728_header.jpg (23748 bytes)
 Home 
 EB Blog 
 AB Blog 
 Letters 
 Podcasts 
 Forums 
 EPIS 
 PR Service 
 Classifieds 
 EKG 
 Ratings 
EcommerceBytes-NewsFlash, Number 1449 - January 10, 2007 - ISSN 1539-5065    2 of 4

eBay's PayPal to Thwart Phishing Scams with New Device

By Ina Steiner
EcommerceBytes.com
January 10, 2007




Email This Story to a Friend

PayPal is beta testing a new tool to help keep user accounts secure. The PayPal Security Key is a small electronic device that account-holders may order from PayPal. The device, small enough to attach to a keychain, generates a unique six-digit security code about every 30 seconds. Users enter that code when they log in to their PayPal or eBay account with their regular user name and password. Because the numbers on the device change continually, the code used to sign in expires, providing a higher level of security.

The PayPal Security Key uses Verisign's two-factor authentication system (http://www.verisign.com/products-services/security-services/unified-authentication/index.html). The two companies have a history of working together. In 2005, PayPal acquired VeriSign's payment gateway business. At the time, the companies said the acquisition was part of a strategic alliance that called for the two companies to collaborate on payment services and security initiatives for ecommerce. Last year, PayPal and eBay signed support for VeriSign's Identity Protection program (VIP).

PayPal members who want to use the enhanced security feature must order online - once the feature is available - and pay a one-time non-refundable fee of $5. The fee is waived for PayPal Business accounts, and there is no recurring charge. A PayPal spokesperson could not say whether companies who allow multiple employees access to their accounts would be allowed to have multiple keys.

PayPal, its parent eBay, and other ecommerce and financial institutions are frequently the targets of scammers who try to trick users into revealing their user names and passwords. Phishing emails have been sent to PayPal as early as 2002, when AuctionBytes first wrote about the problem.

PayPal has not officially announced the new security system, though there is a link to a page describing the new feature on its Security portal page. PayPal has been beta testing the system with employees for the past month, and will begin testing the system with a small number of users in the U.S., Germany and Australia over the next month or so.

https://www.paypal.com/eBay/securitykey

Thread on OTWA discussion board where users have been discussing the new feature:
http://www.otwa.com/community/showthread.php?t=49196

About the author:

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Sign up for our Email Newsletters

Email This Story to a Friend
Email this story to a friend.


2 of 4


Related Stories
Sponsored Ad