January 18, 2007
Hoping to significantly increase consumer confidence in its online payment gateway, and wishing to
reduce phishing attacks aimed at some of its users, PayPal is to begin offering users the option
of utilizing a password-generating device to better protect them.
PayPal's newly proposed payment application will use a new secure key, known as the PayPal Security
Key, an electronic key that can be clipped onto a key chain and can generate a random six-digit
security code every 30 seconds.
In order to log onto their PayPal accounts, users will have to enter the code with their ID
Business users will be given the key, made for eBay/Paypal by VeriSign free of charge. Non-business
users will pay a one-time charge of US$5.
Although the actual security improvements will be minimal, PayPal's new two-factor authentication
system could enhance security considerably for PayPal users. Overall, PayPal customers are a favorite
target of potential hackers and phishing scams, in which fraudulent emails claiming to be from PayPal
encourage users to enter their IDs, passwords and other data into a fake or spoofed website that has
nothing to do with eBay and/or PayPal.
Even if a phishing attack tricked a user into turning over all three forms of identification,
the new random passcode would expire by the time the phisher attempted to access the user's
The use of random password generators has found a niche in some corporate and government
settings as a much more secure alternative to more advanced technology, such as fingerprint
readers or retina scanners.
Despite all these new measures, there will still be some high-profile security breaches and
consumers are not yet clamoring for more security.
Overall, banks and other financial institutions are among those that must lead the way toward
more robust online security solutions. Some banks currently require a second password or ask
customers to designate a specific computer as a single access point for online banking, said
Gartner analyst Avivah Litan.
"As a whole, banks are recognizing that they must move beyond simple passwords," Litan said.
While still viable for less sensitive Web sites and transactions, passwords alone are "no longer
adequate for Internet banking." she added.
While all of this is happening, the growing occurence of phishing attacks has become troubling
for many in the eCommerce community, in which identity theft is seen as a potential drag on the
growth of online business, especially in convincing reluctant consumers to shop online for the
Statistics show that more than 50 percent of the millions of malicious emails intercepted
each month are now phishing-related, according to security firm MessageLabs.
PayPal regularly ranks at or near the top of all companies that have their email addresses
spoofed by phishers and online fraud artits. Banks are also a favorite target because they offer
attackers the opportunity to gain direct access to a user's financial information if the
attack is successful.
The number of phishing attacks has more than doubled in the past 2 1/2 years. Whereas most
such attacks fail to hit their mark, the successful ones can result in significant losses
of more than $1,200 for every single attack.
According to Gartner, in 2006 alone, banks racked up more than $2.7 billion worth of direct losses, such as fraudulent
credit card payments that are written off the books.
"There is also the risk of additional losses due to lower confidence in the security of
the online world," Litan added.
eBay says its new PayPal Security Key is now in beta testing, primarily by eBay employees, but
should be widely available in the U.S. and other select countries within two months.
Overall, industry reaction in the eCommerce sector on eBay message boards has been largely
positive, though some commented that eBay should give the new secure key away for free, as they
are likely to boost sales by increasing the buyer's sense of overall security.
Source: eCommerce Times
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you