backtop

Gadgets PayPal to Offer Password Key Fobs
Nirav Sanghani (Blog) - January 12, 2007 11:00 AM
Print 21 comment(s) - last by billytown.. on Jan 14 at 12:38 PM

Courtesy of Dreamstime
Security that fits in your pocket...kind of like pepper spray, but digital

eBay is preparing to offer PayPal users more security by adding a password-generating key fob.  This will increase security of its online payment system.

The small hardware device generates a one-time password every 30 seconds.  When users opt to use this, they just enter the six digit code along with other personal information to login to the system.  This system is said to reduce data-phishing scams.

PayPal spokeswoman, Sara Bettencort, stated that "if a fraudulent party somehow got hold of a person's username and password, they still wouldn't be able to get into the account because they don't have the six-digit code."  On the other hand, she also claimed that this system would not completely annihilate fraud, but is "another layer of protection".

This type of system is already being used by large corporations to keep security checks on private corporate resources. Banks and brokerages offer this feature to high net worth clients.

The necessity of this system stems from the high amounts of data-phishing scams already taking place with eBay and PayPal.  Fake sites are set up to spam unsuspecting shoppers in order to steal their personal information.  Also, with eBay's block on Google Checkout, the online auctioneer giant has to update the security features for PayPal.

The cost of the PayPal security key will be $5 for personal eBay users, but will be free for businesses.  PayPal has been testing this system on employees for the past couple of months and plans on expanding into the public sector in the next month or so.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Sign me up!
By hubajube on 1/12/2007 11:04:18 AM , Rating: 2
I'll take it!!




RE: Sign me up!
By darkpaw on 1/12/2007 11:09:23 AM , Rating: 1
This will be a must have, especially for any business using paypal.


RE: Sign me up!
By TomZ on 1/12/2007 11:38:52 AM , Rating: 3
I don't see the point. Doesn't PayPal already have fraud protection? It seems to me that PayPal is charging consumers for a device that will only help protect PayPal from fraud losses. Why should consumers pay extra for that?


RE: Sign me up!
By OrSin on 1/12/2007 11:59:13 AM , Rating: 2
Because $5 is small price to pay to ensure you will not eb ripper off. Bank of America already offers it for thier business counts.

If you have this the chances of you getting your account hacked is 0. Unless you're dumb enough to put your username and password on the fob and then lose it. It make most scam almost meaningless.


RE: Sign me up!
By Tsuwamono on 1/12/2007 12:41:08 PM , Rating: 2
You know alot of people will.. my mother in laws Pin is written on the back of her bank card...


RE: Sign me up!
By CascadingDarkness on 1/12/2007 7:03:03 PM , Rating: 2
Makes me angry that everyone will eventually end up paying for thefts like this. I mean being redirected to a fake site that looks real is one thing (not via e-mail, I'm talking DNS poisoning). Being an idiot is another thing. I don't think everyone should be punished for other stupidity.


RE: Sign me up!
By phatboye on 1/13/2007 11:17:32 AM , Rating: 2
my guess is that Tomz has never had to file a fraud claim before. It's a hassle to get your money back. $5 is a small price to pay to help make it harder for you to have to go through that.


What will Google Checkout response be?
By SunAngel on 1/12/2007 11:55:18 AM , Rating: 1
Since GC intends to become a free service, will they have enough money to create a security service like Paypal? I am also curious to know if Google Checkout is a separte company from Google Internet. If so, GC revenue can't be up to snuff. Not enough to be able to survive off of advertising fees alone, at least not in the beginning. I only mention this because DailyTech commented to me in one of my previous posts that they (DailyTech) are totally separate from Anandtech. Thus, I assume, they are funded solely through advertising and if Anandtech didn't feel like they were getting a return on there investment in DailyTech, DT would be dropped. If the same analogy applies to Google Checkout, I would assume Google would just sell off the service to someone else instead of the continually loss of subscribers and revenue.




RE: What will Google Checkout response be?
By TomZ on 1/12/2007 1:29:15 PM , Rating: 2
Google's strategy with Checkout is the same as for Search: Create a compelling service that attracts a large number of "sticky" users (those that visit regularly). Then sell ads that are contextually targeted towards the large number of users. Seems like a no-brainer to me, especially since Google is flush with cash and can easily afford the up-front investment to build out a service like this ahead of receiving a revenue stream from it.


RE: What will Google Checkout response be?
By SunAngel on 1/12/2007 2:30:52 PM , Rating: 1
you confirmed my point, if i understood you correctly. separate companies can not willy-nilly move money between themselves. to transfer money between a parent's subisdary companies it has to be made in some form of a loan that requires repayment. with this being a legal requirement and with GC intent to become a free service, their advertising revenue must be at a point to break-even or they are immediately providing negative return to Google. obviously Google's stakeholders will not stand for this. i assume this is the reason ebay is separate from paypal to insulate itself from any legal issues that arise should paypal ever get compromised. however, if GC is a "service", then the legal "risks" for Google have increased substantially because of GC. some the worst crimes are crimes of money. the legal issues that surround money transactions is enoromous. apparently, paypal understands this. but they also charge fees. it just seems a little troublesome for GC that paypal is instituting something so extreme to verify its users with key faub encryption. i expect for GC to have some serious issues with identity and money theft.


