PayPal throws down . . .

This is VERY interesting and I wonder what sort of time frame they plan on doing this in - because right now AFAIK their list of supported browsers would be IE7 and IE8 (based on the EVSSL statements). 🙂

Also found this to be very interesting:
EV Certificates Unproven, but Best Solution Yet

The jury is still out on the value of EV SSL certificates as a meaningful security utility but, in Barrett's mind, the green URL bar offers a visual cue that "makes it much easier for users to determine whether or not they're on the site that they thought they were visiting."

He said PayPal was one of the first companies to adopt EV certificates. "More or less all of the pages on our site are SSL encrypted, and they all use EV certificates. And after nine months of usage, [our] data suggests that there is a statistically significant change in user behavior. For example, we’re seeing noticeably lower abandonment rates on sign-up flows for IE 7 users versus other browsers. We believe that this correlates closely to the user interface changes triggered by our use of EV certificates," Barrett added.

PayPal is also recommending the use of blacklists and anti-fraud warning pages as effective technologies to help protect consumers from identity theft fraud.  Microsoft and Mozilla have invested heavily in anti-malware blockers and anti-phishing technology.

Comments (0)

Skip to main content