728_header.jpg (23748 bytes)
 EB Blog 
 AB Blog 
EcommerceBytes-NewsFlash, Number 3010 - February 27, 2013 - ISSN 1539-5065    4 of 5

PayPal Warns Congress of Ecommerce Security Risks

By Kenneth Corbin
February 27, 2013

Email This Story to a Friend

A top security executive with electronic-payment heavyweight PayPal warned lawmakers on Tuesday of the growing threats from cyber attacks as retail and other forms of commerce increasingly move to the Internet.

At a joint House subcommittee hearing, Michael Barrett, PayPal's chief information security officer, urged members of Congress to enact legislation that would promote cybersecurity education and research and development efforts.

"We believe all sustainable 21st-century retail business models will use the Internet and mobile technology. However, as Internet and mobile platforms become more attractive to consumers and businesses alike, they also attract criminals," Barrett said. "Companies like PayPal will continue to work to protect the safety and security of our platform and our uses, however, we believe that the traditional technical measures alone cannot significantly move the trend line, and that there are concrete steps that industry and policymakers should take to significantly mitigate the impact of cyber crime."

Lawmakers at Tuesday's hearing generally expressed support for new legislation to bolster industry efforts to safeguard against online attacks, though that debate has bogged down in past sessions of Congress amid conflicting visions for what role the government should play in overseeing private-sector systems.

As a starting point, members on both sides of the aisle acknowledge that the threats are real and growing, particularly as more sophisticated malware becomes available as a commodity.

"Hacking is no longer just the realm of computer wizards. Today anyone can rent a botnet or gain access to other sophisticated hacking tools with just a few keystrokes and less than a hundred dollars," said Rep. Dan Lipinski (D-Ill.). "Cyber crime threatens our national security, our critical infrastructure, businesses of all sizes and every single American. As such, reducing our risk and improving the security of cyber space will take the collective effort of both the federal government and the private sector, as well as scientists, engineers and the general public."

Lipinski, along with Michael McCall (R-Texas), is a sponsor of the Cybersecurity Enhancement Act, a bill that would boost federal support for cybersecurity scholarships and research and development, among other provisions.

PayPal's Barrett spoke in support of measures to improve cybersecurity research, stressing that, in spite of the now-familiar banner headlines that warn of coordinated hacking attacks, much remains unknown about the real extent of the threats.

"(W)e have a problem at the moment, which is essentially we don't know how bad the problem is," he said.

"We recommend that policymakers fund some research that helps fill some of the information gaps that currently exist as it relates to cyber crime," Barrett added. "We believe that this research will be a critical tool in arming policymakers, law enforcement and industry against the growing threat of cyber crime."

For ecommerce companies like eBay, PayPal's parent, security is a paramount concern, and Barrett noted that even the perception that shopping at an online store poses a risk - whether warranted or not - can be enough to scare away shoppers.

"It is our belief that without trust, the Internet and mobile marketplaces will fail to reach their full potential. Security and trust are mutually reinforcing," Barrett said in his written testimony. "It is hard to build consumer trust without ensuring the safety and security of a consumer's personal information, whether it is financial data, transaction history, etc."

PayPal, for its part, has joined with other industry players to launch the DMARC program, or Domain-based Message Authentication, Reporting & Conformance in longhand, to address what Barrett described as a rampant proliferation of phishing and other types of email fraud. Barrett boasted that DMARC, now just into its second year, has been adopted by leading email providers like Microsoft, Google and Yahoo and now safeguards some 60 percent of the world's accounts.

PayPal has also been expanding its work in the area of identity management and authentication, Barrett explained, describing the company's involvement in a pair of identity programs, including the White House and Department of Commerce initiative dubbed the National Strategy for Trusted Identities in Cyberspace (NSTIC), a collaborative effort aimed at boosting the security and privacy of online transactions.

Barrett, without elaborating, told lawmakers that PayPal is planning a series of announcements "over the coming months" detailing new services for users that "directly support the NSTIC vision."

"We at PayPal believe it is critical to know who you're dealing with on the Internet at all times," he said. "Therefore, my team has also been very engaged in efforts to create a reliable identity management system to promote identity and stronger authentication. As a company that facilitates secure online and mobile financial transactions, it is critical that we have the ability to authoritatively authenticate our users."

About the author:

Kenneth Corbin is a freelance writer based in Washington, D.C. He has written on politics, technology and other subjects since 2007, most recently as the Washington correspondent for InternetNews.com, covering Congress, the White House, the FCC and other regulatory affairs. He can be found on LinkedIn here.

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email This Story to a Friend
Email this story to a friend.

4 of 5

Sponsored Ad