Skip navigation

Join the Vacation Rentals Conversation!

Get answers to all of your questions from fellow owners and travelers.

Join the CommunityX

CommunitySeek, Ask, and Share in the Vacation Rentals Community
147863 Views 672 Replies Latest reply: Apr 11, 2014 4:05 PM by swmarketing RSS Go to original post 1 ... 13 14 15 16 17 ... 46 Previous Next
  • wiffle Contributor 217 posts since
    Feb 23, 2011

    Your post is the most misinformed in the whole thread, but thanks for the laugh.

     

    The proposed HA/VRBO changes are a knee-**** reaction to people who have no clue what they are talking about. And, it lends a false sense of security to people who should be educating themselves about internet security, not pinning their hopes on someone else to fix "the perceived problem of the moment".

     

    Who are you to tell any other person on this forum when to speak up? HA/VRBO will tune out paying customers who speak out against changes that don't make sense? Are you a spokesperson for HA/VRBO, or just a big shot on a internet forum?

     

    HA/VRBO's sites are poorly run behind a slick facade. If you want to pin your security on faulty logic, have at it.

     

    FlipKey is a real threat to HA/VRBO. Heck, Craigslist will be a close second the way HA/VRBO is going.

  • swlinphx Senior Contributor 2,194 posts since
    Aug 30, 2011

    I am not clear on your solution as to all correspondence being filtered through the system without our need to log in.  This filtering would still make HA/VRBO a part of the communication process between the owner and traveler, which is what many of us do not want to happen.

    A lot of what people object to, including what you mentioned in the text right after what I quoted above, is not having to go to the Web and login to the Dashboard. That is the inconvenience.  The data mining worries is a separate fear.  My suggestion would take care of that.  It works the same way you respond to messages from Facebook or eBay which all go thru those systems to reach your private outside e-mail Inbox.  It is also similar to when people respond to a post in a forum such as this from their outside e-mail account.  It is still coming and going thru the forum site.

  • swlinphx Senior Contributor 2,194 posts since
    Aug 30, 2011

    How about your comments on the "authentication key" idea, I mentioned above (posting# 160) which would require no change whasoever to our communications and would provide on-demand protection and authentication to both owner and guest?  Such a system could be implemented by HA for next to no cost (I'd estimate a day or two of programming for the basic functionality)

    The thing about your proposal is it still seems to require that you to log-in once to test or send this code you speak of.  If that is the case, it is no more or less convenient than having to log in once to the Dashboard for the initial inquiry & response.

  • swlinphx Senior Contributor 2,194 posts since
    Aug 30, 2011

    ....the main, important thing to understand is that the "new" thing is the  "login"....to retrieve the first inquiry...as HA stated from the beginning. You'll get each other's  full  contact information, in the process...the question is what detail and when {I'd like to know, as others, what "traveler" contact details will be included for the owners to see, in that very first,  initial inquiry?}

    Is there any reason why, once we've logged in to Dashboard, we shouldn't see all their information?  Logging in is enough to be sure we get the inquiry and that it was not skimmed off our e-mail so that we don't know about it. What else is supposedly the advantage of logging in that they're shooting for though?  How does knowing the inquirer saw our listing on HomeAway/VRBO and responded mean they are legit or trustworthy?  How does it guarantee them we are trustworthy?  Is it all about HomeAway's $10,000 guarantee?

     

    And, what if our accounts on HomeAway get hacked and someone can log in?  Perhaps that is less likely than getting our e-mail password, but I don't know.  This is all a lot of speculation.  I can't speak to it all until I know the details and what is planned.

  • swlinphx Senior Contributor 2,194 posts since
    Aug 30, 2011

    I use two-step authorization to log into my PayPal accounts (after one was hacked draining thousands from it and my linked bank accounts!).  It is the credit card you press for a new LCD number each time and enter it after you enter your screen name and password.  That would assure we are legit I suppose, but how would that ensure a traveler is legit?

  • info@stayattremblant.com Active Contributor 543 posts since
    Aug 25, 2011

    Swisshouse,

    That posting was the most fear spreading, disrespectful, hyperbolic, not backed up by fact or reference and highly opinionated posting on this entire thread.  Even the analogy seeks to imply that we others are Luddites.  I am not a Luddite, nor am I adverse to positive change. 

