downer on Cheltenham but this is a serious issue that Betfair really need to address and I hope that by me sharing this here this weekend it can get the message spread further. 

Please poll your vote on the top right of this page regarding this issue.