PayPal Plans to Ban Unsafe Browsers

Tags:  security  SSL  spam  Internet Explorer  Firefox  Apple  Microsoft  PayPal  THUS 

  • By theWHIR.com , April 18, 2008

  •   Digg
      Delicious
    submit to reddit  Reddit
      Newsvine
      Stumbleupon
      Twitter
    Facebook

    (close)

    From:
    To:
    Share | Send | Print | Comments (1)

Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.

April 18, 2008 -- (WEB HOST INDUSTRY REVIEW) -- Online payment service PayPal (paypal.com) announced on Thursday that it is working on a plan to block users from making transactions from "unsafe" Web browsers.

According to reports by eWeek, PayPal has released a white paper that outlines a five-pronged action plan aimed at slowing down the phishing epidemic. Part of this plan is to block any transactions from going through on browsers that don't support EV SSL certificates.

PayPal's chief information security officer Michael Barrett says letting users view the PayPal site on a browser that doesn't have anti-phishing protection is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.

Some of the browsers PayPal is looking at blocking are old, out-of-support versions of Microsoft's Internet Explorer. However, eWeek says it's clear that Barrett's warning of unsafe browsers extends to Apple's Safari browser, which offers no anti-phishing protection and doesn't support the use of EV SSL certificates.

Firefox and Opera have announced that they will be offering support for EV SSL in their upcoming releases. It is unknown whether Safari will be offering EV SSL support in the near future.

PayPal says it is also recommending the use of blacklists and anti-fraud warning pages as effective technologies to help protect consumers from identity theft fraud.

Another recommendation outlined in the PayPal white paper is the "creative use of new email signing standards and cooperation with major ISPs to block unsigned email" that looks to be from PayPal, but isn't, before it even reaches the customers.

Barrett says that if phishmail never makes it into a customer's inbox, the customer cannot become a victim. Thus, ISPs need to adopt technologies to block fraudulent emails at the network edge. PayPal recommends installing anti-phishing and anti-spam technologies, like DomainKeys and Sender Policy Framework.

This has already been implemented by Yahoo, which has seen more than 50 million phishmail messages blocked within the first few months as well as a decrease in the number of attempts to spoof PayPal in Yahoo Mail, meaning fraudsters are being deterred from even trying to send scams through Yahoo, says PayPal.

OLDER:  SingleHop Offers New Server Line | NEWER:  Go Daddy Girl Takes IndyCar Win

Comment anonymously or log into your WHIR account

Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

User:

Pass:

(reset password)

Don't have an account yet? Register now!


 

Comment by Anonymous on Friday, April 18, 2008

A simple solution ....... use OpenDNS ... it's free and it works. Go to www.opendns.com

"no" I do not work for OpenDNS

Related Content

Most Popular