''Security on the Net is actually an arms race in its most classic form,'' says CEO Meg Whitman.
As threats against e-commerce mount, online auction site eBay is building up its arsenal of security technologies and tactics, president and CEO Meg Whitman said Thursday at Visa USA's security summit in Washington, D.C., adding, "Security on the Net is actually an arms race in its most classic form."
Phishing has been a huge challenge for eBay and its PayPal subsidiary, and it's crucial that they identify as quickly as possible fraudulent sites duping customers into providing their payment information. eBay and PayPal find out about many of these fraudulent sites from users, who can report suspicious sites to firstname.lastname@example.org or email@example.com. Once eBay and PayPal confirm a fraudulent site, they'll report that site to companies such as Mark Monitor that aggregate blacklisted sites and contact the site's ISP to have the site shut down.
While Whitman allowed that eBay isn't to blame for phishing scams, they've certainly become a big problem when as they've managed to erode trust in online transactions. The solution to phishing is, of course, to prevent customers from ever seeing an e-mail containing a phishing site. To help prevent Web users as a whole from being duped by phishing scams, eBay has worked with Microsoft to include anti-phishing features in the new Internet Explorer 7.
To ensure that legitimate eBay e-mails can accurately be identified, the company includes a digital signature on every one of the e-mails it sends. The company is encouraging ISPs to route only e-mails that contain this signature.
A further security measure eBay is pushing is a PayPal security key that creates a random transaction code used to authenticate a transaction, much like the key fabs offered by some banks. "It's a combination lock for your PayPal account," Whitman said. The PayPal security key has been in beta for about a month, and this beta version is available to any eBay user who requests one. The company has not determined when the keys will be generally available to all users and who will absorb the cost of buying and distributing the keys.
One of the first, and still the most efficient, outlets eBay offers to keep fraud in check is its online feedback system where buyers and sellers provide a system of checks and balances. "It works brilliantly because it's transparent," Whitman said, adding that eBay has stored every single feedback comment since the company launched in 1995; approximately 5 billion comments.
When Whitman took the helm of eBay in 1998, most payments were made using checks, money orders, and even cash sent via the mail. (That year, 8% of all merchandise sold on eBay were Beanie Babies). eBay's acquisition of PayPal in 2002 incorporated key payment system into eBay's strategy. eBay's goal is to expand PayPal so that its services are used by a greater number of large businesses--iTunes, Dell, and Hewlett-Packard already offer it as a payment option.
For eBay, which made its bones as an online community where people worldwide could buy and sell just about any product, trust is essential. "eBay is a level playing field where everyone has the same chance of success," Whitman said Thursday. In fact, "90% of those who conduct business using PayPal have less than $25,000 per year in sales."
eBay, which has 222 million users worldwide, has become a force in online sales. Whitman noted that a car is sold every minute via her company's site, which makes eBay the largest channel for used car sales in the world. But eBay's success is not a given. "These transactions require a lot of trust," she said.
Nothing diminishes trust faster stolen customer data, particularly when the thieves make off with payment account information that can be used to commit fraud. Whitman noted, however, that the merchants and other victims who are the targets of the attack are often the last to know about it. Bank card networks receive information about fraudulent transactions days and sometimes weeks before merchants do, and that's a major problem, Whitman says. eBay wants to know about fraudulent payment accounts before its users get stung by shipping goods but not receiving payment.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.