PayPal acts to stamp out phishing attacks
Published February 1st, 2007
PayPal acts to stamp out phishing attacks
Online payment site will fight fraud with two-factor system
PayPal’s decision to introduce an optional two-factor authentication system highlights the increasing concern of banks and online payment organisations over phishing.
The amount of money lost to online banking fraud in the UK increased 55 per cent to £22.5m in the first half of 2006, according to figures from banking industry body Apacs – and all the signs indicate this amount will continue to rise.
Most phishing emails now target PayPal and eBay customers, largely because they are such a huge demographic – 123 million customers at the end of 2006 – but also because PayPal is designed to make it easy to move money around, predisposing it to being phished.
Surprisingly, however, phishing is not a large financial problem for PayPal or its customers.
Michael Barrett, chief information security officer at PayPal, says the problem with phishing has more to do with perception than reality.
‘Financially, phishing is not even in the top five of categories that we suffer from fraud–wise. But when you say you work for PayPal, people say: ‘Oh I get all these emails from you. What are you doing about that?’ People perceive that there is an issue, so there is an issue,’ he said.
Customers receiving phishing emails lose confidence, so PayPal’s two-factor efforts should help with some of these worries.
‘Security is, of course, about relatives and risk assessment, and not absolutes. What we are seeing at the moment is a period of experimentation where different companies are trying different solutions,’ said Barrett.
Recent research by security vendor RSA shows that 91 per cent of bank account holders are willing to use stronger authentication methods, while more than half (52 per cent) are ‘less likely’ to sign up for or use online banking than they were.
Source: Vnunet.com
Related Articles