Ebay and Paypal are gearing up to offer customers an increased security measure when logging into their Paypal account to further avoid data theft from phishing scams.
In the near future, password generating gadget can be used in conjunction with existing login credentials when signing into a Paypal account. The key fob generates a new 6-digit password about every 30 seconds. This password is synchronized with a server that verifies that the every-changing code is the same at the time of authentication. Verisign currently offers the same type of two-factor authentication security to customers through their Unified Authentication Token product.
Phishing scams involve a would-be thief making a site that appears exactly like a legitimate site such as Paypal, and then sending out spam emails drawing people to the fake look-a-like site, and asking consumers to “verify” their login and/or credit card information. If fooled, consumers enter their information into the fake web site and the thieves gather and use the data. Since the code changes frequently, any data given to the phishing website would be useless 30 seconds later.
“If a fraudulent party somehow got hold of a person’s username and password, they still wouldn’t be able to get into the account because they don’t have the six-digit code,” Sara Bettencourt, a PayPal spokeswoman, according to ZDNet. “This by no means is a silver bullet that is going to stop fraud. This is just another layer of protection.”
Paypal plans to begin offering the Security Key early this year, and although the website has a link to order, once logged in it says that the Security Key is not yet available. Paypals website also states that the security key fob will cost one-time charge of $5 (USD), and “…your extra layer of security is free.”