- Microsoft will float cloud OS this month
- Top 16 Chinese iPhoneys
- Pimp your ride: Cool car technology
- Laptop stolen from McCain campaign
- Cisco, Microsoft roll out server, networking appliance
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Value of WDS
It’s the front lines in the online fraud war: eBay and its PayPal subsidiary are the most-spoofed brands by fraudsters engineering phishing scams, according to research firm Gartner. Mike Vergara, senior director of accounts protection at PayPal, is a foot soldier in that war, contributing to the company’s efforts to defend hundreds of millions of eBay and PayPal customers. Vergara recently discussed the e-commerce giant’s anti-fraud strategy with Network World Senior Editor Ellen Messmer.
Read how a new e-mail authentication standard has the backing of some big vendors.
What have eBay and PayPal been doing to fight online fraud attempts?
To keep over 141 million PayPal accounts safe, we went live last June with our Security Key for two-factor authentication. I'm not free to tell you the exact numbers of people using this security token, but I can say it’s been well accepted.
What’s the latest thinking about combating phishing aimed at eBay and PayPal customers?
We need better e-mail authentication, and for that we support the standard called DomainKeys Identified Mail, [which provides] for cryptographic signing of a piece of e-mail, to see where it came from. But there are two different standards for this, with another called Sender ID SPF, which Microsoft supports. So we support both.
How does this work?
All the e-mail sent from PayPal -- such as funds transfers or transactions such as receipt and statement -- is signed using DomainKeys and Sender ID SPF. Many ISPs, including Yahoo, Google, Comcast and AOL, now use DomainKeys. Over the summer, our partnership with Yahoo grew so that now Yahoo blocks phishing e-mail based on DomainKeys, deleting it before it hits Yahoo accounts. Google and Gmail, Comcast and AOL do support the DomainKeys signature but they don’t yet support blocking. They might label e-mail with a ‘suspicious variable’ in their spam filter instead. We know deploying the infrastructure to do blocking takes time. But our strategy is to have every ISP in the world blocking phishing e-mail.
But isn’t it likely there will always be some ISP somewhere that doesn’t?
Yes, so we’re also taking another approach as well to make sure our customers are safe. We’re offering e-mail plug-in software from a small start-up called Iconix that can read either the DomainKeys or Sender ID SPF signatures. This is a plug-in for e-mail, whether Web-based or other, such as Microsoft’s Outlook Web Access. When e-mail arrives, it asks whether it should give a seal of approval for e-mail from PayPal or eBay. It will show you that the e-mail is really from us.
Rss FeedRss Feed
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
Security Considerations When Deploying Remote Access SolutionsEffective network security is most successful when you use a layered approach, with multiple...
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (4)
new e-mail address for elaine dickson travelBy Anonymous on July 26, 2008, 5:12 pmnew email address for elaine dickson travel is edickson3@cfl.rr.com.please refer to this on all my items i urchase as of this date6/26/2008.Thank you..elaine dickson...
Reply | Read entire comment
elfingoBy Anonymous on March 4, 2008, 12:35 pmA highly recommended site is elfingo.com for online auctions. They are the new ebay. Many smaller sites like this offer buyers far better deals than ebay ever...
Reply | Read entire comment
ebay has never beenBy CEP on February 7, 2008, 10:38 am ebay has never been concerned with stopping fraud, only in making as much money as they can. I can find scammers and rip off artists on ebay all day long. When...
Reply | Read entire comment
RE: EBay's PayPal uses e-mail authentication to combat fraudBy Robert Foster on February 6, 2008, 8:56 pmThis is all very nice, but speaking as one who once had a paypal account, and has since closed it, I would like to know how it is that paypal can get between the...
Reply | Read entire comment
View all comments