PayPal is in the process of beefing up their security by offering a password key fobs to users. They have been a favored target of phishers for a long time. Recently, a security researcher found that about half of all phishing sites target either eBay or PayPal. Clearly, extra protection would definitely be a welcome addition to the standard password, and much needed.
This one-time password is a six digit code that changes every 30 seconds. It would work by users entering their typical login and password, and then additionally entering in the generated code which acts as an extra layer of protection. PayPal has been testing this with their employees for a couple of months now, and they expect consumer trials to begin next month.Users will sign up via a special website that will be available in the U.S., Germany, and Australia. Eventually they plan to expand this program to other countries as well.
This key fob will be $5 for personal accounts and free for business accounts. Even $5 for some of those personal account holders may be enough to keep them from using this protection. It would be nice if PayPal offered this as a free service for anybody that wanted to use it. As of the end of September, there were 123 million PayPal accounts! With that many accounts, just think about the number of transactions that are handled each day, but also the fraudulent transactions as well.
Back in 2005, eBay entered into a partnership with Security Technology Company VeriSign. This code generator is based on technology from them. Many financial firms already use this type of security, so it’s great to see PayPal taking an extra step to protect all of those 123 million accounts. The ones that pay the 5 dollars anyways…
PayPal Security Key FAQ and View Demo
News Source: News.com
That’s great and all, but what’s to stop the hackers from cracking this baby open and learning the randomizer sequence?
not only that, but will the battery be replaceable? It would kinda suck to be SOL getting something and you can’t use your code because the battery died.
Good point on the hackers. As for the battery, per the FAQs:
Nonetheless, I am not going to pay $5 for this thing. I don’t use PayPal enough anyway to justify this.
So basically, if you have access to the account you can turn it off. Correct me if I’m wrong but isn’t that what phishing scams do, get the account information?
Actually, I have what is considered a “Premier Account” and I think this is considered a business account. That means I will get it for free and activating the “Premier Account” doesn’t cost you a thing. All that means is that you are able to accept credit card payments when you sell things on eBay and such. Of course, if you accept a credit card payment that also means that they will deduct fees and therefore earn money, which is probably why they require the business account. The Fob isn’t available right now for ordering it says so I’m not sure if it will work for me for free, but I probably wouldn’t use it anyways. I would still love to see other people do something similar like credit card companies and banks.
I’m sure they’ll ask for information like what’s the credit card number that they have on file ending in the digits XXXX, or something along those lines. But phishing scams can start asking for information that would help them answer those types of questions.
I had a premier account, which had them drop back down to a personal account after they charged 33% (33¢) fee for a $1 refund I got from a merchant.
That means the merchant must not have refunded the money properly, otherwise you wouldn’t have gotten charged. We ran a business for around 2-years on eBay and became overly familiar with PayPal. The refund process is simple but sometimes people try to send money instead of refunding it, which results in a fee being charged. It’s still pretty ridiculous but companies are always out to make a dime.
Fobs will be a common thing for a lot of sites in the years to come, I bet. As far as I know it is tough to hack user/pass/fob combo.
It wouldn’t surprise me for Google to start teaming up with sites to offer a feature like this with Google Checkout. If Google did it then a lot of other companies would jump on the bandwagon as well.
I think this is a great idea for security protection, it’s very similar to HSBC bank device. I would feel more happy and safe if Paypal can issue one associated with my account.
PayPal has so many advanced security features to protect both buyers and sellers.
Yes, they do, but they need to because they are a big target for scams.