PayPal could resort to an outright ban of Web browsers that it considers to be old and vulnerable from using its services. Some of the key criteria appears to be the support of the relatively new EV SSL (Extended Validation Secure Sockets Layer) standard as well as some form of anti-phishing protection.PayPal Chief Information Security Officer Michael Barrett noted:
"In our view, letting users view the PayPal site on one of these [unapproved] browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts... At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe—usually the oldest—browsers," he declared.
EV Certificates are still unproven as it is, though the emphasis is probably on how the green URL bar of an authenticated site will offer a visual cue that users are indeed on the right site.Both Firefox and Opera have announced their intention to support EV SSL in upcoming releases. There has been no word though, from Apple regarding its Safari Web browser -- which has been criticized by PayPal in the past for "lagging behind what it needs to do to protect its customers." Safari in its current state offers no anti-phishing protection. Left in the quandary would also be the scores of mobile-based Web browser.
Most TechRepublic members will not have any problems, since they are Firefox users, according to our poll on favorite Web browsers just last week. Do you reckon that EV SSL is a step in the right direction, or just another dumbing-down layer waiting for the next phishing hack?
At the same time, I also wonder just how many companies enforce Web browser options for either usability or security reasons.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.