PayPal Introduces Token Security

January 15th, 2007: No it isn’t a symbolic gesture, Ebay’s PayPal and VeriSign really have been working on heightened security measures for businesses and individuals in the form of code-generating keychain fobs.

According to Google’s anti-phishing blacklist, Ebay and PayPal together attract a significant portion of online phishing and fraud scams, and due to its position as an increasingly large financial institution, PayPal required something more sophisticated than its single-layer password security.

Arstechnica is reporting that PayPal and VeriSign are releasing code-generating key fobs that will be used in conjunction with user passwords for added security.

According to Arstechnica, the devices display a six-digit code that changes every 30 seconds. This ever-changing code, as well as the user’s password, cannot be used on its own so if either is lost or stolen the account is still secure. PayPal hopes will eliminate security breeches that occur with the vast majority of phishing scams.

Australia’s SunCorp recently began using a similar token from RSA security which relies on a password and token-based authorisation code to secure its online transactions.

While the device won’t necessarily address the largest security hole out there – user gullibility – it should help to stop many forms of attacks, such as key logging. The device will be available free to PayPal business users, while it will set everyday users back $5. The trial roll-out of the devices will be held in Australia, German and the United States.

Comment on this story