Do you use PayPal?
What browser do you use?
If you don’t know – you’d better check ‘cause PayPal has announced that it will soon block browsers that don’t include anti-phising features.
Under the proposed “lock out” Apple’s Safari would be banned along with older versions of Microsoft’s Internet Explorer (IE 3&4) and Mozilla’s Firefox (version 1.x).
As we all probably know, PayPal is one of the more frequent targets of fraudsters.
“It’s critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers,” said Michael Barrett, PayPal’s chief information security officer.
“Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts.”
The two features that Barrett said browsers must have to be considered safe by PayPal were an ability to block known or suspected phishing sites, and support for Extended Validation (EV) certificates.
EVs, are given to companies after more stringent background checks than the commonplace SSL (Secure Socket Layer) certificates. Browsers that support EVs typically shade the address bar green as a signal that the site is safe.
While the current or soon-to-be-released versions of IE and Firefox support both of PayPal’s must-have features, Safari includes neither.
“PayPal’s having to take dramatic measures,” said Avivah Litan, an analyst with Gartner Inc. an independent provider of research and analysis on information technology, computer hardware, software, communications and related technology industries.
“They’re desperate to do something, because the level of fraud has hurt their revenue picture.”
Under PayPal’s plan, users running browsers lacking an anti-phishing blocking tool and support for EVs would first be warned. Later, PayPal would block such browsers from accessing its site.
No timetable has yet been set for the lock out.