Online payment service giant PayPal says it plans to move to two-factor authentication in the UK in response to flagging consumer confidence in the security of online financial transactions.
Dan Levy, senior director of risk management for PayPal Europe, says the service is moving from the use of passive security measures which are invisible to the customer, such as transaction monitoring and analysis, to customer-active security measures. These include the use of a second form of authentication, such as electronic signatures or certificates and picture-recognition authentication.
PayPal is currently considering the use of mobile phones and credit cards which generate random numbers, in much the same way as a traditional token, in order to provide second factor authentication. Unlike a token, however, mobile phones and credit cards are commonplace articles, making the deployment of second-factor authentication more convenient for the user.
The company already offers its US customers a VeriSign password generator in order to combat phishing scams.
In June, Michael Barrett, PayPal’s chief information security officer, revealed that fraudulent transactions on the site amount to around $35.2 million a year. This figure, however, represents only 0.3% of PayPal’s total global annual payment volume.