[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 13 February 2007, 14:49 GMT
PayPal introduces security token
Tokens are popular in the corporate world
Online finance service PayPal, which is used by many people on eBay to pay for items, is introducing a security token to tackle fraud.

The $5 (2.57) token generates a random, six-digit code every 30 seconds which is then used as part of the login process for the website.

Customers will also need to enter their user name and password.

PayPal hopes the token will defeat phishing attacks which ask for login details to gain access to accounts.

But more sophisticated phishing attacks which also ask for the token passcode and then act on the information quickly, or programs which sit on a computer and monitor PayPal logins, could leave accounts vulnerable to fraudsters.

Security tokens are common in the business world and are often used by companies as an extra security layer when logging in to corporate networks remotely.

"PayPal has been one of the top targets for phishing attacks for many years," said analyst John Pescatore, a vice president at Gartner.

All authentication with a token proves is that you have the token in your possession
John Pescatore, Gartner

"They had to do something because they have been targets for so long."

Paypal has more than 100 million accounts in 55 countries and is owned by the auction site eBay.

The two firms were the first and third most popular targets for phishing attacks in January, according to community site PhishTank.

A phishing attack is a spoof e-mail purporting to be from companies such as Paypal which encourages users to follow links to a fake site and then enter a username and password.

The token is being rolled out to US customers first, with the UK due to be part of the trial later in the year.

Mr Pescatore said the introduction of the token was a positive step for PayPal because password security had reached "breaking point".

"The issue is that passwords are convenient, you carry them around in your head. Users have to carry tokens around - that's inconvenient."

Mr Pescatore also questioned the $5 charge for the token and warned that they were not a solution to fraud.

"If Paypal wants to increase security for its users, why are they charging $5?

"All authentication with a token proves is that you have the token in your possession.

"I am concerned that business think that tokens are a solution to security problems. Consumers never know as much about security as they should."

The release of the tokens - which are free to PayPal business customers - is part of a deal following eBay's acquisition of Verisign's payment portal business.

PayPal agreed to buy one million of the tokens, which are made by Verisign.

Senior eBay figure to leave firm
07 Jul 06 |  Business
Tips to help you stay safe online
07 Oct 06 |  Technology
Hi-tech crime: A glossary
05 Oct 06 |  UK

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific