eBay's PayPal to Thwart Phishing Scams with New Device

Home

EB Blog

AB Blog

Letters

Podcasts

ABTV

Forums

EPIS

PR Service

Classifieds

Ecommerce EKG

Service Ratings

Auction Sites

FP Marketplaces

Inventory Management

Payment Services

Storefronts & Carts

Sniping Services

Wholesale/Dropshipping

Email List Hosting

Consignment Services

Ecommerce EKG

Auction Calendar

Collectors' Links

eBay Promo History

Bookshelf

Fraud Resources

Drop-Off Store Laws

ABTV

Ecommerce Resources

Photo Tips

Marketing Inserts

Yellow Pages

Advertising

EcommerceBytes-NewsFlash, Number 1449 - January 10, 2007 - ISSN 1539-5065 Previous | | Next

eBay's PayPal to Thwart Phishing Scams with New Device
By Ina Steiner
EcommerceBytes.com
January 10, 2007

PayPal is beta testing a new tool to help keep user accounts secure. The PayPal Security Key is a small electronic device that account-holders may order from PayPal. The device, small enough to attach to a keychain, generates a unique six-digit security code about every 30 seconds. Users enter that code when they log in to their PayPal or eBay account with their regular user name and password. Because the numbers on the device change continually, the code used to sign in expires, providing a higher level of security.

The PayPal Security Key uses Verisign's two-factor authentication system (http://www.verisign.com/products-services/security-services/unified-authentication/index.html). The two companies have a history of working together. In 2005, PayPal acquired VeriSign's payment gateway business. At the time, the companies said the acquisition was part of a strategic alliance that called for the two companies to collaborate on payment services and security initiatives for ecommerce. Last year, PayPal and eBay signed support for VeriSign's Identity Protection program (VIP).

PayPal members who want to use the enhanced security feature must order online - once the feature is available - and pay a one-time non-refundable fee of $5. The fee is waived for PayPal Business accounts, and there is no recurring charge. A PayPal spokesperson could not say whether companies who allow multiple employees access to their accounts would be allowed to have multiple keys.

PayPal, its parent eBay, and other ecommerce and financial institutions are frequently the targets of scammers who try to trick users into revealing their user names and passwords. Phishing emails have been sent to PayPal as early as 2002, when AuctionBytes first wrote about the problem.

PayPal has not officially announced the new security system, though there is a link to a page describing the new feature on its Security portal page. PayPal has been beta testing the system with employees for the past month, and will begin testing the system with a small number of users in the U.S., Germany and Australia over the next month or so.

https://www.paypal.com/eBay/securitykey

Thread on OTWA discussion board where users have been discussing the new feature:
http://www.otwa.com/community/showthread.php?t=49196

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email this story to a friend.

Previous | | Next

EcommerceBytes Blog

AuctionBytes Blog

Letters to the Editor