     

    I wouldn't even know where to start by way of a reply.  I just hope that critical thinking people will simply ignore the post.

     

    Sorry, that is how I read it.

  • info@stayattremblant.com Active Contributor 543 posts since
    Aug 25, 2011

    I guess it depends on what the problem is that you're trying to solve.  For me the number one thing is to allow owners to maintain fast turnaround to guest inquiries.  My proposal would allow us to reply immediately to requests (no change whatsoever to the current model) and, additionally would provide a remedy to any owner or guest who wishes to authenticate the guest or owner, respectively.

     

    I don't see a downside.  Cheap to implement, secure, and non-intrusive to owners' businesses.  Really, give it another thought... It's a win, win, win!

     

    [While the solution above is my preference -- so that I can just ignore the whole thing and keep working like I have been and others who are concerned about the scam issues can take action as they see fit -- I think  swlihx's suggestion probably strikes a better balance between the enforcement and control that HA desires and an owner's desire that we're able to interact with guests in a timely manner and maintain our current client database systems.

     

    Both of these are perfectly viable alternatives, IMO, and deserve some critical analysis and consideration by HA.

     

    Also, can anyone provide statistics that the success rate of fraud &/or phishing on HA is actually a significant enough problem that it needs to be addressed with any "big hammer" solution?


    P

  • swiss-house Contributor 260 posts since
    Jul 6, 2011

    I'm sorry if I offended some of you.  Kind of.

     

    Parts of this discussion have devolved into a political soapbox where a few folks have stated an opinion early on that they don't want to make any change, and they just keep restating that opinion in different ways. So much negativism.

     

    It adds a lot of chaff to the wheat pile, and it makes it really hard to find the real kernals of good ideas that some people are adding to the conversation.

     

    So, yes, I did a big HUFF & PUFF and blew on the pile.  I called it like I see'd it.  Maybe it's not my place, but I really want to see some of the ideas that have and are still being posted.  I really don't want to have to spend so much time trying to figure out when something is just resistance to change or whether there is a good idea I can latch on to and include in my recommendations.

  • swiss-house Contributor 260 posts since
    Jul 6, 2011

    Despite the noise in this and similar threads, a few voices have stood out and made some really, really good arguments for alternative approaches and legitimate workflows. swlinphx, info@stayattremblant, tfv, lrbaldwin, twobitrentals, and quite a few others have really helped define process requirements and offered reasonable technical solutions to investigate.

     

    My own summary of the issue:

     

    The problem is legit.  No, I don't have statistics for it, but it's obvious just from posts on this board itself http://community.homeaway.com/message/15210#15210 that not all our HomeOwner peers are as internet savvy as those of us on this board.  Our market is a big, rich, target for scammers looking to impersonate us and take our customer's money.

     

    THE PROBLEM IS NOT the guests.  While I'd like it if they provided more info in their inquiries, if they'd read my occupancy limits, or at least not inquire about dates that show as booked, it's not the guests that are the problem.  It's up to us, the Homeowners to screen them, to decide which ones to respond to and which to ignore.  But inquiries in and of themselves ARE NOT phishing.  It's cool that HomeAway wants to create a way for guests to create their own profile, but it is only tangental to the phishing issue.  It is innapropriate (in my view) for them to link guest profiles to the phishing issue.

     

    THE PROBLEM IS the very first message to the homeowner letting them know about the inquiry.   Right now, it includes the guest's email address, possibly their phone number, the listing number, and info about the rental request. If it gets intercepted, in any way, the intercepter can impersonate the real owner, and in many cases cut them out of the process.
    THIS is the problem that must be solved.

     

    While I don't want to disuade HomeAway from spending their money on a big new system, the posts here as well as my own personal feeling is that requiring ALL communication to go through HomeAway is overkill. (see caveat in item 4b below)

     

    All HomeAway really needs to do is make sure that the person reading the initial inquiry notification, with the renter's email and phone number, is the real owner.  Something with a two-step authentication, but one that does not require re-authentication to read and respond to each inquiry.

     

    I've read through all the posts here about ways to keep that initial inquiry information secure in an email, and I still don't see any that can be uniformly (i.e. easily supported by a help desk) implemented while providing the level of security needed.

