paypal

PayPal opens up to developers

Paul Mah — Tue, 17 Jun 2008 07:40:24 -0400

PayPal announced a new version of its Developer Central portal at the eBay Developers Conference in Chicago earlier this week. Understandably, PayPal wants to lower the barrier to integrating its online payment services to websites not already using its services. The portal offers 25 application programming interfaces (API) created to perform various payment-related transactions. It also will list a directory of PayPal-certified developers.

The PayPal Developer program, which was launched in 2001, has 300 certified developers out of 35,000 registered members. According to PayPal, there are 60 million active accounts spread over 190 markets at the moment--a staggering figure regardless of how you look at it.

For more on PayPal's new portal:
- check out this InformationWeek article

Phishers get nabbed

Thu, 22 May 2008 06:59:59 -0400

Thirty-eight people in the U.S. and Romania have been charged in two federal indictments, alleging they used a complicated Internet phishing scheme to steal thousands of credit and debit card numbers, and then tap into bank ATMs to obtain cash.

The targets were both individuals and hundreds of financial institutions, a reminder to CIOs and their IT departments to remain vigilant and to make sure employees know the risks and do not respond to bogus emails seeking personal or company information.

In the indictments coming out of California and Connecticut, federal authorities said schemes were run by individuals with ties to organized crime, and targeted banks and other companies including Citibank, Capital One and PayPal.

For more on these indictments:
- see this pcworld.com article

Gartner: Phishing on the rise

Thu, 03 Jan 2008 06:59:59 -0500

Watch out! Phishing attacks in the United States increased dramatically this past year, costing consumers more than $3 billion in 2007, and there is no end in sight, according to a recent survey by Gartner. Phishing is one of the latest weapons being used by hackers to crawl into a database, distort it and steal valuable data. The Gartner survey found that 3.6 million adults lost money in phishing attacks in the 12 months ending in August 2007, compared to 2.3 million adults the previous year.

"Phishing attacks are becoming more surreptitious and are often designed to drop malware that steals user credentials and sensitive information from consumer desktops," Avivah Litan, vice president and analyst at Gartner, told Tekrati. "Anti-phishing detection and prevention solutions are available but not utilized widely enough to stop the damage. These must be deployed and combined with solutions that also proactively detect and stop malware-based attacks."

At the top of the phishing target list are, of course, PayPal and eBay, but it's too soon for any CIO to breathe a sigh of relief. Phishing attackers are using all kinds of devious methods such as electronic greeting cards, charities and foreign businesses to lure computer users into letting the hacker in. The survey found that 47 percent of those who lost money had unauthorized charges made on their debit or check card in 2007. Thieves may be targeting debit cards and bank accounts because back-end fraud detection systems are traditionally weaker than credit card accounts, according to Litan.

"Regulators must get a better handle on the problem through consistent and timely bank reporting on their fraud incidents and losses," Litan said. Gartner expects phishing and malware attacks to grow in the year ahead because it's a lucrative business. And the consulting company sees no easy way to thwart these attacks unless e-mail providers spend the money on solutions that can keep phishing out. "Enterprises should at least protect their own brands from being used in phishing attacks by subscribing to an anti-phishing solution," Litan said. So the big question for CIOs is this: Are you there yet, and what would it take to make your company phish-proof?

For more on phishing dangers:
- See this Tekrati Article

Today's state of insecurity

Thu, 27 Sep 2007 07:00:00 -0400

It was quite a surprise to read that the personal information of 1,200 eBay users was posted online this week. Luckily, as you'll read in our first story, it looks like there was no security breach of the network and it appears that the exposed credit card numbers were not valid. Still, it focuses our attention on the large number of hackers who are out there, waiting and ready to pounce on our data.

I had the opportunity this week to meet with Michael Barrett, the CISO of PayPal, which is now owned by eBay. We talked a bit about the state of security in general and discussed how he and other C-level executives, including the CIO, collaborate at PayPal. I have to say, he has a pretty realistic view. He noted--much to the dismay of his PR reps--that no enterprise can ever be fully risk free, but went on to add that none of us live risk free lives either. The question really is, how much is the right amount of risk to absorb, and what do you have to do to get to that acceptable level of risk? A fortress mentality--the idea that you can keep the bad guys away by building walls and trenches around the enterprise--will not, by itself, help you understand risk or get your organization to that level. What is needed is a culture of security in which people throughout the enterprise have a common understanding of what constitutes risky behavior, and then apply security measures accordingly, as they develop new business processes and collaboration links within and between their enterprises.

In this issue, I also link to an interesting interview with a convicted hacker. In his words: breaking into computers at telecom companies was "so easy a caveman could do it." This 23-year old begins his two-year sentence in federal prison today. Let me know what you think about the state of security--or insecurity-- in your network. -Patty

ALSO NOTED: PayPal adds another security layer to protect account holders; Using green technologies to keep data centers cool;

Thu, 11 Jan 2007 19:01:33 -0500

> PayPal adds another security layer to protect account holders. Article

> Using green technologies to keep data centers cool. Article

> More software outsourcing taking place. Article

> Holidays were prime spyware time. Article

> All the important aspects of the iPhone. Article

And Finally... Never say never when you lose a wallet. Article

Phishing scam illustrates sophistication

Mon, 20 Nov 2006 19:01:38 -0500

The latest phishing scam once again shows how sneaky and sophisticated scammers are getting in trying to lure unsuspecting victims. According to a researcher who received a phony email, supposedly from PayPal, the latest phishing attack is using a foreign government server as well as computers at a medical transcription company based in India.

For more on the latest phishing attack:
- read the news at CSO online

Related Article: Phishing is top security issue today. Article

ALSO NOTED: Script flaw leaves PayPal site vulnerable to phishing; The art of analyzing data while encrypting privacy; and much

Sun, 18 Jun 2006 20:01:33 -0400

> Script flaw leaves PayPal site vulnerable to phishing. Article

> The art of analyzing data while encrypting privacy. Article

> The security issues in AJAX with Web development. Article

> How to find that next dream tech job. Article

> Veterans' information still at risk, say federal authorities. Article

> A timeline that maps out Gates' legacy. Article

> Trial continues in logic-bomb case. Article

And Finally... Future of humanity in outer space, says physicist. Article