PayPal Denies Safari Is On Its Black List

PayPal’s strategy of blocking certain browsers, considered to be “unsafe” due to no anti-phishing features doesn’t include Apple’s Safari it seems. The company sent an e-mail according to which they have absolutely no intention of blocking Safari, or any other browser, from their website, Computer World reports.

Last week, in a paper called “A Practical Approach to Managing Phishing” and signed by Michael Barrett, Chief Information Security Officer and Dan Levy, Senior Director of Risk Management for Europe, they said they have been working on solutions to stop customers from losing money or be victimized by phishing attacks.

“We realized that our strategy was based on preventing financial loss in the victim’s account,” said the two authors in the paper. “We couldn’t eradicate the problem on our own – to make a dent in phishing, it would take collaboration with the Internet industry, law enforcement, and governments around the world."

Their strategy implied that using browsers with no Extended Validation Certificates “is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelt,” and these browsers need to be blocked.

The paper didn’t give any browser names in the paper, except for Microsoft’s older versions of Internet Explorer (3 and 4), but Safari’s lack of Extended Validation support made it a possible candidate on PayPal’s list.

The company explained on Friday that it is not working on blocking any browser, but rather on blocking unfortunate combinations of browsers and OS: “PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems,” a company spokeswoman said, as quoted by Computer World. “An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98.”

Approximately 3.3% of 124 million consumers became victims of phishing attacks last year, Gartner estimates. Too many have fallen for e-mails asking for log-in credentials and other personal information, which lead to all sorts of fraud, including identity theft.

© 2007 - eFlux Media. All Rights Reserved.