eBay, PayPal Have Key To Security

The PayPal Security Key will cost users a one-off charge of $5. It is a small electronic device that generates a unique six-digit security code every 30 seconds.

Users enter the unique code whenever they log in to their PayPal or eBay account, as well as their regular user name and password. Because the numbers on the device change continually, the code used to sign in expires in seconds. Even if a scammer managed to get hold of a username and password, they would not be able to access an account protected by the PayPal Security Key.

Use of the key is not mandatory, but the majority of comments on eBay forums seems to indicate that most users welcomed the new technology, but some are not happy with the charge. The key is free to business users.

The higher level of security should drastically cut the success rate of phishing attempts. Both eBay and PayPal have been subjected to a surge in phishing rates, facilitated by constantly changing tools available to cybercrooks that make their attempts more sophisticated and profitable. Gartner estimates that phishers cost U.S. financial institutions around US$2.8 billion last year. The average loss per phishing attack was US$1,244, up from US$256 in 2005.

Phishing protection is readily available. Companies such as Symantec and McAfee sell anti-phishing software and the latest versions of Firefox and Internet Explorer include phishing shields.

The PayPal Security Key is currently being beta tested by employees. In the meantime a FAQ is available.

Tags: code, eBay, PayPal, phishing, security