PayPal has revealed that cyber criminals are targeting mobile payment platforms and tools to steal the identity of end-users.
Last month marked the official introduction of PayPal in SA, signalling the payment processing firm's partnership with First National Bank (FNB). PayPal is owned by online retailer eBay and allows FNB account holders to securely make and receive payments via their mobile phone.
Allison Miller is on PayPal's risk team; responsible for protecting PayPal customers from fraud. Miller will address the topic of credential theft, social engineering, and account takeovers at next month's ITWeb Security Summit, being held at the Sandton Convention Centre.
Miller's primary task at PayPal is to manage new account risk and leverage network data to improve fraud detection. Prior to working at eBay's PayPal, Miller was the director of product and technology risk at Visa.
Fighting fraud
Miller points out that PayPal has been strategically entering into new segments and geographies, such as SA, which she indicates sometimes have higher loss rates.
“Left unchecked, our loss rates would probably continue to increase, but over time, we have the ability to manage down our losses by improving fraud models as we collect data on our new users, changing our business rules by tightening eligibility for direct card processing and enforcing sending limits for high-risk users.”
PayPal has developed trust and safety prevention models to protect its customers from fraud, and uses verification and authentication technology to secure every login.
“Mobile device technology has advanced to the point that cellphones are like portable computers, with all of the same security issues emerging that we've seen in home computing and on the Web,” adds Miller.
New strategies
She indicates that enterprises can no longer enforce a fortress mentality by solely building defences around their systems against external threats. This is because cyber criminals have changed their tactics and are targeting customers directly. “This changes how system owners need to build in security controls and approach trust and safety issues,” she notes.
“Typical security breaches on the Internet, such as viruses, spam, and Web site hacks used to be a nuisance to consumers, but many of those attack techniques have been repurposed to take-over sensitive credentials.”
Miller explains this results in existing accounts being compromised, financial fraud, identity theft or the takeover of end-user machines; known as botnets.
“E-mail is still the killer app when it comes to collaboration, but other messaging and communication systems will face similar issues such as spam, phishing, and social engineering, she says.
“Many of the vulnerabilities in these systems exist simply because the recipient of a message can't tell who sent it to them, or they can't tell when their computer is being redirected from a site they know to a site where they aren't safe,” explains Miller.
She says PayPal is working with several major Internet service providers to secure e-mails originating from PayPal. The Iconix application displays an icon to indicate whether or not a PayPal e-mail is authentic. PayPal has also worked with Microsoft to develop a feature on Internet Explorer 7 that signals the security level of a Web page.
Share