News
News
3/8/2007
04:05 PM
Connect Directly
RSS
E-Mail
50%
50%

eBay Arms Its Site For Security

''Security on the Net is actually an arms race in its most classic form,'' says CEO Meg Whitman.

As threats against e-commerce mount, online auction site eBay is building up its arsenal of security technologies and tactics, president and CEO Meg Whitman said Thursday at Visa USA's security summit in Washington, D.C., adding, "Security on the Net is actually an arms race in its most classic form."

Phishing has been a huge challenge for eBay and its PayPal subsidiary, and it's crucial that they identify as quickly as possible fraudulent sites duping customers into providing their payment information. eBay and PayPal find out about many of these fraudulent sites from users, who can report suspicious sites to spoof@ebay.com or spoof@paypal.com. Once eBay and PayPal confirm a fraudulent site, they'll report that site to companies such as Mark Monitor that aggregate blacklisted sites and contact the site's ISP to have the site shut down.

While Whitman allowed that eBay isn't to blame for phishing scams, they've certainly become a big problem when as they've managed to erode trust in online transactions. The solution to phishing is, of course, to prevent customers from ever seeing an e-mail containing a phishing site. To help prevent Web users as a whole from being duped by phishing scams, eBay has worked with Microsoft to include anti-phishing features in the new Internet Explorer 7.

To ensure that legitimate eBay e-mails can accurately be identified, the company includes a digital signature on every one of the e-mails it sends. The company is encouraging ISPs to route only e-mails that contain this signature.

A further security measure eBay is pushing is a PayPal security key that creates a random transaction code used to authenticate a transaction, much like the key fabs offered by some banks. "It's a combination lock for your PayPal account," Whitman said. The PayPal security key has been in beta for about a month, and this beta version is available to any eBay user who requests one. The company has not determined when the keys will be generally available to all users and who will absorb the cost of buying and distributing the keys.

One of the first, and still the most efficient, outlets eBay offers to keep fraud in check is its online feedback system where buyers and sellers provide a system of checks and balances. "It works brilliantly because it's transparent," Whitman said, adding that eBay has stored every single feedback comment since the company launched in 1995; approximately 5 billion comments.

When Whitman took the helm of eBay in 1998, most payments were made using checks, money orders, and even cash sent via the mail. (That year, 8% of all merchandise sold on eBay were Beanie Babies). eBay's acquisition of PayPal in 2002 incorporated key payment system into eBay's strategy. eBay's goal is to expand PayPal so that its services are used by a greater number of large businesses--iTunes, Dell, and Hewlett-Packard already offer it as a payment option.

For eBay, which made its bones as an online community where people worldwide could buy and sell just about any product, trust is essential. "eBay is a level playing field where everyone has the same chance of success," Whitman said Thursday. In fact, "90% of those who conduct business using PayPal have less than $25,000 per year in sales."

eBay, which has 222 million users worldwide, has become a force in online sales. Whitman noted that a car is sold every minute via her company's site, which makes eBay the largest channel for used car sales in the world. But eBay's success is not a given. "These transactions require a lot of trust," she said.

Nothing diminishes trust faster stolen customer data, particularly when the thieves make off with payment account information that can be used to commit fraud. Whitman noted, however, that the merchants and other victims who are the targets of the attack are often the last to know about it. Bank card networks receive information about fraudulent transactions days and sometimes weeks before merchants do, and that's a major problem, Whitman says. eBay wants to know about fraudulent payment accounts before its users get stung by shipping goods but not receiving payment.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.