PayPal is seriously considering blocking some browsers from accessing its site, according to a
paper (PDF) available to shareholders.
Titled "A Practical Approach to Managing Phishing," the paper admits
that there's no one silver bullet to prevent fraudsters from making
money on the Internet. However, authors Michael Barrett, PayPal's chief
information security officer, and Dan Levy, the company's senior
director of risk management for Europe, say companies could and should
start addressing five specific areas:
Prevent fraudulent e-mail from getting into users' in-boxes
Prevent phishing sites by shutting them down
Authenticate users so that stolen credentials can't be used on PayPal
Prosecute fraudsters to the full extent of the law
Focus on brand and consumer recovery
Of these, the paper focuses mainly on e-mail prevention and
phishing-site blocking. For e-mail prevention, the authors cite Yahoo
Mail as an example and point to its use of domain keys to identify
legitimate and illegitimate mail marked as coming from PayPal.
Most controversial is the idea of blocking "unsafe" browsers, or
browsers that do not currently include antiphishing tools. PayPal says
it would first notify users when they log in if they are using an
unsafe browser. Later, PayPal would simply block the use of the browser
entirely.
PayPal is interested in enforcing new Extended Verification
SSL certificates used by Internet Explorer 7 and the upcoming Mozilla
Firefox 3. EV SSL highlights the address bar in green when the site has
been certified. Other browsers, such as Apple Safari and Opera, do not
currently include these protections.
Browsers not on the desktop could also be barred. On Monday, researchers cited
the Apple Safari browser on the iPhone and Nintendo's use of the Opera
on its DS and Wii gaming systems as lacking adequate antiphishing
protection.
Form : http://www.news.com/
