PayPal to Offer Users Security Key

PayPal to Offer Users Security Key

Techtree News Staff, Jan 15, 2007 1743 hrs IST

The online payment system, PayPal, is soon going to give its users a password-generating key fob, meant as a weapon against data-thieving phishers...

The online payment system, PayPal, is soon going to give its users a password-generating key fob, meant as a weapon against data-thieving phishers, and as a way to protect users' payments over the Internet.

eBay, which owns PayPal, is coming out with a new electronic security key that can actually be clipped on to a keychain, and that displays a new one-time password in the form of a six-digit code about every 30 seconds.

The key will give users another layer of security for their accounts, and users who sign up for the device will need to enter their regular passwords as well as the number displayed on the key whenever they log on to the online payment service. As the numeric password changes so frequently, phishers will end up with obsolete numeric passwords, and will be unable to empty PayPal accounts. In this way, if a user does become a victim of a phishing scam, and gives away his/her password, the phishers cannot empty the user's account because of the constantly changing password.

According to Sara Bettencourt, spokeswoman for PayPal, if a fraudulent party somehow gets hold of a person's username and password, they still would not be able to get into the account because they don't have the six-digit code. This is just another layer of protection.

The system, based on security firm VeriSign's One-Time Password Token product, is now being tested by PayPal, and the firm will come up with a beta version for users in the US, Germany, and Australia in February this year. And towards the latter half of the year, the company will offer the device to all users of the payment system.

It is also learnt that this security key could be an important tool for PayPal, whose Web site is frequently spoofed by phishers looking to steal user account information.

Meanwhile, the PayPal security key will be offered free to business accounts, while the company will charge $5 (Rs 221 approx) for individual users. Bettencourt said that PayPal has been testing the device with employees for a couple of months, and plans to start trials with customers in the next month or so.



(All fields are mandatory.)

Text Limit = 255 Characters

Type the characters you see in the picture below.

#

Characters are not case sensitive.

USER COMMENTS

Why should we have to pay for this? They are other systems already out there. Which they could easily use and make it free.

by Kieren Parkinso, England, UK, on Jan 24, 2007 01:54 AM, Report abuse   Reply

with over 40 million TPM chips in laptops it is absurd Ebay would charge for security when they could use your TPM (trusted Platform Module) and it would be free. The security would be better as well!!

by s sprague, richmond ma, on Jan 16, 2007 05:05 AM, Report abuse   Reply

Time sync? Thats not the most secure of these types of tokens - if the attack is planned out well enough you can still 'man in the middle' one of these authentication requests. You need to use event synchronous tokens so that one password can only be used once and not for a specified period of time.

by B.Coughlin, Saint Paul, on Jan 15, 2007 11:51 PM, Report abuse   Reply

Great idea! Anything to defeat the low brow, lazy, unsociable, createns of the world. I will now do more business with Pay-Pal from now on.

by D. Fairchild, Richmond, on Jan 15, 2007 10:56 PM, Report abuse   Reply

Yeh It is a good solution but I wonder how many keyfobs a user will have to carry if all comapnies start it. I am alreday using one by HSBC if all my banks start it > i will have to carry all of them. Hardly seeems practical

by Anil, Pune, on Jan 15, 2007 09:32 PM, Report abuse   Reply

Close[x]