PayPal has introduced two-factor authentication, with the soft launch of a Verisign One-Time Password Token. The fob generates a one-time use password every 30 seconds, which can then be used to gain access to PayPal and eBay services in addition to a traditional username and password. The two brands are among the most regularly phished by scammers.
Owners of a business PayPal account will get the token for free, while
personal users will have to pay $5 (£2.50). The token will
initially be available in the US, Germany and Australia, with UK users
having to wait to gauge the popularity of the device.
The UK banking sector has been mulling two-factor authentication for
some time, with trials being conducted by Barclays, LloydsTSB and
Alliance & Leicester.
Also this month, Swedish bank Nordea is probably wishing it had adopted
similar technology, after a reported loss of around £576,000. The
theft involved the haxdoor.ki Trojan. Victims mistakenly downloaded the
Trojan after receiving a spoofed email from the bank encouraging them to
download anti-spam software.