February 1, 2007
On average, PayPal’s recent decision to introduce an optional two-factor authentication
system highlights the increasing concern of banks and online payment organisations over various
According to numbers from banking industry body Apacs, the amount of money
lost to online banking fraud in the U.K. grew by 55 percent to £22.5m in the first six months
of last year, and this amount is expected to continue to grow in 2007.
As a whole, most phishing e-mails now target PayPal and eBay users, largely because they are
such a huge demographic (over 123 million customers at the end of last year), but also because
PayPal is designed to make it easy to move money around, predisposing it to being phished and
Surprisingly, however, phishing is not a large financial problem for PayPal or its customers.
Michael Barrett, chief information security officer at PayPal, says the problem with phishing
has more to do with perception than reality.
"Financially, phishing is not even in the top five of categories that we suffer from fraud–wise.
But when you say you work for PayPal, people say: Oh I get all these emails from you. What are you
doing about that? People perceive that there is an issue, so there is an issue," Barrett said.
Customers receiving phishing emails lose confidence, so PayPal’s two-factor efforts should help with
some of these worries.
‘Security is, of course, about relatives and risk assessment, and not absolutes. What
we are seeing at the moment is a period of experimentation where different companies are trying
different solutions,’ added Barrett.
Recent research by security vendor RSA shows that 91 per cent of bank account holders are
willing to use stronger authentication methods, while more than half (52 percent) are ‘less likely’
to sign up for or use online banking than they were.
As well as introducing two-factor, PayPal is responding to this drop in public confidence by
introducing a new green light system where users of Internet Explorer 7 will see the browser
flash green if the site is safe.
‘One of the other things we are doing is heavily pushing digital signature and email signing
technologies so that all PayPal and eBay outbound email is digitally signed,’ said Barrett.
‘It is incumbent on us to set an example and say these technologies will help once they reach
a critical mass,’ he said.
Peter Cassidy, secretary general of the Anti-Phishing Working Group, says nothing is absolute.
‘None of these solutions will stop online payment systems being attacked. Criminals will just up
their game. But two-factor systems will also get attention because consumers are experiencing
something novel,’ he said.
Source: CNN Money
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you