Online payment broker PayPal is to offer a two-factor authentication system to UK customers before the end of the year.

The firm is testing the keyring-sized devices from VeriSign initially in the US and will then introduce them to the UK.

Michael Barrett, chief information security officer at PayPal, says the device will not be compulsory and customers wanting to use it will be charged.

‘We are looking at pricing it at about £2 to £3,’ he said. ‘One of the things we are thinking about is making it compulsory for people whose accounts have been victim to fraud and for certain customer segments such as businesses,’ he said.

Barrett says the system is part of a wider strategy to combat phishing.

‘This is only one piece of the puzzle. We are heavily pushing email signing technologies so that all outbound email is digitally signed using sender ID and domain keys.’

PayPal and eBay are the biggest targets of phishing attacks, with users being hit by more than 75 per cent of all phishing emails, according to security vendor Sophos.

Barrett says the VeriSign system will work with other companies that are on the same two-factor authentication network.

‘This will help us avoid the situation of consumers having to lug around loads of these devices like jailers. Then we have many different plans to get more penetration of two-factor on mobile phones, BlackBerrys and so on.’

Peter Cassidy, secretary general of the Anti-Phishing Working Group said: ‘There is no simple solution to make phishing go away, but putting anything between the phisher and his goal is useful, and the more evolved the technology is, the higher priced and the more sophisticated the labour has to be to perform a successful scam.’

What do you think? Email us at feedback@computing.co.uk

Further Reading:

Banks must stop the phishers

Fraudsters using new phishing tactics

Rise in phishing attacks causes £22.5m fraud loss