AH: Michael, online shoppers hear a lot about identity theft and other types of security problems these days. Just how extensive is this problem in reality? Are some markets or regions more vulnerable than others to e-commerce crime?
MB: Aron, the Federal Trade Commission estimates that about 27.3 million Americans have been victims of ID theft in the past five years. While it’s true that more ID theft occurs offline than online, consumers absolutely need to protect their personal information when they’re on the Internet – not doing so leaves them more vulnerable to fraud.
PayPal just released findings from a global survey which found that identity theft is more common in English-speaking countries like Canada, the U.S. and the U.K. I think this is probably because a higher percentage of e-commerce is concentrated in these markets. However, e-commerce is growing in prominence around the world, and fraudsters will likely follow the money. So, consumers should take the necessary measures now to stay one step ahead.
AH: Are there particular decisions that consumers make that leave them vulnerable? Are some online shopping habits, in other words, more “risky” than others?
MB: There are two key things that all customers need to do when they’re online. One of the most common mistakes that people make is using a password that is easy to guess – like a pet or family name, or a word that can be found in the dictionary. As hard as this is to believe, some people even use the word “password.” I recommend a password that includes a combination of upper and lowercase letters, numbers and symbols. For example, Jet34!skiier. Also, be sure to change passwords every 30 days and use different passwords for multiple sites.
The second common mistake people make is using extremely outdated browsers. Some people still haven’t updated their browsers since IE4 came out in 1997! Shopping on an outdated browser is like driving without a seatbelt – you’re just asking for trouble. All consumers should upgrade to a safer browser like IE7, Firefox 3.0, or Opera 9.5 or higher. These browsers have a lot of anti-fraud tools in place that help protect your personal and financial information.
AH: How can consumers in general conscientiously try to reduce their risk of becoming victims? Is there anything that they can proactively do as this holiday shopping season gets underway?
MB: The holiday season is one of the busiest times for retailers – and also for fraudsters and identity thieves. There are a handful of steps that consumers can take to make sure their information is secure:
- Use safer passwords
- Protect your computer by using anti-virus software and safer browsers
- Never click on links in e-mails in order to log into an account
- Use safer payment methods such as PayPal and credit cards
- Use common sense – if something sounds too good to be true, it probably is.
AH: Moving on to PayPal in particular, how significant have problems like these been for PayPal customers and eBay shoppers? For example, as a guardian for personal data and accounts, does PayPal appear to be more or less “safe” than other eecommerce companies in any way?
MB: One of the reasons that PayPal customers prefer to use our services is that PayPal never shares their sensitive personal or financial information. That information is encrypted and stored on our own secure servers. So, when a merchant or friend receives a PayPal payment from you, they don’t see the bank account or credit card details associated with your payment.
AH: Email “spoofing” and account takeovers have been problems for both eBay and PayPal in recent years, to varying degrees. Does it appear that the public is becoming more sophisticated about “fake email?” Have there been technical or other kinds of solutions that eBay and PayPal have sought to implement?
MB: More and more people have been educated about fake emails, and we’ve found less people are falling for them. But phishing schemes are becoming more sophisticated, as well. So, we’ve taken a three-pronged approach to addressing the problem, and we’ve seen promising signs that this approach is working.
- Education – we have a lot of information on our Web site about how to avoid phishing. We also reach out to our customers directly via forums, marketing campaigns, and newsletters to help them avoid phishing scams.
- Technology – Aside from our own behind-the-scenes fraud models, we also equip our customers with technology to help them avoid spoof. Two years ago, we introduced the PayPal Security Key, which provides another layer of protection to customer accounts. We also offer Iconix Truemark email identification, which tells users if an email is real or fake.
- Industry Partnerships – The simple rule is that if consumers never get fake emails, then they can’t fall for them! We worked with leading Webmail providers like Yahoo! and Gmail to authenticate legitimate PayPal and eBay emails. Now, Yahoo! and Gmail simply delete emails that don’t have the digital credentials to show that they’re really from us.