Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions

PayPal considers Safari to be insecure

Created: 02 Mar 2008 • Updated: 18 Dec 2012
Tim Callan's picture
0 0 Votes
Login to vote

You may know that Safari is the only major desktop browser for which there are no announced intentions to support Extended Validation SSL Certificates. I speak with a lot of people about EV SSL, including journalists, site operators, and end users. I have been asked on a number of occasions why Apple has not decided to take advantage of EV certificates to help protect its customer base against phishing and other forms on online identity fraud. My reply has always been a very simple, "Gee, you would have to ask Apple. They don't tell me any more than they tell you."

That said, I always believed in the long run that Apple's users would force the issue by demanding it from the company or abandoning Safari for Firefox, which of course has EV support, or Opera, which will have it. We just may have seen the first step in that process.

PayPal CISO Michael Barrett recently advised his customers to stop using Safari because PayPal considers it to be an unsafe browser. The two particular missing security features Barrett highlights are the lack of any kind of phishing filter and the aforementioned lack of EV SSL support.

IDG News (in the article I linked to above) describes Barrett's comments in this way,

Still, Barrett says data compiled on PayPal's Web site show that the EV certificates are having an effect. He says IE 7 users are more likely to sign on to PayPal's Web site than users who don't have EV certificate technology, presumably because they're confident that they're visiting a legitimate site.

Over the past few months, IE 7 users have been less likely to drop out and abandon the process of signing on to PayPal, he said. "It's a several percentage-point drop in abandonment rates," he said. "That number is... measurably lower for IE 7 users."

We know we've seen decreases in abandonment due to EV as measured by Overstock.com, DebtHelp.com, and now Scribendi. And we know that PayPal has described EV SSL as a core component of its security strategy in the past. It's good to see PayPal telling the world that abandonment has decreased just as with these other companies. Maybe if we're lucky, PayPal will tell us by how much.