EBay: More cooperation needed on cybersecurity

Auction site's CEO argues that better communication among banks, online vendors, and payment services will help minimize the damage of phishing and fraud

Banks, online merchants, and technology vendors must work together to prevent security problems like phishing attacks and data breaches, eBay President and CEO Meg Whitman said Thursday.

Whitman called on large e-mail service providers, such as Yahoo and Microsoft, to reject e-mails supposedly coming from eBay or subsidiary PayPal that do not include domain key signing authentications on them. EBay now puts the digital signatures on all the e-mail it sends, amounting to "billions" of pieces of e-mail a year, Whitman said at a Visa USA security summit in Washington, D.C.

Phishing attacks, in which a scammer sends fake e-mail to entice recipients into giving up passwords and other information, remain a major concern at eBay and PayPal, Whitman said. No longer the domain of small-time crooks with bad grammar, phishing schemes are becoming sophisticated tools of organized crime, she added.

Even those customers who recognize phishing schemes can get disgusted and stop doing business with the targeted businesses, she added. "It erodes the trust we've tried so hard to build," Whitman said. "We need to make it so hard for the bad guys that they ultimately think it's not worth their time to mess with our customers."

Whitman also called on banks to share information about known scams and data breaches more quickly with third-party payers like PayPal. In many cases, banks share the information with each other immediately, but it takes "days or weeks or months" to reach businesses like PayPal. With faster information sharing, more scams could be prevented instead of dealt with after the fact, she said.

The eBay online auction model works because most people are basically good and not out to scam others, Whitman said. However, Internet scammers continue to look for new ways to make money, she said.

"Security on the Internet is actually an arms race in the classic form," she said.

Earlier in the conference, Visa USA President and CEO John Philip Coghlan told the audience of more than 400 business, government, and academic leaders that payment security must become more of a strategic priority for businesses. All organizations involved in the payments system need to invest in security, he said.

Maintaining trust is "emerging as one of the critical business issues of the 21st century," Coghlan said.

Visa is working on pilot programs to protect card security, including encryption and dynamically generated authorization information on payment cards, he said.

Copyright © 2007 IDG Communications, Inc.

How to choose a low-code development platform