A couple of weeks ago, I talked about a beta security device on the show that PayPal was offering that is the best possible security for both your PayPal and eBay accounts.
You can read about it here: http://tinyurl.com/yg9q5r
I ordered one (its $5 or free if you have a business account)and I have to tell you, it works very easily and most importantly,makes both your PP and eBay accounts virtually unhackable.
posted on March 14, 2007 01:12:05 PM
Wow. How nice to see that eBay and PayPal have caught up with 1990s technology.
Apart from the circular logic in the "Your account is already secure, you have nothing to worry about, but you really should get this key so your account will be REALLY secure", I, like most other PayPal users (use of the word "customers" implies a service relationship -- and PayPal doesn't serve anyone but PayPal), am fully aware that the biggest threat to my PayPal account comes from PayPal itself.
posted on March 14, 2007 01:32:50 PM
I agree with Fluff... hubby has one of these for his company computer and its a pain in the arse. When you lose a communication link, getting it set back up is awful and very very time consuming.
If you are not already aware of PayPal's many highhanded methods of dealing with its users, I can elaborate. But there are literally thousands of case histories dotting the net; PayPal's disregard for the folks who pay them is near-legendary.
Like eBay, they are quick to take draconian action and slow to remedy errors. Actually, that's being too generous; many PayPal errors never *are* remedied. Ask me sometime why I no longer have a PayPal debit card.
PayPal enters into relationships with other large financial monstrosities (MasterCard, for instance) and when something goes wrong, a game of Blame Ping-Pong ensues as the entities pass the buck back and forth. Guess who plays the ball in this scenario.
PayPal takes no responsibility for its own errors. Once it settled a dispute in favor of a cheating customer of mine, even though DC clearly showed delivery. When this was pointed out, PayPal said that the burden was on me to recover the funds of mine that PayPal gave her.
I have dozens of examples from my own experience, but suffice it to say that the only malevolent entity that has ever stolen money from my PayPal account is PayPal itself.
posted on March 14, 2007 06:00:17 PM
PayPal's security device is, a fLufF pointed out, last century technology that may slow the takeover of PayPal accounts via 'phishing' or 'social engineering'. Unfortunately, it will do nothing to verify the identity of the person using the PayPal account - a step PayPal usually doesn't take until after fraud occurs. Banks and financial companies are required by law to "know their customer" and verify their customer's identity in the form of photo ID and their accress by a current utility bill or financial statement. (Another reason why bank transfers are more popular outside the U.S.A. - bank customers are easily traced in event of fraud.)
Most of my online banking is conducted over secure virtual private networks (VPN) using USB smartkeys or private key certificates. Other banks use the older user ID and two seperate passphrases - but they only ask for random letters and numbers from the passphrases. Very secure, yet robust enough to work over dial up. Each time you attempt to log in you get asked a different combination, and fail to log in three times and your online access is suspended until you phone to verify the security question which most assuredly is NOT your mother's maiden name or anything in the public record.
posted on March 14, 2007 08:54:59 PM
The majority of victims of ID theft on eBay and PayPal are those for whom this little fob is intended and if used, it will undoubtedly succeed as a significant barrier to what is the predominate cause of account hacking -- user error.
A randomizing algorithm that produces a simple 6 digit code defeats an incredible amount of the most common hijacks by addressing the weakest link: inferior passwords. It also raises a serious obstacle for man-in-the-middle spoofs whereby users are duped by pages that mirror the authentic page up to and including a spoofed security seal.
The fob also has the benefit of being usable, which is to say comprehensible, to a significant portion of the eBay/PayPal base...no small matter when dealing with so broad a cross section of humanity.
