18 April 2008
PayPal has made a statement saying that allowing customers to make financial transactions on unsafe browsers "is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."
As one of the brands most spoofed in phishing attacks, PayPal is working on a plan to block its users from making transactions from browsers that don't provide anti-phishing protection.
PayPal allows the transfer of funds between bank accounts and credit cards, said browsers that do not have support for blocking identity theft-related websites are considered "unsafe" for financial transactions.
PayPal Chief Information Security Officer Michael Barrett comments:
In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts. In a white paper that outlines a five-pronged action plan aimed at slowing the phishing epidemic, Barrett said there's a significant set of [PayPal customers] who use very old and vulnerable browsers.
Barrett made it clear that any browser that falls into the "unsafe" category will be banned, and continued:
At PayPal, we are in the process of re-implementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe—usually the oldest—browsers.
Keep up to date with industry and Nomensa news by signing up to Nomensa newsletters.
