"This is a good move, if [PayPal] can get away with it," said Avivah Litan, an analyst with Gartner Inc.
PayPal spelled out the idea in a paper (download PDF) released at last week's RSA Conference. "It's critical to not only warn users about unsafe browsers, but also to disallow older and insecure browsers," said Michael Barrett, PayPal's chief information security officer, in the paper. "Letting users view the PayPal site on one of these browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts."
The two features that Barrett said browsers must have to be considered safe by PayPal were an ability to block known or suspected phishing site, and support for Extended Validation (EV) certificates. EVs, which are given to companies only after more stringent background checks than the commonplace SSL (Secure Socket Layer) certificates, are supposed to reassure users that the online site is legitimate. Browsers that support EVs typically shade the address bar green as a signal that the site is safe.
PayPal, eBay, Payment, Payment Service, eCommerce, Browser, Safari, Security, Internet