PayPal to issue Verisign authentication devices to account holders
15 January 2007 | 8747 views | 0
Person-to-person payments outfit PayPal is to begin distributing keyring-sized authentication devices for customer use alongside regular user IDs and passwords.
The device, which has been been developed by digital security firm Verisign, displays a new one-time password in the form of a six-digit code every 30 seconds.
PayPal has been piloting the authentication device with employees and expects to start trials with customers in the next month. According to press reports the key ring will cost US$5 for personal PayPal accounts, but will be free for business customers.
The device is designed to protect customers against fraudulent phishing scams. Research released by IT security firm Sophos in August last year found that over 75% of all phishing e-mails target users of PayPal or its parent company eBay. A separate study conducted by Gartner also found that cyber criminals are shifting away from attacking online banks directly and are targeting brands such as PayPal and eBay more often.
PayPal spokeswoman Sara Bettencourt told reporters the new device will provide customers with "another layer of protection" so if a fraudulent party got hold of a person's username and password, they still wouldn't be able to get into the PayPal account.