Banks, online merchants and technology vendors must work together to prevent security problems such as phishing attacks and data breaches, eBay President and CEO Meg Whitman said yesterday.
Whitman called on large email service providers such as Yahoo and Microsoft to reject emails supposedly coming from eBay or subsidiary PayPal that do not include domain key signing authentications on them. eBay now puts the digital signatures on all the email it sends, amounting to "billions" of pieces of email a year, Whitman said at a Visa security summit in Washington, D.C.
Phishing attacks, in which a scammer sends fake email to entice recipients into giving up passwords and other information, remain a major concern at eBay and PayPal, Whitman said. No longer the domain of small-time crooks with bad grammar, phishing schemes are becoming sophisticated tools of organized crime, she added.
Even those customers that recognize phishing schemes can get disgusted and stop doing business with the targeted businesses, she added. "It erodes the trust we've tried so hard to build," Whitman said. "We need to make it so hard for the bad guys that they ultimately think it's not worth their time to mess with our customers."
Whitman also called on banks to share information about known scams and data breaches more quickly with third-party payers like PayPal. In many cases, banks share the information with each other immediately, but it takes "days or weeks or months" to reach businesses like PayPal. With faster information sharing, more scams could be prevented instead of dealt with after the fact, she said.
The eBay online auction model works because most people are basically good and not out to scam others, Whitman said. However, Internet scammers continue to look for new ways to make money, she said.
"Security on the Internet is actually an arms race in the classic form," she said.
Earlier in the conference, Visa USA President and CEO John Philip Coghlan told the audience of more than 400 business, government and academic leaders that payment security must become more of a strategic priority for businesses. All organizations involved in the payments system need to invest in security, he said.
Maintaining trust is "emerging as one of the critical business issues of the 21st century," Coghlan said.
Visa is working on pilot programs to protect card security, including encryption and dynamically generated authorization information on payment cards, he said.