The payment site said it will refuse browsers that lack the latest technology for blocking phishing sites and do not support Extended Validation Certificates.

Antone Gonsalves, Contributor

April 18, 2008

2 Min Read

As part of an effort to combat phishing, PayPal plans to block older versions of Internet Explorer and Firefox and other "unsafe" browsers from accessing the online payment site.

In a paper released at an RSA security conference this month in San Francisco, PayPal said there is a significant number of site visitors using browsers as old as Internet Explorer versions 3 and 4, released in August 1996 and September 1997, respectively. Such "unsafe browsers" lack the latest technology for blocking phishing sites and do not support Extended Validation Certificates, which are digital certificates that establish Web sites as trusted during online transactions.

Phishing is a deceptive practice used by Web criminals to acquire personal information, such as user names, passwords and credit card details. Phishers often pose as legitimate businesses in emails to lure victims to fraudulent sites where they are asked to input their personal data. Phishers also use Web sites with URLs similar to legitimate sites, hoping that a person will misspell the address and end up at the fraudulent site. PayPal is among the favorite targets of phishers, along with eBay and online banks.

"At PayPal, we are in the process of re-implementing controls, which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe," the eBay-owned payment service said. "Later, we plan on blocking customers from accessing the site from the most unsafe -- usually the oldest -- browsers."

PayPal in February warned people that Apple's Safari browser didn't have the necessary security to protect Web users and recommended the latest versions of Microsoft's Internet Explorer and Mozilla's Firefox. Safari is the default browser in Apple Macintosh computers and in the iPhone smartphone.

To beef up its own security, PayPal this year acquired Fraud Sciences for $170 million in cash. PayPal planned to use the company's online risk and security tools to enhance the fraud management systems of both PayPal and eBay. Fraud Sciences' risk tools and analytics would be targeted at accelerating the development of advanced fraud detection tools, PayPal said.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights