Recently a white paper document has been sent out to Paypal shareholders, titled A Practical Approach to Managing Phishing written by Michael Barrett, PayPal's chief information security officer, and Dan Levy the company's senior director of risk management for Europe, detailing their future efforts on preventing/reducing phishing.

Phishing is a technique used by fraudsters, to try to obtain sensitive details such as account details, usernames, passwords and credit card details. The majority of phishing takes place by fraudsters sending out bogus emails, which tries to emulate large organisations (such as Paypal) and attempt to lure people to submit their personal details to a website. The website would have the look and feel of the official website and the URL would appear similar.

Paypal, the web payment firm are trying to prevent customer’s identities from being stolen, which would ultimately reduce the financial gain for fraudster. One method set out in the white paper is to stop users from accessing Paypal’s website if they are using an “unsafe” browser. They plan to implement this change by making it a requirement for users to access their site using a browser that includes anti-phishing protection and support Extenteded Validation (EV) SSL Certificate. The new type of site certificate will highlight the address bar in green if it has been deemed a legitimate site.

Paypal will allow you to use “unsafe” browsers, however if you continue to use the browser you will be blocked. Users, who use the latest versions of Internet Explorer, will have no problems viewing the site as IE 7 currently supports EV SSL certificates and anti-phishing protection. Firefox version 2 has anti-phishing automatically turned on default however do not support EV SSL without first installing an add-on (this will be rectified in the up and coming release of Mozilla Firefox 3). The browser that may suffer the most from these intended alteration is Apples Safari (MAC and PC), who do not support these protections at all.

The alterations suggested by Paypal in the white paper can only be of benefit to all internet users. It will require some users who are still using old version of browser to update to the more recent version. Some users are still browsing using Internet Explorer 3, which was released over ten years ago. These alterations will require other web payment companies and web browsers to re-think their efforts against phishing.