     

    The following is what I will be lobbying HA for
    This is an extension / update to my talking points list created back when this all started:
    http://community.homeaway.com/message/25401#25401

     

    1. Don't require guests to create profiles.  Sure, they can, but guests are NOT the problem and screening them is something we, the homeowners still need to do.  There should be nothing that impedes a potential guest's ability to initiate business with us, nor communicate and finalize a sale.  A profile is a novelty that has no real value add.  An email address is all we should REQUIRE of a potential guest.

     

    2. Change the the email that HomeAway sends homeowners to include only the details of the inquiry without the guest's contact info.  Send it to whatever email address we have in our homeowner profile.  If it gets intercepted by a bad guy, he has no info about the guest and can't reach them to impersonate me.

     

    3. When a Homeowner brings up the inquiry in HomeAway (regardless of how they log in), they should see the inquiry, INCLUDING ALL THE CONTACT INFO.  Right Away.  Homeowners should not have to send a reply before they get to see the email address or phone number.  Email addresses are an important way to validate guests, and phone numbers are an imperative for guests who want to book NOW! 
    I will lobby hard for this.

     

    4. From this point on, it should be up to the HomeOwner how to continue conversations with the guest:

    a. Use the HomeAway system to communicate with the guest, with HomeAway sending your messages directly to the guest's email account.  This is the MOST secure way to be sure the homeowner is not being impersonated at any step of the process.

     

    b. Easily copy and paste the inquiry into their favorite email application, and initiate their communication with the guest directly via email.  Anyone doing this MUST realize that if their email account has been hacked, the bad guy will be able to see all your communication with the guest now, and they could still try to hijack your communication going forward and begin impersonating the real owner.  But at least that first message back to the guest would be from the true homeowner.

     

    c. Pick up the phone and call the renter (this option c. added to this entry a few hours after I typed the initial post - TC)

     

     

    I believe it is the requirement that a two-step authentication is required to see the initial inquiry that is the most critical, whether by browser with two step authentication, or a handheld device that has been pre-authenticated. In fact, blocking renter info in the inquiry announcement email and adding improved login security is the only REAL change that HomeAway needs to make in the short term.  Add two-step authentication to the current HomeAway homeowner login process.  Do this, immediately, and forget about all the other enhancements and the scamming incidents will likely drop off to nil overnight.  All the other stuff is nice-to-have, but unecessary.

     

    But if they do make using their communications system from start to finish a requirement, I'll adapt.

  • lrbaldwin Active Contributor 757 posts since
    Feb 16, 2011

    swiss-house, I have to say I agree with everything you say in your post.  As you know, it's that immediate first contact by old fashioned telephone that I want.

     

    I know this is very unsophisticated, but here's my idea:

     

    1. H/V sends an email to the owner that he has an inquiry....period.

    2. Owner must then log in to his dashboard.

    3. A link is provided there for yet another log in, different user ID and password, for access to inquiries on a secure server.

    4. Full inquiry with all information is then accessed for owner to do with it as he pleases be it respond through H/V, via his own email, by phone, or simply ignore it (I never do that).

     

    Am I way oversimplifying this?

     

    Linda

  • swiss-house Contributor 260 posts since
    Jul 6, 2011

    I know this is very unsophisticated, but here's my idea:

     

    1. H/V sends an email to the owner that he has an inquiry....period.

    2. Owner must then log in to his dashboard.

    3. A link is provided there for yet another log in, different user ID and password, for access to inquiries on a secure server.

    4. Full inquiry with all information is then accessed for owner to do with it as he pleases be it respond through H/V, via his own email, by phone, or simply ignore it (I never do that).

     

    Am I way oversimplifying this?

     

    Linda

    I don't think step 3 is even needed.  Logging in to the dashboard itself should be secure enough (once they have improved it to include the two-step security check). 

     

    Once you get to your dashboard, it should all be there, including all the details.  No need to do a second login or anything.  And if your dashboard was already open, you wouldn't even need to log in to it when a new inquiry came in.  This is what I will be lobbying for.

     

    BTW - I kind of like getting a little info about the inquiry in the notification email and/or text message (step 1).  The dates and group size let me decide whether I need to jump on this right away on my smart phone (it's a small group wants to rent this weekend) or it can wait until I get home later tonight to respond (it's an oversize group, asking for dates 6 months away).  Those little nuggets of info let me use my time wisely.

