Browser

PayPal to get selective about browsers

PayPal could resort to an outright ban of Web browsers that it considers to be old and vulnerable from using its services. Some of the key criteria appears to be the support of the relatively new EV SSL (Extended Validation Secure Sockets Layer) standard as well as some form of anti-phishing protection.

PayPal could resort to an outright ban of Web browsers that it considers to be old and vulnerable from using its services. Some of the key criteria appears to be the support of the relatively new EV SSL (Extended Validation Secure Sockets Layer) standard as well as some form of anti-phishing protection.

At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe—usually the oldest—browsers," he declared.

EV Certificates are still unproven as it is, though the emphasis is probably on how the green URL bar of an authenticated site will offer a visual cue that users are indeed on the right site.

Both Firefox and Opera have announced their intention to support EV SSL in upcoming releases. There has been no word though, from Apple regarding its Safari Web browser -- which has been criticized by PayPal in the past for "lagging behind what it needs to do to protect its customers." Safari in its current state offers no anti-phishing protection. Left in the quandary would also be the scores of mobile-based Web browser.

Most TechRepublic members will not have any problems, since they are Firefox users, according to our poll on favorite Web browsers just last week. Do you reckon that EV SSL is a step in the right direction, or just another dumbing-down layer waiting for the next phishing hack?

At the same time, I also wonder just how many companies enforce Web browser options for either usability or security reasons.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

14 comments
RFink
RFink

Use our browser, browser X, we're PayPal approved for your surfing pleasure. or ... Do you have a PayPal approved browser? and don't forget .... PayPal knows browsers and what you're using isn't a browser.

TrueDinosaur
TrueDinosaur

Maybe I don't pay enough attention to the minutia of browser details but does the lack of mention mean IE7 already supports the standard?

paulmah
paulmah

PayPal could resort to an outright ban of Web browsers that it considers to be old and vulnerable from using its services. Do you reckon that EV SSL is a step in the right direction, or just another dumbing-down layer waiting for the next phishing hack?

yellow911
yellow911

it is interesting to note that, as from next month, here in australia (www.ebay.com.au), the only acceptable payment method for goods, either purchased or sold ( other than motor vehicles, boats and real estate/businesses), will be thru' pay-pal. e-bay states that this is for security reasons, to cut down on disputes. i do not like pay-pal, having had an unfortunate experience with same and have absolutely NO intention of using this payment system. i have been a regular user of e-bay for some years, both as buyer and seller and have had only minor annoyances, such as goods being delivered slowly or short on quantity of items in a bulk-box. the exclusive pay-pal payment system is NOT going to alter those experiences. it would appear, then, that my e-bay days are fast drawing to a close, as i will not be dictated too, as to my choice of payment method, either as buyer or seller. is there some corporate connection between e-bay and pay-pal ?

RFink
RFink

Just use an apporoved browser.

frank_s
frank_s

Yes IE7 supports it. If you go to a site with extended validation implemented you'll see IE's address bar turn green in addition to the lock icon.

ThumbsUp2
ThumbsUp2

This is nothing new. Many ISP's have minimum requirements, browser versions among them, just to connect to them. While it's true that PayPal's requirements might be a little more restrictive than the average ISP's, the practice of having minimum requirements isn't anything new.

nepenthe0
nepenthe0

I'm using IE-6 in Windows XP MCE (2005) with standard security settings, Windows Firewall enabled and Linksys router firewall enabled. The shieldsUp! test demonstrates 100% 'stealth', no vulnerable ports. But PayPal 'phishing' scams are difficult to detect. From my e-mail 'inbox', I open 'phishing' scams that look identical to PayPal's web page - see BBC News link: http://news.bbc.co.uk/2/hi/technology/7354539.stm In his O'Reilly book 'Windows XP Hacks", Preston Gralla discusses measures one can take to detect such scams, but most users (alas, that includes myself) are not so technically sophisticated and remain wary. A reasonable person would choose to avoid PayPal entirely, but PayPal's strategy may not help them recover. I would be most interested in a follow-up posting from Old Mycroft, ugadata, True Blue, or Peconet Tietokoneet regarding this issue. Richard M. Brown Portland, OR USA

The 'G-Man.'
The 'G-Man.'

but then users may get selective about using PayPal due to lack of support. Catch 22.

digitrog
digitrog

yup, you guessed it , PayPal is OWNED by eBay !

Jaqui
Jaqui

since ebay bought paypal a couple of years ago.

sbrooks
sbrooks

So they have a list of approved browsers, not a list of dangerous browsers? So if someone wanted to throw a lot of money at them (not mentioning any names), they could contrive to "leave" a particular browser off this approved list due to, say, "implementation flaws" in the browser security.

brudab
brudab

I'll be adding this to my list of reasons for my customers to have their browsers upgraded. Yes it's that the latest browser versions are still not totally secure, but compared to the older versions they're safer.

Editor's Picks