New PayPal Passwords Hinder Phisher Attacks

PayPal will soon be offering users a new tool to protect against malicious phishing attacks.

The PayPal Security Key is a small electronic device that generates a new six-digit password every 30 seconds. PayPal users with the Security Key will use their original passwords as well as the password generated on the device in order to sign into their accounts. (Source: pcworld.com)

"If a fraudulent party somehow got hold of a person's username and password, they still wouldn't be able to get into the account because they don't have the six-digit code," says PayPal spokesperson Sara Bettencourt. "This by no means is a silver bullet that is going to stop fraud. This is just another layer of protection." (Source: news.com)

The PayPal Security Key will cost $5 for personal accounts and will be free for business accounts. PayPal has been testing the security device with employees for a couple of months. The company plans to begin trials with customers in the U.S., Germany and Australia in the next month or so, and would like to expand to include other countries in the future. (Source: news.com)

More online companies have been adding a second layer of authentication in recent years. New federal guidelines which require more stringent authentication practices have also pushed companies in this direction. (Source: pcworld.com)

Then again, companies may not need a legal incentive to increase security -- the financial incentive for doing so is massive. Research company Gartner estimates that phishing attacks cost U.S. financial institutions about $2.8 billion US in 2006. The average loss per attach was $1,244 US, an almost five-fold increase from the average of $256 US in 2005. (Source: pcworld.com)

While security is an unrelenting concern for all websites with online transactions, it's an even larger concern for PayPal. Security researcher Michael Sutton studied Google's public blacklist of phishing sites and discovered that almost half of all active phishing website target either eBay or PayPal. (Source: news.com)

With the threat so prevalent, it's nice to know that there is another tool to keep phishers out of PayPal waters.