PayPal, eBay Inc.'s payment service and the frequent target of fraudsters, plans to block browsers that don't include anti-phishing features.
Under PayPal's plan, Apple Inc.'s Safari would be banned completely, while only older versions of its rivals -- Microsoft Corp.'s Internet Explorer and Mozilla Corp.'s Firefox -- would be barred.
"This is a good move, if [PayPal] can get away with it," said Avivah Litan, an analyst with Gartner Inc.
PayPal spelled out the idea in a paper (download PDF) released at last week's RSA Conference. "It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," said Michael Barrett, PayPal's chief information security officer, in the paper. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."
The two features that Barrett said browsers must have to be considered safe by PayPal were an ability to block known or suspected phishing site, and support for Extended Validation (EV) certificates. EVs, which are given to companies only after more stringent background checks than the commonplace SSL (Secure Socket Layer) certificates, are supposed to reassure users that the online site is legitimate. Browsers that support EVs typically shade the address bar green as a signal that the site is safe.
|