PayPal to block old browsers

There is no silver bullet approach to tackle online crime, says PayPal

PayPal will block older versions of popular web browsers as part of its attempts to tackle phishing.

The online payments service will warn users of the risks associated to the use of old versions of software such as Microsoft’s Internet Explorer 4 or 3 and block them if need be.

In a white paper, PayPal said that "letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts".

“It is critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers,” said the report.

"We are in the process of re-implementing controls which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe – usually the oldest – browsers"

New technology such as the Extended Validation (EV) SSL authentication marker provided by vendor VeriSign, which aims to increase security by address bar green when the site visited is legitimate.

But as discussed here, the system only works in PCs.

Other tactics used by PayPal to combat cybercrime include an agreement with web-hosted email servers whereby only “digitally signed” emails from PayPal will be accepted by account inboxes.

But there is no “silver bullet” approach, when it comes to security, according to PayPal.

“We have not identified any one solution that will single-handedly eradicate phishing; nor do we believe one will ever exist. Instead, our approach relies on a holistic 'defence in depth' model, with each layer shaving off some percentage of crime that otherwise would have occurred,” said the report.