Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
PayPal and parent eBay, two of the most frequently used brands in e-mail phishing attacks, are taking several steps to mitigate the impact of the attacks and maintain consumer confidence in e-commerce.
PayPal and parent eBay Inc., two of the most frequently used brands in e-mail phishing attacks, are taking several steps to mitigate the impact of the attacks and maintain consumer confidence in e-commerce.
The two organizations, for instance, were among the first to deploy a phish-detecting web site toolbar from Whole Security that changes colors to alert users to the status of incoming e-mail, a spokesman says. The toolbar, distributed for free to about 1 million eBay and PayPal users, is used to determine the legitimacy of the domain name from which incoming e-mails were sent. It flashes red if incoming e-mail has the characteristics of a phishing e-mail mimicking the eBay or PayPal brand, green if it’s legitimate, or gray if its legitimacy is unclear.
If it’s gray, the recipient can go to the “My eBay” section of eBay and check the “My Messages” feature for all legitimate e-mails sent by the company, the spokesman says.
EBay and PayPal have also developed in-house software that monitors the Internet for web sites that spoof their brands, which helps it to alert users of the sources of phishing e-mails.
In cases where consumers’ account information is stolen and used to make unauthorized purchases on eBay or with PayPal online payment services, eBay and PayPal use anti-fraud software that checks for inconsistencies in their regular users’ transactions and flags them for review.
“EBay and PayPal have done a lot of sophisticated work in fighting phishing attacks,” says Dave Jevans, chairman of the Anti-Phishing Work Group. He adds, however, that efforts to fight phishing are unlikely to eliminate it any time soon but can make it harder and more costly for phishers to steal consumer information.