PayPal introduces SMS-based authentication
24 November 2008 | 7286 views | 0
Person-to-person online payments outfit PayPal has introduced an optional SMS text message-based two factor authentication system for customers logging into their accounts.
The PayPal SMS Security Key sends a six-digit code to users' mobile phones before they log in to their accounts. The customer then uses the code, along with their username and password, to sign in.
The system uses the same infrastructure as PayPal's Security Key offering. Developed by VeriSign and rolled out in the US last year, this provides customers with a small authentication token which displays a new one-time six-digit password every 30 seconds.
Michael Barrett, chief information security officer, PayPal, says: ""PayPal was built from the ground up with security in mind, and we've always been committed to using cutting-edge technology to protect our customers' accounts. Now, we're taking the additional protection provided by two-factor authentication and delivering it to something most people don't leave home without - their mobile phones."
Both the SMS code and security token systems are available to PayPal customers in the US, Australia, Austria, Canada and Germany.
PayPal says it does not charge for delivery of security codes to handsets but the mobile provider's standard text messaging charges will apply.
The firm has been a popular target for cybercriminals. Back in 2006 IT security firm Sophos reported that over 75% of all phishing e-mails were aimed at users of PayPal or its parent company eBay.