Phishing Defense a Key Factor in eBay-VeriSign Deal

Paypal will implement strengthened anti-phishing measures for up to 1 million users next year through a deal announced yesterday between VeriSign and eBay, which operates Paypal. While most of the headlines focused on eBay's purchase of VeriSign's payment processing unit for $370 million, the most widely-felt benefit of the deal will likely be the enhanced security for Paypal, which has been relentlessly targeted by phishing scams.

The agreement calls for eBay to buy up to 1 million two-factor authentication tokens from VeriSign. eBay and PayPal plan to begin the rollout of two-factor authentication to customers in 2006, including marketing and security programs designed to "promote customer adoption."

Two-factor authentication, which uses physical security devices to generate a single-use password, is being advanced as a way to reduce fraud losses from phishing. It is being used by a growing number of banks in both the US and UK. The token is typically a compact electronic card-like device which displays a number on a small screen. By entering this number into the online system when you login, you prove that that you are in possession of the card.

"At eBay, we're always looking for additional tools and technologies to improve the security of our community's accounts and ensure the privacy of information," said Rob Chesnut, senior vice president of trust and safety for eBay. Two-factor authentication will be another important way customers can shop safely on eBay and pay with PayPal."

Last week VeriSign bought the blog pinging service, and is widely reported to have struck a deal to purchase Moreover, an RSS-driven service that syndicates news for third-party sites.