Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions

PayPal defines non-EV browsers as "unsafe"

Created: 18 Apr 2008 • Updated: 18 Dec 2012
Tim Callan's picture
0 0 Votes
Login to vote

PayPal CISO Michael Barrett, who stirred up a lot of talk recently by advising his customers not to use the Safari browser, has published a white paper on PayPal's comprehensive approach to combatting phishing.

This white paper discusses mutli-factor authentication credentials and contains a whole section on Extended Validation SSL. The paper defines unsafe browsers as "those browsers which do not have support for blocking phishing sites or for Extended Validation Certificates," and goes on to say, "In our view, letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."

The paper adds,

At PayPal, we are in the process of re-implementing controls which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe - usually the oldest - browsers.

There has been speculation in the press about which browsers PayPal intends to block, especially Safari. I'll try to keep an eye on it, and as things develop, I'll let you know what I see.