PayPal announced plans to ban older and unsafe Web browsers in an effort to provide anti-phishing protection with the use of EV SSL certificates.

PayPal, the world’s largest online payment service, announced on Thursday that it is working on a plan to block users from making transactions from unsafe Web browsers.

PayPal released a white paper that outlines a five-pronged action plan aimed at slowing down the phishing epidemic. Part of this plan is to block any transactions from going through on browsers that don’t support EV SSL certificates.

PayPal’s chief information security officer Michael Barrett says letting users view the PayPal site on a browser that doesn’t have anti-phishing protection is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.

Some of the browsers PayPal is looking at blocking are old, out-of-support versions of Microsoft’s Internet Explorer and Apple Safari which offers no anti-phishing protection and doesn’t support the use of EV SSL certificates.

Firefox and Opera have announced that they will be offering support for EV SSL in their upcoming releases. It is unknown whether Safari will be offering EV SSL support in the near future.

Another recommendation outlined in the PayPal white paper is the “creative use of new email signing standards and cooperation with major ISPs to block unsigned email” that looks to be from PayPal, but isn’t, before it even reaches the customers.

Barrett says that if phishmail never makes it into a customer’s inbox, the customer cannot become a victim. Thus, ISPs need to adopt technologies to block fraudulent emails at the network edge. PayPal recommends installing anti-phishing and anti-spam technologies, like DomainKeys and Sender Policy Framework.

source: www.halflifesource.com/paypal_targets_phishing_epidemic/article2390.htm