PayPal boosts its fight against phishing, blocks "Unsafe" browsers

" title="PayPal boosts its fight against phishing, blocks "Unsafe" browsers" />

PayPal Inc., an e-commerce business allowing payments and money transfers to be made through the Internet, announced its intention to block older versions of Internet Explorer and Firefox and other "unsafe" browsers from accessing its service.

Web payment firm’s move to block older browsers or browsers with no anti-phishing features from accessing their website comes as its major step to combat phishing, an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details.

In a paper, called “A Practical Approach to Managing Phishing”, PayPal said there are a huge number of site visitors using browsers as old as Internet Explorer versions 3 and 4, released in August 1996 and September 1997, respectively. These versions lack many of the security and safety features needed to protect users from phishing and other online scams.

The paper, released at an RSA security conference this month in San Francisco, and signed by Michael Barrett, Chief Information Security Officer and Dan Levy, Senior Director of Risk Management for Europe, states the company has been working on solutions to stop customers from losing money or be victimized by these attacks.

“In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts. At PayPal, we are in the process of re-implementing controls, which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe – usually the oldest – browsers,” the paper reads.

PayPal deems those browsers unsafe that do not have built-in phishing detection or support for Extended Validation Secure Sockets Layer (EV SSL) certificates. Browsers with this technology highlight the address bar in green when users are on a site that has been deemed legitimate.

According to the paper, the latest version of Microsoft’s Internet Explorer supports EV SSL certificates, while Mozilla's Firefox 2 supports it with an add-on, but Apple's Safari browser, which is the default browser in Apple Macintosh computers and in the iPhone smartphone, does not support the technology.

"By displaying the green glow and company name, these newer browsers make it much easier for users to determine whether or not they're on the site that they thought they were visiting," said Paypal, the online payments business of electronic auction house eBay.

PayPal is a popular target for phishers. The company is battling long against phishing, and working hard to aware people about fraud. They are working overtime to close Phishing sites.

The term “phishing” is actually a variation of the word “fishing”. The so-called “phishers” try to fish or acquire user information like passwords and credit cad details through emails and even instant messages and use them to access the victims’ accounts. In the United States, phishing is considered to be a criminal activity.

According to Gartner estimates, nearly 3.3% of the 124 million consumers became victims of phishing attacks last year.