Powersellersunite Power Sellers Unite
Bringing Buyers and Sellers Together
 

paypal news
Click here to go to the original topic

 
       Power Sellers Unite Forum Index -> Web Payment Services (WPS)
::  
Author Message
nopaypal



Joined: 23 Feb 2006
Posts: 2008
Posted: Sun Jan 14, 2007 1:02 am    Post subject: paypal news  
anybody heard about this? i havent seen it on either ebay or paypal sites.

--PayPal to Roll Out Another Layer of Authentication
(11 January 2007)
PayPal plans to bolster security by providing users with a second layer
of authentication. The eBay-owned company will provide its customers
with a PayPal Security Key device that generates a new numeric password
every 30 seconds. Users conducting transactions will be required to
enter their regular passwords as well as the randomly-generated password
provided by the key. The addition of this layer of security should help
thwart phishers because without a current Security Key password, other
account information will not allow them access to users' accounts.
Users will be asked to pay US$5 for the devices; business customers will
not have to pay for the Security Keys. The use of the keys is being
tested right now and will eventually be phased in for all users.
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9007818

[Editor's Note (Honan): Kudos to PayPal for taking this step to help
their customers protect themselves. While not a total gaurantee against
phishing, no security is ever 100%, $5 is a small price to pay to make
a PayPal account more secure.
(Schultz): I very much like what PayPal is trying to do. Given the
ever-growing risks from keystroke and tty sniffers, one-time
authentication credentials are clearly the right direction to take.
(Pescatore): The model of a business asking customers to pay to protect
against criminals pretending to be the business never, never works. If
PayPal was serious about improving the experience of its customers, and
reducing its fraud costs, it would be eating the $5. Heck, if eBay could
afford to pay a katrillion dollars for Skype...]

==============================
PayPal hopes it's got the key to thwart phishing
Robert McMillan

January 11, 2007 (IDG News Service) Over the next few months, Ebay Inc. will be offering its PayPal users a new tool in the fight against phishers: a $5 security key.

The PayPal Security Key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.

"The key is really going to give users one more layer of security for their accounts," said Sara Bettencourt, a PayPal spokeswoman.

Because the numeric password changes so frequently, even successful phishers will end up with obsolete numeric passwords and will be unable to empty PayPal accounts.

"If you fall for a phishing scam and give away your user name and password ... if you used the PayPal Security Key, a third party couldn't get to your account because they wouldn't have this dynamic digit," Bettencourt said.

The Security Key could be an important tool for PayPal, whose Web site is frequently spoofed by phishers looking to steal user account information.

The PayPal Security Key is being tested by PayPal employees right now, and the test will be opened up to beta users in the U.S., Germany, and Australia "in the next month or so," Bettencourt said. Later this year, the company plans to begin promoting the devices to all PayPal users. News of the new PayPal system was first reported on AuctionBytes.com

PayPal users who want this extra level of security will be able to buy the devices for $5, but this fee will be waived for PayPal business accounts.

PayPal's device is based on VeriSign Inc.'s One-Time Password Token product, which is also being tested by Charles Schwab & Co. Inc. and U.S. Bancorp.

ETrade Financial Corp. also uses a similar system, based on RSA Security's SecurID tokens.

Over the past year, online financial companies have paid more attention to authentication technologies such as the VeriSign tokens, which add a second layer of authentication to online transactions. Adoption of these "two-factor" authentication techniques has been further boosted by new federal guidelines, which require stronger authentication for online transactions.

Still, phishing attacks are becoming increasingly lucrative for criminals.

Research company Gartner Inc. estimates that phishers cost U.S. financial institutions about $2.8 billion last year. The average loss per phishing attack was $1,244, up from $256 in 2005.
Back to top  
 
       Power Sellers Unite Forum Index -> Web Payment Services (WPS)
Page 1 of 1




Powered by phpBB © 2001, 2002 phpBB Group