Users of the 'PayPal Security Key' and 'PayPal SMS Security Key' can now access their online accounts in a secure manner through a VIP security credential that generates an OTP for every sign-on. During an online session, this password is entered into the user log-in interface along with the user's usual account name and password. When PayPal verifies the OTP and matches it to the user, clients achieve strong -- or two-factor -- authentication.
"PayPal has always taken online security very seriously and is famous for not sharing customers' financial information," said Garreth Griffith, Head of Risk Management at PayPal UK. "As a result, successful fraud attacks on PayPal accounts are very rare. But we know that some people want extra reassurance, and that's what the PayPal Security Key will offer. It's like a combination lock for your account -- designed to let you in and keep others out, with the extra safeguard that the combination always changes."
PayPal's support of strong authentication through SMS messaging means that consumers who want the protection online can use the device of their choice -- the physical Security Key token or a mobile device for generating the OTP needed to access their accounts.
Griffith comments, "Offering the Security Key via text message is really important as we want to make it as quick and convenient as possible. You just need your mobile phone to use it, which prevents having to carry another gadget around with you."
Consumers whose devices support SMS -- and who subscribe to SMS services from their mobile providers -- can receive PayPal OTPs without having to download any special software. In addition to the token and SMS functionality that PayPal has chosen to use, the VIP Authentication Service supports a wide range of authentication credentials, including stand-alone tokens, software tokens for mobile phones and credit card-size form factors.
"PayPal has proven itself to be an innovator when it comes to online safety for consumers," said Mike Davies, director of Identity and Authentication Services at VeriSign. "With today's announcement, PayPal and VeriSign are deploying what is truly a token for everyone. Now, consumers have even easier access to proven safeguards from the most trusted security brand on the Internet."
Around the world, leading online businesses have joined the VIP Network to provide their customers with identity safeguards that go beyond standard secure log-ins with user names and passwords. Members of the VIP Network display a special VIP logo, a signal to users that the site accepts a special VIP security credential that generates an OTP for every sign-on.
The new SMS functionality is provided by VeriSign's Messaging and Mobile Media division, which offers one of the most robust, scalable and reliable mobile messaging delivery engines in the world, connecting to more than 700 carriers and reaching over 3 billion wireless subscribers in over 200 countries.
VeriSign, Inc. (
Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results due to such factors as the inability of VeriSign to successfully develop and market new products and services and customer acceptance of any new products or services, including VeriSign Identity Protection services; the possibility that VeriSign's announced new services may not result in additional customers, profits or revenues; and increased competition and pricing pressures. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the company's Annual Report on Form 10-K for the year ended December 31, 2007 and quarterly reports on Form 10-Q. VeriSign undertakes no obligation to update any of the forward-looking statements after the date of this press release.
©2009 VeriSign, Inc. All rights reserved. VeriSign, the VeriSign logo, the checkmark circle, and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc., and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.