PayPal wages war on phishing

PayPal is stepping up its battle against phishing with new technology and by collaborating with others in the industry.

Speaking at the RSA security conference in San Francisco this week, Michael Barrett, PayPal's chief information security officer, outlined the company's strategy for dealing with the phishing problem.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

As one of largest secure online payment providers, Barrett said PayPal needs to step up efforts to stamp out the phishing problem - not just to protect customers but also the internet as a whole.

He said: "We know we're always going to be an attractive target for criminals. But what I don't want is PayPal to be protected and the rest of the industry not. Phishing could be solved, there's no need for it to happen."

According to Gartner, 3.3 per cent of the 124 million people who received phishing emails in 2007 were duped and lost money.

PayPal is taking a three-pronged approach to tackling phishing using education, technology and partnerships.

Barrett equated the current situation in educating consumers to the early years of the car industry when the benefits of rules of the road and safety had not been fully realised.

He said: "I would say we're at the same stage on the internet. I think we probably have another decade of consumer education ahead of us."

PayPal has brought in a number of tech solutions including digital email signatures - something that the company now does with 100 per cent of its outbound emails.

Currently PayPal is also focusing on an approach where ISPs block emails seemingly sent from PayPal that don't have the correct digital signature.

The company is doing this with Yahoo! since autumn last year and so far it has blocked 50 million phishing emails from reaching customer inboxes.

But Barrett said other measures are needed such as email certification.

The warning systems on browsers such as Microsoft's Internet Explorer 7 - which indicates whether sites are trustworthy - are also helping to stop people clicking through to phishing sites, Barrett added.

But he stressed that partnerships are also key in the fight against phishing. "The saying 'united we stand, divided we fall' couldn't be clearer in this area," he said.

PayPal works with owner eBay along with AOL, Google, Verisign, Yahoo! and various government bodies.

Barrett said: "The internet is a global medium and we need to be running it in a much more unified way."