EcommerceBytes-NewsFlash, Number 1767 - April 11, 2008     4 of 4

PayPal Releases White Paper on the Problem of Phishing

Email This Story to a Friend

Michael Barrett, Chief Information Security Officer at PayPal, says phishing is not an unsolvable problem. He and colleague Dan Levy have written a white paper called "A Practical Approach to Managing Phishing" that was published on Thursday in conjunction with the RSA security conference.

The paper outlines PayPal's historic approach to managing phishing and urges the Information Security industry to work together. Barrett wrote in a PayPal Blog post on Thursday that the company's strategy had focused on preventing financial loss to customer accounts, but that it realized that there was a holistic dimension: "how do we prevent phishmail from getting to our customers in the first place?" The paper explains the approach PayPal has taken to do just that. The paper concludes:

There's clearly no "silver bullet" which will deal with phishing. Rather, we've made a credible case that a multi-layered strategy, such as the one we've laid out, can in fact make a significant difference in dealing with the crime. We encourage the rest of the industry to evaluate their anti-fraud efforts and adopt a fraud prevention strategy along these lines. As the old adage goes, "united we stand; divided we fall."

The white paper available for download in PDF format through a link in the blog post.

About the author:

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to

You may quote up to 50 words of any article on the condition that you attribute the article to and either link to the original article or to
All other use is prohibited.