Sony Brings the Bling with Swarovski Photoframe

PayPal May Require Anti-Phishing Browsers

A white paper from Paypal outlines an anti-phishing strategy in which the company would ban browsers that don't support specific anti-phishing technologies.

In a new white paper prepared for the recent RSA Conference, PayPal chief information security officer Michael Barrett and colleague Dan Levy wrote a paper (PDF) outlining a multi-part strategy for PayPal to combat phishing attacks. The paper proposes PayPal stop supporting browser that do not implement Extended Validation certificates (EV-SSL)—which would mean PayPal could stop supporting “unsafe” browsers including versions of Internet Explorer before IE7, early versions of FireFox, and current versions of Apple’s Safari Web browser (the default browser for Mac OS X, which Apple is now pushing to Windows users via iTunes).

“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts,” the authors wrote in the white paper.

The paper outlines a graduated strategy whereby users with browser supporting the required technology would be able to conduct transactions via PayPal normally, users with the previous major release of a browser would be allowed to conduct transactions only after explicitly bypassing a warning, and users of still-older browsers would be disallowed entirely.

Barrett has previously criticized Safari for not supporting EV-SSL and for not offering anti-phishing filters that warn users when they attempt to connect to known phishing sites. Usability studies haven’t shown that anti-phishing warnings are effective without user training, but Barrert believes that the “green bar” of a validated site provides a clear visual cue users will understand when they land on a validated site.

Currently, only Internet Explorer 7 supports EV-SSL; Firefox 3.0 plans to support it, as does Opera. Apple hasn’t made any comment on when (or if) Safari might support EV-SSL or anti-phishing services.

In a statement, PayPal says it only plans to develop features that block customers from logging in using “obsolete browsers on outdated or unsupported operating systems”—it offers IE4 on Windows 98 as an example—and says it would not block current versions of any browser, including Apple’s Safari.

Related Posts

Trackback URL: http://www.digitaltrends.com/computing/paypal-may-require-anti-phishing-browsers/trackback/

blog comments powered by Disqus

Join The Digital Trends Community

DT RSS Feed

Everyone wants to be an insider, and you can be one too! Choose your poison: sign-up for our Newsletter, join us on Facebook, or follow us on Twitter. Do all three and you'll be swimming in the the latest news, reviews, videos and more gadget goodness!

DT Newsletter Sign-Up

Sign-up for the Digital Trends newsletter and find out about the latest contests, the hottest content, and the most popular videos. Let us keep you up-to-date!

Our Facebook

Become a DT soldier! Join us on Facebook and share the best news, guides, videos and other cool information directly with all your friends. Some might even thank you for it!

Join the thousands and follow the best of us on Facebook.

Twitter Us

Do you like information in small snippets? Then our Twitter feed is just for you. Follow Digital Trends and you'll be able to catch up daily on our latest content, or even interact directly with our team. Tweet Tweet!

Join the thousands and follow the best of us on Twitter.

That’s Right, Sign-up For Our Monthly Random Prize Drawings and You Could Be That Winner.