April 18, 2008 -- (WEB HOST INDUSTRY REVIEW) -- Online payment service PayPal (paypal.com) announced on Thursday that it is working on a plan to block users from making transactions from "unsafe" Web browsers.
Level 1 PCI DSS Certified Service Provider! DataPipe delivers the best network & support; top tier data centers; New York metro, Silicon Valley, London, Hong Kong, Shanghai. DataPipe - Personal Touch, Global Reach.
According to reports by eWeek, PayPal has released a white paper that outlines a five-pronged action plan aimed at slowing down the phishing epidemic. Part of this plan is to block any transactions from going through on browsers that don't support EV SSL certificates.
PayPal's chief information security officer Michael Barrett says letting users view the PayPal site on a browser that doesn't have anti-phishing protection is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.
Some of the browsers PayPal is looking at blocking are old, out-of-support versions of Microsoft's Internet Explorer. However, eWeek says it's clear that Barrett's warning of unsafe browsers extends to Apple's Safari browser, which offers no anti-phishing protection and doesn't support the use of EV SSL certificates.
Firefox and Opera have announced that they will be offering support for EV SSL in their upcoming releases. It is unknown whether Safari will be offering EV SSL support in the near future.
PayPal says it is also recommending the use of blacklists and anti-fraud warning pages as effective technologies to help protect consumers from identity theft fraud.
Another recommendation outlined in the PayPal white paper is the "creative use of new email signing standards and cooperation with major ISPs to block unsigned email" that looks to be from PayPal, but isn't, before it even reaches the customers.
Barrett says that if phishmail never makes it into a customer's inbox, the customer cannot become a victim. Thus, ISPs need to adopt technologies to block fraudulent emails at the network edge. PayPal recommends installing anti-phishing and anti-spam technologies, like DomainKeys and Sender Policy Framework.
This has already been implemented by Yahoo, which has seen more than 50 million phishmail messages blocked within the first few months as well as a decrease in the number of attempts to spoof PayPal in Yahoo Mail, meaning fraudsters are being deterred from even trying to send scams through Yahoo, says PayPal.
A simple solution ....... use OpenDNS ... it's free and it works. Go to www.opendns.com
"no" I do not work for OpenDNS posted by: OpenDNS User | April 18, 2008 12:48PM
