PayPal Plans to Ban Unsafe BrowsersApril 17, 2008 – 5:43 PM
PayPal says allowing customers to make financial transactions on unsafe browsers “is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.”
PayPal, one of the brands most spoofed in phishing attacks, is working on a plan to block its users from making transactions from Web browsers that don’t provide anti-phishing protection.
The eBay-owned company, which runs a Web-based payment system that allows the transfer of funds between bank accounts and credit cards, said browsers that do not have support for blocking identity theft-related Web sites or for EV SSL (Extended Validation Secure Sockets Layer) certificates are considered “unsafe” for financial transactions.
“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts,” said PayPal Chief Information Security Officer Michael Barrett.
In a white paper that outlines a five-pronged action plan aimed at slowing the phishing epidemic, Barrett said there’s a “significant set of [PayPal customers] who use very old and vulnerable browsers” and made it clear that any browser that falls into the “unsafe” category will be banned.
“At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe—usually the oldest—browsers,” he declared.