New PayPal key to help thwart phishers

Additional password-generating security measure should be opened to beta users within the next month

By Robert McMillan, IDG News Service
January 10, 2007

Talkback

E-mail

Printer Friendly

Reprints

Over the next few months, Ebay will be offering its PayPal users a new tool in the fight against phishers: a $5 security key.

The security key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.

"The key is really going to give users one more layer of security for their accounts," said Sara Bettencourt, a PayPal spokeswoman.

Because the numeric password changes so frequently, even successful phishers will end up with obsolete numeric passwords and will be unable to empty PayPal accounts.

"If you fall for a phishing scam and give away your user name and password...if you used the PayPal Security Key, a third party couldn't get to your account because they wouldn't have this dynamic digit," Bettencourt said.

The Security Key could be an important tool for PayPal, whose Web site is frequently spoofed by phishers looking to steal user account information.

The PayPal Security Key is being tested by PayPal employees right now, and the test will be opened up to beta users in the U.S., Germany, and Australia "in the next month or so," Bettencourt said. Later this year, the company plans to begin promoting the devices to all PayPal users. News of the new PayPal system was first reported on AuctionBytes.com.

PayPal users who want this extra level of security will be able to buy the devices for $5, but this fee will be waived for PayPal business accounts.

PayPal's device is based on VeriSign's One-Time Password Token product, which is also being tested by Charles Schwab and U.S. Bancorp.

ETrade Financial also uses a similar system based on RSA Security's SecurID tokens.

Over the past year, online financial companies have paid more attention to authentication technologies such as the VeriSign tokens, which add a second layer of authentication to online transactions. Adoption of these "two-factor" authentication techniques has been further boosted by new federal guidelines, which require stronger authentication for online transactions.

Still, phishing attacks are becoming increasingly lucrative for criminals.

Research company Gartner estimates that phishers cost U.S. financial institutions about $2.8 billion last year. The average loss per phishing attack was $1,244, up from $256 in 2005.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

Why San Francisco's network admin went rogue

Can you really live without Microsoft Office?

San Francisco's mayor gets back keys to the network

Mac (in)security: How to secure Macs in business

>> Talkback: Have your say

Do you have the power to resolve technical issues with one call?
Watch this webcast to get an under-the-hood look at a remote support solution that enables the IT organization to be the engine that keeps your end users productive and your company running.

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Discover How to Provide Anytime, Anywhere IT Support - Remote employees unduly bogged down with technical problems can mean significant losses in productivity, revenue and satisfaction...
Class of Service: Myths and Misconceptions - There has been much discussion about the benefits of CoS; but, there are also common myths, which unless challenged, can...
Factors to consider when comparing DSL or Cable - As the demand for high-speed access increases, businesses are looking for cost-effective connection options for remote workers...
Getting in Compliance with Government Data Regulations - This Whitepaper explores these standards and regulations-some firmly in place, some emerging, others in the formative stage...
Refine your company's plan for a Business Disruption Event - Many firms fail to consider how lines of communication will stay open in the event of a BDE. Make sure your company's mobile...
Telepresence For The Enterprise - Companies today are facing an array of business challenges, including the growing number of remote and virtual employees;...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

•

Application development

•

•

•

•

•

•

•

•

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

New PayPal key to help thwart phishers

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change Xerox - Experience the colorful side of business at www.frugalcolor.com IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS AT&T - Factors to consider when comparing DSL or Cable AT&T - Going mobile with today's technology AT&T - What to expect from a Technology Assessment. Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. Cirba - Advanced Workload Analysis Techniques		Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event Cirba - Consolidating Workloads onto Mainframes AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist