Online payment service PayPal is preparing to offer its users a new security weapon to help ward off data thieves and phishing scams with a password-generated key fob.
Aimed at protecting consumers and members from fraud, the two-factor authentication tool will display a new one-time password in the form of a six-digit code every 30 seconds. Users will enter their password along with their usual credentials when signing on.
This type of security is already common in many financial firms for high net worth clients throughout the United States.
Using VeriSign technology, the device will be free for eBay customers with a business account, but will cost approximately $5 for personal PayPal account holders. If the key is lost or unavailable, users will still be able to login, but only once they have verified their account.
Another Layer of Protection
PayPal spokesperson Sara Bettencourt explains that the added security measure will help enhance user protection. For example, "if fraudulent parties got hold of a person's username and password, they still wouldn't have access to the account because they would not have the six-digit code."
Bettencourt adds, "This is by no means a silver bullet that is going to stop fraud. This is just another layer of protection."
The introduction of the new security system by PayPal highlights the growing concern about data-phishing scams that have surfaced as a problem for both eBay and PayPal users. According to eBay, bogus web sites are set up by thieves who spam unsuspecting users in order to steal their personal information.
Fraudulent emails that appear as if they were sent by eBay and PayPal prompt users of those online services to enter their personal details on phony sites. All too often, users reveal their personal or banking information to total strangers without realizing they've been scammed.
Research on Internet hacking has revealed that eBay and PayPal are the most targeted sites for potential scams and data thieves. This research was confirmed recently when Internet giant Google uncovered a list of blacklisted phishing sites, which found that almost half of all attacks target eBay and PayPal. The Google blacklist is now used in Google's Toolbar for Firefox and the Firefox 2.0 browser.
However, efforts made to thwart phishers have already been met with skepticism. Last year, a group of Russian scammers implemented a Citibank phishing site that requested the key fob and password, allowing them to connect to the real Citibank site. Unless online companies begin to promote more consumer safety and awareness, it is likely that advanced scammers will be able to use similar techniques on the site's account holders.
According to PayPal, the system is currently being beta tested by the company's employees before expanding to the public within the next two months. The security tool will be made available first in the United States, Germany, and Australia and will then be rolled out across the UK over the next few months.
Founded in 1998, PayPal is used as a popular online payment service for individuals and businesses to transact payments quickly online. The company indicates it has more than 100 million account members in 103 markets worldwide. Along with eBay, Hewlett Packard and Dell's online stores as well as the iTunes music store use PayPal as a payment option for their online customers.