February 1, 2007

Add to del.icio.us     Digg this

On average, PayPal’s recent decision to introduce an optional two-factor authentication system highlights the increasing concern of banks and online payment organisations over various phishing attacks.

According to numbers from banking industry body Apacs, the amount of money lost to online banking fraud in the U.K. grew by 55 percent to £22.5m in the first six months of last year, and this amount is expected to continue to grow in 2007.

As a whole, most phishing e-mails now target PayPal and eBay users, largely because they are such a huge demographic (over 123 million customers at the end of last year), but also because PayPal is designed to make it easy to move money around, predisposing it to being phished and abused.

Surprisingly, however, phishing is not a large financial problem for PayPal or its customers.

Michael Barrett, chief information security officer at PayPal, says the problem with phishing has more to do with perception than reality.

"Financially, phishing is not even in the top five of categories that we suffer from fraud–wise. But when you say you work for PayPal, people say: Oh I get all these emails from you. What are you doing about that? People perceive that there is an issue, so there is an issue," Barrett said.

Customers receiving phishing emails lose confidence, so PayPal’s two-factor efforts should help with some of these worries.

‘Security is, of course, about relatives and risk assessment, and not absolutes. What we are seeing at the moment is a period of experimentation where different companies are trying different solutions,’ added Barrett.

Recent research by security vendor RSA shows that 91 per cent of bank account holders are willing to use stronger authentication methods, while more than half (52 percent) are ‘less likely’ to sign up for or use online banking than they were.

As well as introducing two-factor, PayPal is responding to this drop in public confidence by introducing a new green light system where users of Internet Explorer 7 will see the browser flash green if the site is safe.

‘One of the other things we are doing is heavily pushing digital signature and email signing technologies so that all PayPal and eBay outbound email is digitally signed,’ said Barrett.

‘It is incumbent on us to set an example and say these technologies will help once they reach a critical mass,’ he said.

Peter Cassidy, secretary general of the Anti-Phishing Working Group, says nothing is absolute. ‘None of these solutions will stop online payment systems being attacked. Criminals will just up their game. But two-factor systems will also get attention because consumers are experiencing something novel,’ he said.

Add to del.icio.us     Digg this

Source: CNN Money

Advertise on E-Commerce News