  • info@stayattremblant.com Active Contributor 543 posts since
    Aug 25, 2011

    lrbaldwin wrote:

    [.. idea, see above ]

    Wow.  My business would simply grind to a halt.  Unfortunately, this suggestion is even more onerous than the one HA has proposed.  I think we should be seeking to lose complexity while still maintaining an appropriate level of security, not adding additional layers of security with no clear benefit.

    swiss-house wrote:

     

    I believe it is the requirement that a two-step authentication is required to see the initial inquiry that is the most critical.

     

    This is simply not necessary.  It's overkill.  We're proposing a system that's as secure as my online banking just for me to get at my potential guests' e-mail address.

     

    Surely reasonable people can see how this level of security is unnecessary (and, to boot, will not completely address the problem of phishing -- let's not lose sight of that fact).  If anyone is at all confused on this point, please refer to my earlier post on the topic and PM (private message) me if you would like any clarifications.

     

    Whatever the Ambassadors bring to HA -- I'd like to request that they address the issue of immediate communication with guests [1] (a phone call for each and every inquiry is unrealistic for most of us).   If the e-mail address must be hidden to satisfy HA security gurus then find another solution that lets me simply reply to an e-mail to communicate with the guest.    This is technically possible (and, in fact, quite easily done).

     

    A suggestion to this effect has already been made. Any solution without this, [1], as a criteria should not be considered.  There are options to achieve this.

     

    P

  • sodamo Contributor 260 posts since
    Nov 5, 2011

    "1. Not require guests to create profiles.  Sure, they can, but guests are NOT the problem and screening them is something we, the homeowners still need to do.  There should be nothing that impedes a potential guest's ability to initiate business with us, nor communicate and finalize a sale.  A profile is a novelty that has no real value add.  An email address is all we should REQUIRE of a potential guest."

     

    Agreed - REAL guests aren't the problem, but then REAL owners aren't the problem either. Shouldn't the solution focus on keeping the phisher out of the loop from the gitgo?

     

    As for Traveller profile - Name, Address, Phone, and Email would suffice. - just the stuff we basically want anyway.

     

    Sent with Aloha from my MacBook Pro

    Please visit vacation.ninolehawaii.com

  • lrbaldwin Active Contributor 757 posts since
    Feb 16, 2011

    I agree with you, but I get the impression that HA is going to do what they want.  Like you, my main concern is my ability to immediately communicate with my inquirer by any method I wish and do it immediately. If I have to jump through a couple of hoops, I can deal with that.  However, a requirement that my first communication to the inquirer must be through the HA system is something that will certainly damage my business.  I do not want to respond to an inquiry before I have their information.  I hope this is not something they are going to require.

     

    I do understand the concern of those who do not always have immediate access to a computer for logging in to get their inquiries.

     

    Linda

  • info@stayattremblant.com Active Contributor 543 posts since
    Aug 25, 2011

    swiss-house wrote:

     

    The problem is legit.  No, I don't have statistics for it, but it's obvious just from posts on this board itself http://community.homeaway.com/message/15210#15210 that not all our HomeOwner peers are as internet savvy as those of us on this board.

    No one (that I've seen) is questioning if the problem is legit (i.e. that there is history of it having happened) but that, in an of itself, is not a reason to implement a knee-**** security policy that over-reacts to the problem. 

     

    A proper risk/reward analysis is required.

     

    I know that break-and-enter is a problem for homes -- so I have a deadbolt on my door and I take reasonable precautions (lock doors, close drapes, appropriately light my property, etc...)   I didn't install a permieter fence, steel doors, laser beam motion detection, active defence systems, hire a body guard and build a panic room.

     

    And I didn't mandate that each and every one of my neighbours install a permiter fence, steel doors, etc..

     

    Each risk has an appropriate response.  Could my home be broken into one day while I'm at work? I suppose so -- but I have evaluated the risk and taken an appropriate response.

     

    Fear has been instilled into the owner community and we (and HomeAway) are over-reacting.

     

    P.

1 ... 13 14 15 16 17 ... 46 Previous Next

Not a member?

JOIN THE COMMUNITY

Register Now

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)