Safari out of PayPal's "Unsafe" browsers' list, despite security flaws

Web payment firm PayPal Inc. has abruptly rebuffed all reports claiming that it will drop support for Apple's Safari browser because it lacks anti-phishing features. Last week, media reports popped up on Internet saying PayPal will block Safari users from accessing the online payment service altogether.

It has been previously reported that PayPal, an e-commerce business allowing payments and money transfers to be made through the Internet, intends to block older versions of Internet Explorer and Firefox and other "unsafe" browsers from accessing its service.

The move to block older browsers or browsers with no anti-phishing features from accessing their website was seen as company’s major step to combat phishing, an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details.

Although, it’s evident that Apple's Safari browser, which is the default browser in Apple Macintosh computers and in the iPhone smart phone, lacks certain basic security features, and PayPal last January expressed its displeasure over Safari, but the company now says they are clear about their position. "We have absolutely no intention of blocking current versions of any browsers, including Apple's Safari, from our website," said PayPal corporate communications spokesman, Michael Oldenburg.

"PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems. An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98. In doing so, we better protect our customers from viewing a phishing site through their browser,” he continued.

PayPal deems those browsers unsafe, that do not have built-in phishing detection or support for Extended Validation Secure Sockets Layer (EV SSL) certificates. Browsers with this technology highlight the address bar in green when users are on a site that has been deemed legitimate. Safari’s lack of anti-phishing mechanism and no support for the Extended Validation made it a possible candidate on PayPal’s list.

Last week, in a paper, called “A Practical Approach to Managing Phishing”, the two authors, Michael Barrett, Chief Information Security Officer and Dan Levy, Senior Director of Risk Management for Europe, stated the company has been working on solutions to stop customers from losing money or be victimized by these attacks.

The paper, released at an RSA security conference this month in San Francisco, stating that there are a huge number of site visitors using browsers as old as Internet Explorer versions 3 and 4, released in August 1996 and September 1997, respectively.

PayPal is a common target for phishers. The company is battling long against phishing, and working hard to make people aware about online fraud. They are working overtime to block phishing sites.

The term “phishing” is actually a variation of the word “fishing”. The so-called “phishers” try to fish or acquire user information like passwords and credit cad details through emails and even instant messages and use them to access the victims’ accounts. In the United States, phishing is considered to be a criminal activity.

According to Gartner estimates, nearly 3.3% of the 124 million consumers became victims of phishing attacks last year.