eBay Arms Its Site For Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

eBay Arms Its Site For Security

''Security on the Net is actually an arms race in its most classic form,'' says CEO Meg Whitman.

As threats against e-commerce mount, online auction site eBay is building up its arsenal of security technologies and tactics, president and CEO Meg Whitman said Thursday at Visa USA's security summit in Washington, D.C., adding, "Security on the Net is actually an arms race in its most classic form."

Phishing has been a huge challenge for eBay and its PayPal subsidiary, and it's crucial that they identify as quickly as possible fraudulent sites duping customers into providing their payment information. eBay and PayPal find out about many of these fraudulent sites from users, who can report suspicious sites to [email protected] or [email protected] Once eBay and PayPal confirm a fraudulent site, they'll report that site to companies such as Mark Monitor that aggregate blacklisted sites and contact the site's ISP to have the site shut down.

While Whitman allowed that eBay isn't to blame for phishing scams, they've certainly become a big problem when as they've managed to erode trust in online transactions. The solution to phishing is, of course, to prevent customers from ever seeing an e-mail containing a phishing site. To help prevent Web users as a whole from being duped by phishing scams, eBay has worked with Microsoft to include anti-phishing features in the new Internet Explorer 7.

To ensure that legitimate eBay e-mails can accurately be identified, the company includes a digital signature on every one of the e-mails it sends. The company is encouraging ISPs to route only e-mails that contain this signature.

A further security measure eBay is pushing is a PayPal security key that creates a random transaction code used to authenticate a transaction, much like the key fabs offered by some banks. "It's a combination lock for your PayPal account," Whitman said. The PayPal security key has been in beta for about a month, and this beta version is available to any eBay user who requests one. The company has not determined when the keys will be generally available to all users and who will absorb the cost of buying and distributing the keys.

One of the first, and still the most efficient, outlets eBay offers to keep fraud in check is its online feedback system where buyers and sellers provide a system of checks and balances. "It works brilliantly because it's transparent," Whitman said, adding that eBay has stored every single feedback comment since the company launched in 1995; approximately 5 billion comments.

When Whitman took the helm of eBay in 1998, most payments were made using checks, money orders, and even cash sent via the mail. (That year, 8% of all merchandise sold on eBay were Beanie Babies). eBay's acquisition of PayPal in 2002 incorporated key payment system into eBay's strategy. eBay's goal is to expand PayPal so that its services are used by a greater number of large businesses--iTunes, Dell, and Hewlett-Packard already offer it as a payment option.

For eBay, which made its bones as an online community where people worldwide could buy and sell just about any product, trust is essential. "eBay is a level playing field where everyone has the same chance of success," Whitman said Thursday. In fact, "90% of those who conduct business using PayPal have less than $25,000 per year in sales."

eBay, which has 222 million users worldwide, has become a force in online sales. Whitman noted that a car is sold every minute via her company's site, which makes eBay the largest channel for used car sales in the world. But eBay's success is not a given. "These transactions require a lot of trust," she said.

Nothing diminishes trust faster stolen customer data, particularly when the thieves make off with payment account information that can be used to commit fraud. Whitman noted, however, that the merchants and other victims who are the targets of the attack are often the last to know about it. Bank card networks receive information about fraudulent transactions days and sometimes weeks before merchants do, and that's a major problem, Whitman says. eBay wants to know about fraudulent payment accounts before its users get stung by shipping goods but not receiving payment.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll