Comments on: PayPal Beefing Up Security with Password Key Fobs

By: Ryan

Ryan — Tue, 25 Sep 2007 01:10:50 +0000

airgle wrote:

PayPal has so many advanced security features to protect both buyers and sellers.

Yes, they do, but they need to because they are a big target for scams.

By: airgle

airgle — Mon, 24 Sep 2007 17:52:36 +0000

PayPal has so many advanced security features to protect both buyers and sellers.

By: purifier

purifier — Fri, 09 Feb 2007 00:48:05 +0000

I think this is a great idea for security protection, it’s very similar to HSBC bank device. I would feel more happy and safe if Paypal can issue one associated with my account.

By: Ryan

Ryan — Sun, 14 Jan 2007 05:57:32 +0000

It wouldn’t surprise me for Google to start teaming up with sites to offer a feature like this with Google Checkout. If Google did it then a lot of other companies would jump on the bandwagon as well.

By: The Slasher

The Slasher — Sun, 14 Jan 2007 01:29:50 +0000

Fobs will be a common thing for a lot of sites in the years to come, I bet. As far as I know it is tough to hack user/pass/fob combo.

By: Ryan

Ryan — Sat, 13 Jan 2007 20:24:07 +0000

That means the merchant must not have refunded the money properly, otherwise you wouldn’t have gotten charged. We ran a business for around 2-years on eBay and became overly familiar with PayPal. The refund process is simple but sometimes people try to send money instead of refunding it, which results in a fee being charged. It’s still pretty ridiculous but companies are always out to make a dime.

By: Fx Extension Guru

Fx Extension Guru — Sat, 13 Jan 2007 00:33:49 +0000

I had a premier account, which had them drop back down to a personal account after they charged 33% (33Â¢) fee for a $1 refund I got from a merchant.

By: BelchSpeak » New Phishing Tool- Pass-Thru Proxies

BelchSpeak » New Phishing Tool- Pass-Thru Proxies — Fri, 12 Jan 2007 20:37:12 +0000

[...] This type of attack would even bypass the newer authentication types I wrote about yesterday. It will also defeat Paypal’s new SecureID initiative.Â So how do you avoid it? Just don’t access any online accounts by clicking a link in your email. [...]

By: Ryan

Ryan — Fri, 12 Jan 2007 19:58:57 +0000

Fx Extension Guru wrote:

Nonetheless, I am not going to pay $5 for this thing. I don't use PayPal enough anyway to justify this.

Actually, I have what is considered a "Premier Account" and I think this is considered a business account. That means I will get it for free and activating the "Premier Account" doesn't cost you a thing. All that means is that you are able to accept credit card payments when you sell things on eBay and such. Of course, if you accept a credit card payment that also means that they will deduct fees and therefore earn money, which is probably why they require the business account. The Fob isn't available right now for ordering it says so I'm not sure if it will work for me for free, but I probably wouldn't use it anyways. I would still love to see other people do something similar like credit card companies and banks.

CoryC wrote:

# What if I lose or break my Security Key? You can still log in to your PayPal account if you lose or break your Security Key, or if you don't have it in your possession. Before you can log in, we will ask you to confirm your account ownership.
So basically, if you have access to the account you can turn it off. Correct me if I'm wrong but isn't that what phishing scams do, get the account information?

I'm sure they'll ask for information like what's the credit card number that they have on file ending in the digits XXXX, or something along those lines. But phishing scams can start asking for information that would help them answer those types of questions.

By: CoryC

CoryC — Fri, 12 Jan 2007 19:19:17 +0000

# What if I lose or break my Security Key?
You can still log in to your PayPal account if you lose or break your Security Key, or if you don’t have it in your possession. Before you can log in, we will ask you to confirm your account ownership.

So basically, if you have access to the account you can turn it off. Correct me if I’m wrong but isn’t that what phishing scams do, get the account information?