Want CNET to notify you of price drops and the latest stories?

eBay CEO: Phishers threaten user trust

Meg Whitman describes how eBay, Paypal are combating phony e-mails and Web sites that may ensnare unsuspecting users--and drive away customers.

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
Anne Broache
3 min read
WASHINGTON--eBay chief Meg Whitman said on Thursday that phishers pose one of the biggest threats to the customer trust that has sustained the auction giant.

Speaking at the Visa Security Summit here, Whitman said her company has been developing fraud models aimed at detecting unauthorized account access and hires experts around the globe to help law enforcement find criminals. But she said additional safeguards and educational campaigns are necessary to prevent consumers from falling prey to phony requests for their sensitive information--or simply getting annoyed and canceling their eBay accounts.

Meg Whitman Meg Whitman

"We...need to plug the holes in the system and make it next to impossible for fraudsters to reach our users," she said. "We need to make this so hard for the bad guys that ultimately they determine it's not worth their time to reach our customers anymore."

According to security researcher Michael Sutton, eBay and Paypal are the two most common brands targeted by phishers--together accounting for more than half of all phishing activity.

Whitman outlined three major steps that her company is taking to prevent users from succumbing to the phony e-mails and Web sites.

To start, eBay and its alternative payment subsidiary Paypal have worked with Microsoft to develop a blacklist of fake sites that look and feel like those companies' products but are actually used to glean personal information for illicit purposes. Microsoft's Internet Explorer 7 is capable of filtering out those and other phishing sites, Whitman said. She urged other browsers to follow suit.

eBay and Paypal are also currently signing all of their e-mails with "domain key signing," which Whitman described as "the equivalent of putting a signature in the form of encryption on each legitimate e-mail that leaves our system." She said the firms are urging major e-mail and Internet service providers to allow only those e-mails containing that unique signature to pass through their systems.

Finally, Whitman pointed to the recent availability of a Paypal key fob that generates a unique security code, to be used in combination with the user's password, every 30 seconds.

The eBay chief, who took the CEO helm in 1998, began her speech by reflecting on the days when auction buyers still paid for their purchases primarily via check, money order or even cash sent through postal mail.

"Can you imagine running your Internet business today and relying completely on paper money or checks?" she said to the crowd.

When Whitman joined the company, 8 percent of its merchandise consisted of Beanie Baby collectible toys, but it is now selling diamond rings every three minutes, cars every minute, and digital cameras every 30 seconds, she said. By the end of 2006, the site had 222 million registered users.

The success of big-ticket item sales rides on customer trust built through eBay's combination of user feedback tools and cooperation with major credit card issuers, Whitman said.

"We wouldn't have a $6 billion business today if we had not been able to work trust into that system," she said. "I know from my own experience at eBay that building and maintaining trust with customers is much easier than trying to get it back once it's lost."

CNET News.com's Joris Evers contributed to this report.