By gramboh on 1/12/2007 6:00:26 PM , Rating: 2
Why does it matter if GC is a separate corp from Google? It would be a wholly owned subsidiary. Even with intercompany loans, the interest is never paid anyway there are offsets, it makes no difference and Google would never evaluate a project/investment on a breakeven basis in start-up phase (like GC is). That is just silly, you aren't thinking about it in the right context.


By TomZ on 1/12/2007 8:58:15 PM , Rating: 2
I don't get your point. But in the case of eBay/PayPal, PayPal was a company already when eBay purchased them. I don't know the corporate structure, however, that eBay implemented after the acquisition.

With Google and Checkout, AFAIK Checkout is not a separate company; it is just another service that Google is offering. I don't really get why Google stakeholders would be concerned about Checkout possibly losing money when it starts out. After all, that was the case with Google itself initially (same for many businesses just starting), and look at the results. How they have structured the business or handle the accounting is not relevant to outsiders, I think.


we use them
By ncage on 1/12/2007 12:48:43 PM , Rating: 2
We use them at my company for remote access. Seems to work pretty well. I think most of us are smart enough to not fall for most of the fishing attacks. Notice how i said "most" phishing attacks. The was one that almost tricked me. Do you remember when phishing attacks were using paypals on site? So when you opened the email you would actually see http://www.paypal.com/*

Well that one almost got me. I just finished selling something . I got an email that i had just been paid. I clicked on the link. I noticed something different about the form though. It was very very close. I don't remember what was different but it caused me to take notice. So i went to paypal.com and logged and noticed this guy had not paid me. It was a situation that almost caused me to be taken. I guess these people were looking at auctions that had just finished and sending out payment emails to the sellers and trying to trick them.




RE: we use them
By tcsenter on 1/12/2007 1:49:04 PM , Rating: 2
They still use the real PayPal domain in the 'friendly' URL name, but the link is actually to some other website. e.g.

The URL name reads http://www.paypal.com/ but the actual link is http://www.clickifyouarestupid.com


RE: we use them
By ncage on 1/12/2007 5:59:59 PM , Rating: 2
No that is not what im talking about. When you clicked on the link in the webbrowser and you looked at the URL in the browser it was http://www.paypal.com/*.....they were using paypals own site for phishing. There was major news about this about 4-6 months ago. I don't know how the acomplished this but there was news all over the net about it (slashdot,news.com, ect) unfortunatly i had not read the article before it happened.


$5 per ???
By Souka on 1/12/2007 9:17:43 PM , Rating: 2
is it a one time $5 charge?

or is it $5 per month, year, etc?


Also.... cost of replacement fob?





RE: $5 per ???
By Souka on 1/12/2007 9:23:11 PM , Rating: 2
Nevermind... found it on paypal's website

"There is a one-time non-refundable fee of $5.00 USD.* After that, there’s no monthly fee or recurring charge – your extra layer of security is free"

(link to page with security key...but ya gotta login). You can manually get there but looking under the security center section as well.

http://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cp...


RE: $5 per ???
By Souka on 1/12/2007 9:28:43 PM , Rating: 2
oh yeah....the virtual debit card is another free tool that is good too.

One time use credit card# for online purchases (whereever Mastercard is accepted).

(u will need to login also to paypal as well)
http://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-i...



Just another cash grab
By tungtung on 1/13/2007 7:01:02 PM , Rating: 2
To me it just looked like another cash grab not to mention an attempt to further undermine the security of Google Checkout. To be honest, I've been cheated several times through eBay and Paypal just outright refuse to pay me back, and their claim that the other person's balance is empty, to me just make no sense. Not to mention a friend of mine got scammed by someone, and Paypal actually "helped" scam him by not giving him any warning that they want more documentation from him (long story but to make it short, Paypal lied to him and cheated him of close to $1500).

Not to mention their fee structure is just outrageous, and their security is just a joke. Oh not to mention, yea it changed every 30 seconds, what if the person is just a slow typer or someone whose vision is not as good as the rest of us. Can't they just make the thing plug through the computer using USB port or something.

Personally I don't think it will take too long for hackers and scammers to figure out how these things worked.




By LazLong on 1/13/2007 11:27:41 PM , Rating: 2
Let's see, one for work, one for my bank, one for each of my investment companies, and now one for PayPal. First there was password overload, now fob overload. Geezus, this is ridiculous!




By billytown on 1/14/2007 12:38:34 PM , Rating: 2
I've been using MyPW on my Spam Arrest account, Home & Office computer for the last couple of months.

They have developed an API that allows the same One-Time-Password token to be at as many locations that use the service.

http://www.mypw.com is pretty cool and its cheap to setup.




"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton











botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki