New PayPal key to help thwart phishers

To fight phishing, PayPal plans to introduce a new two-factor authentication system called the PayPal Security Key

Robert McMillan (IDG News Service) 11 January, 2007 13:34

Over the next few months, Ebay will be offering its PayPal users a new tool in the fight against phishers: a US$5 security key.

The PayPal Security Key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.

"The key is really going to give users one more layer of security for their accounts," said Sara Bettencourt, a PayPal spokeswoman.

Because the numeric password changes so frequently, even successful phishers will end up with obsolete numeric passwords and will be unable to empty PayPal accounts.

"If you fall for a phishing scam and give away your user name and password ... if you used the PayPal Security Key, a third party couldn't get to your account because they wouldn't have this dynamic digit," Bettencourt said.

The Security Key could be an important tool for PayPal, whose Web site is frequently spoofed by phishers looking to steal user account information.

The PayPal Security Key is being tested by PayPal employees right now, and the test will be opened up to beta users in the U.S., Germany, and Australia "in the next month or so," Bettencourt said. Later this year, the company plans to begin promoting the devices to all PayPal users. News of the new PayPal system was first reported on AuctionBytes.com

PayPal users who want this extra level of security will be able to buy the devices for US$5, but this fee will be waived for PayPal business accounts.

PayPal's device is based on VeriSign's One-Time Password Token product, which is also being tested by Charles Schwab & Co. and U.S. Bancorp.

ETrade Financial also uses a similar system, based on RSA Security's SecurID tokens.

Over the past year, online financial companies have paid more attention to authentication technologies such as the VeriSign tokens, which add a second layer of authentication to online transactions. Adoption of these "two-factor" authentication techniques has been further boosted by new federal guidelines, which require stronger authentication for online transactions.

Still, phishing attacks are becoming increasingly lucrative for criminals.

Research company Gartner estimates that phishers cost U.S. financial institutions about US$2.8 billion last year. The average loss per phishing attack was US$1,244, up from US$256 in 2005.

Computerworld Buyer's Guide - Vendors Matched to this Article

Dimension Data , Trend Micro , SafeNet , GFI , SonicWALL , Sagem , Secure Computing , MessageLabs , CA

More about Schwab, RSA, The Security Division of EMC, Billion, Gartner, eBay, Financial Institutions, RSA, ETrade, VeriSign, PayPal, Charles Schwab

Comments

Post new comment

Have your say!

Computerworld Buyer's Guide - Vendors Matched to this Article

Dimension Data , Trend Micro , SafeNet , GFI , SonicWALL , Sagem , Secure Computing , MessageLabs , CA

Discussions on The Computerworld Forum

Whitepapers

Read up on the latest ideas and technologies from companies that sell hardware, software and services.

Zones

Zones provide focussed content from Computerworld and leading technology partners.

Newsletter Subscription

RSS Feeds

Computerworld Today

Show all RSS feeds

More >

Computerworld Webinar

Thursday, June 11th, 2009
10:30am EST (Sydney, Australia)
Screening at your PC

Computerworld is hosting a 30 minute live webinar to help you to learn how unified communications can save you money, foster innovation and business agility by making it easier for people to find, reach and collaborate with one another.

Register Now

+

Savings do add up: How organisations are saving thousands by adopting Unified Communications and Collaboration. 15 June, 2009 12:01

This week's CW Live podcast features a discussion between Audrey William, research director at research firm Frost & Sullivan Australia, and Craig Campbell, business unit executive for Integrated Communications Services at IBM Australia / New Zealand on why companies are adopting unified communications, and whether there is any benefit to hosting a unified communications solution in the cloud.

[ MP3 (2.22 MB) | Windows Media (2.26 MB) ]
+

Storage Virtualisation: Increasing Information Availability and Lowering Costs 02 June, 2009 12:36

This week's CW Live features a discussion between Dr Kevin McIsaac, IBRS Research's Advisor for Virtualisation and Craig McKenna, Consulting Technical Leader, System Storage, for IBM's Growth Markets division, on why storage virtualisation is key to an organisation's information management plan.

[ MP3 (4.62 MB) | Windows Media (4.69 MB) ]
+

Computerworld Live Podcast #100: Enterprise Cloud Computing and Network Virtualisation 25 March, 2009 13:46

CW Live speaks with Matthew Zanner, HP ProCurve worldwide director of datacentre solutions, about how cloud computing is changing the way IT professionals are designing their networks and running their datacentres.

[ MP3 (3.25 MB) | Windows Media (2.48 MB) ]
+

Computerworld Live Podcast #99: Reducing the Costs of Enterprise Mobility 28 January, 2009 10:43

CW Live speaks with Mark Thompson, Global Sales/Marketing Manager for HP's ProCurve Networking Business, to discuss strategies for reducing the cost of enterprise mobility, including tips on securing a wireless network, smart network design strategies, and advice for simplifying the management and support of wireless networks.

[ MP3 (3.63 MB) | Windows Media (2.77 MB) ]
+

Computerworld Live Podcast #98: The Future of Datacentre IP 18 December, 2008 10:33

CW Live speaks withLin Nease, Director of Emerging Business for HP ProCurve, to discuss the future of networks, including the effect of IP-based storage on datacentres, new capacity requirements generated by the use of 10Gb Ethernet, and how an efficient network design can slash energy and cooling costs, and help enterprises build a "green" image.

[ MP3 (5.45 MB) | Windows Media (4.15 MB) ]

More >

Understanding Email Marketing: A Guide for SMBs

Email marketing is often viewed as a marketers silver bullet. If used effectively, email campaigns will provide strong results for a limited spend each and every time. Download this white paper to discover how email marketing can work for you and your business.

Enterprise IT Buyer's Guide

Find Technology Vendors Fast

Find vendors by name | Find by category

Comments

Post new comment

Savings do add up: How organisations are saving thousands by adopting Unified Communications and Collaboration. 15 June, 2009 12:01

Storage Virtualisation: Increasing Information Availability and Lowering Costs 02 June, 2009 12:36

Computerworld Live Podcast #100: Enterprise Cloud Computing and Network Virtualisation 25 March, 2009 13:46

Computerworld Live Podcast #99: Reducing the Costs of Enterprise Mobility 28 January, 2009 10:43

Computerworld Live Podcast #98: The Future of Datacentre IP 18 December, 2008 10:33

Verbatim Announces SSD ExpressCards for PC and Mac Users 06 July, 2009 14:26

Verbatim lets data sprint with launch of eSATA Combo Hard Drives 06 July, 2009 14:23

KORDZ punts on US home cinema market turn around 06 July, 2009 12:20

Frost & Sullivan: Converged Services A Natural Play For Telcos 06 July, 2009 09:06

Challenge Your Memory with Kingston and Win Hot Memory Products Home 03 July, 2009 12:20

Understanding Email Marketing: A Guide for SMBs

Buying Guides

Latest Products

Buying Guides

Latest Products