Blogs
Martin McKeay's picture
Martin McKeay

Security Matters

More posts |

March 8, 2007 - 9:37 A.M.

PayPal tokens not perfect, but it's better than a password

I'm not a big user of PayPal, eBay or any online entity I have to make payments too.  I'm just a little too paranoid to be able to completely trust the current measures in place by any of the companies responsible for taking my payments.  When I heard about thePayPal security token, I became a lot more hopeful and ordered one immediately.  I figured five dollars was a paltry sum to pay to have the added layer of security and just to have one to write about.  Unluckily mine hasn't come yet, though security researcher DavidMaynor got his and says it's not quite ready for prime time.  It's a beta system, so this doesn't surprise me, but I hope he's willing to give it another try as PayPal continues to improve the service.

As I've said before, I'm hoping to see more of this type of token appearing in the marketplace.  We need to have a security measure for online commerce that goes beyond a simple password andCVV 2 code (that 3 or 4 digit code on you credit card).  There are definitely going to be some growing pains as businesses implement tokens, but I believe the reduction in fraud will pay for most, if not all, of the cost associated with these programs.  The increase in customer confidence alone will probably be worth it to many businesses, especially banks.

In the future, we're going to have to go one of two ways with tokens: either the technology will have to be shrunken to the point that it can be incorporated into credit cards, or we will have to create a way to use one token to authenticate against multiple sites, like anOpenID project on steroids.  Both approaches have their strengths and weaknesses and will have to be tested in the real world, but I see this as the next logical step in securing online and credit card transactions.

One thing I think we can all agree on, passwords aren't working.  PayPal probably has the most incentive of any online payment processor in dealing with this problem if the number of spams targeting them is any indication of the severity of the problem.  I haven't seen anyone else come up with a better idea.  Have you?

Related Posts

Legally resell used MP3s? Yes. Judge hands round 1 to ReDigi, not Capitol Records
Android Market security: An interview with Android's VP of engineering
$50 F-BOMB: Cheap spying for stalkers, hackers, or cash-strapped feds
Welcome to Minority Report IRL: Police armed with pre-crime detection tools

Today's Top Stories

When IT gets to play: Skunk works projects
'Server huggers' present obstacle to cloud use
European regulators start investigating Carrier IQ
'Nothing but the facts' approach just won't work with business people
Mozilla declines to say if it's renewed lucrative Google deal
SAP faces cloud strategy questions with SuccessFactors buy