PayPal joins the two-factory authentication club

Interesting to read over the weekend that PayPal is sufficiently worried about the phishing and allied fraud problem that it plans to issue punters with a two-factor authentication device.

The device, which will be optional and probably chargeable, is being introduced as the UK banking industry claims to have lost 22.5 million quid in the first six months of 2006 to phishing.

Surprisingly, however, PayPal claims that phishing is not a major problem for its UK operation, but the two-factor scheme is being introduced to satisfy customer requests.

Michael Barrett, PayPal's chief information security officer, is quoted in the latest Computing magazine as saying that problem with phishing has more to do with perception than reality.

Financially, he told the paper, phishing is not even in the top five of categories that we suffer from fraud-wise.

"But when you say you work for PayPal, people say: `Oh I get all these emails from you. What are you doing about that?' People perceive that there is an issue, so there is an issue," he said.

So there you have it - phishing isn't a problem for PayPal, but it's introducing a two-factor auhentication system - even though punters don't really need it.

You couldn't make this stuff up...