Paypal launches security token to combat fraud

Paypal, the largest Internet service providing secure online financial transactions, has launched a new security measure in a bit to cut down on fraud. Manufactured by Verisign, it’s a token that produces a six-digit security code to be used as part of the login process in addition to the user’s login name and password. All users will need to purchase a token in order to use their account.

The idea isn’t new – such types of token are already used by many businesses dealing in online transactions or remote access to networks.

Ebay

Paypal is most well known among the international Internet auction community (and owned by Ebay), where it’s used to process billions of transactions between buyers and sellers. Generally regarded as safe and secure, it has nonetheless been subject to various security attacks.

Phishing

Phishing has been a particular problem – where fraudulent emails appearing to originate from Paypal are sent to people asking them to divulge their login details. It is hoped that the extra measure of entering a security code at login will foil such attacks.

However, as is usually the case with new technology, the more sophisticated the security measure, the more sophisticated the fraudsters become at circumventing them. It therefore remains to be seen how effective this measure will be. Criticism has also been voiced over the $5 charge for the tokens.

The token has been launched initially in the United States as a trial, and Paypal intends to extend its rollout to the UK in the second half of 2007.