Announcement

Collapse
No announcement yet.

PayPal to Block Browsers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PayPal to Block Browsers

    If you use PayPal as a payment method this change could damage your sales.

    PayPal Announcement
    Steve Strickland
    972-227-2065

    #2
    Re: PayPal to Block Browsers

    The percentage shopping your site and using the browsers listed is probably negligible.
    Bill Weiland - Emporium Plus http://www.emporiumplus.com/store.mvc
    Online Documentation http://www.emporiumplus.com/tk3/v3/doc.htm
    Question http://www.emporiumplus.com/mivamodu...vc?Screen=SPTS
    Facebook http://www.facebook.com/EmporiumPlus
    Twitter http://twitter.com/emporiumplus

    Comment


      #3
      Re: PayPal to Block Browsers

      I checked my site's statistics and found this usage for the period April 1 to April 19:

      IE 4.01 2 sessions
      Firefox 1.5.0.12 37 sessions
      Safari 543 sessions (4.3%)

      While the first two may be considered "negligible" I certainly don't consider the last one negligible.

      What does the customer see when they arrive at the PayPal site from my site? A friendly "please upgrade your browser" wouldn't be too bad, but a refusal to connect would be terrible.
      Ryan Forrest, owner
      SmileyStore.com

      Comment


        #4
        Re: PayPal to Block Browsers

        "At PayPal, we are in the process of re-implementing controls which will first warn our customers when logging in to PayPal from those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe – usually the oldest – browsers."



        The original paper does not list the bad browsers. The only one it says is "safe" is IE 7.

        This is an in-house security technology that is not compatible with the signed signature technology being implemented as the global standards. It's possible and my fear is that PayPal will become a Microsoft-only payment processor.

        A recent large website (WalMart Video) tried this MS-Only approach and failed. IE controls about 75%-80% of the browser market. Losing 20%-25% of sales iis probably not an option for most Miva storefronts.

        It's hard to decipher the deliberately obscure language of the whitepaper. Who knows what it really means? One thing is sure - we'll keep an eye on the situation. Another thing is sure - PayPal has a poor history with ecommerce merchants (referrence the countless thousands of lawsuits) making them difficult to trust.
        Steve Strickland
        972-227-2065

        Comment


          #5
          Re: PayPal to Block Browsers

          sounds like its their funeral...certainly our inconvienance...but ultimately their demise
          Bruce Golub
          Phosphor Media - "Your Success is our Business"

          Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
          phosphormedia.com

          Comment


            #6
            Re: PayPal to Block Browsers

            There's been a little more come out.

            The technology is called "EV SSL" which is a Verisgn product (naturally).
            EV SSL FAQ

            Support for it is being added to FireFox 3 and Opera. It will not work on any version of Safari. Verisign has written a module for FireFox 2 that adds support.

            Support for IE 7 uses a software "updater" that runs during the payment process.

            There is no support for IE 6 and none is planned.

            The EV SSL certificate costs $2,695.00 for a 2 year license or $1,499.00 for 1 year. You can upgrade an existing Verisign certificate but prices are not posted.
            Last edited by Biffy; 04-20-08, 07:10 AM.
            Steve Strickland
            972-227-2065

            Comment


              #7
              Re: PayPal to Block Browsers

              Looks like they reversed course today.

              "Despite reports last week that it would be blocking transactions from going through on "unsafe" Web browsers, online payment service PayPal (paypal.com) clarified in a written statement on Monday that this is not necessarily the case.

              http://www.macnn.com/articles/08/04/...afari.to.stay/

              Eric
              Eric

              Hosting 4 Less
              Miva Merchant Premier Hosting Partner
              www.Hosting4Less.com
              Sales/Support Line: 888.818.0444
              Twitter: http://twitter.com/hosting4less

              Check Out Our Other Website 4 SSL Certificates:
              http://www.Certs4Less.com

              Comment


                #8
                Re: PayPal to Block Browsers

                Actually, it's the Wall Street Journal that reversed course. Here's a quote from their website:

                "Update: We just spoke to PayPal. It seems we in the media are reading too much into this. It will block people using old browsers and old operating systems, but contrary to many reports it will not block Apple’s Safari browser."

                Wall Street Journal posting

                The whole thing is caused by the obscure language in the original PayPal whitepaper. We still do not have a list of good and bad browsers, other than IE7 and FF3 are good. Are they just going to issue dire warnings to browsers they don't like? Are they trying to force merchants into buying the $1500 per year EV SSL certificate?

                In short, not much has been cleared up that matters to Miva store owners.
                Steve Strickland
                972-227-2065

                Comment


                  #9
                  Re: PayPal to Block Browsers

                  PayPal denies plan to block Safari

                  by Jonny Evans, Macworld-U.K.
                  Apr 22, 2008 12:23 am

                  Editor’s Note: The following article is reprinted from Macworld UK. Visit Macworld U.K.’s blog page for the latest Mac news from across the Atlantic.

                  PayPal has denied claims it plans to lock Safari users out of its online payments service as it reinforces its protections against online credit fraud.

                  It has been previously reported that the company intends strengthening its defenses against phishing attacks. Early reports indicating Safari may be affected by the company move to block users of older or less secure browsers were incorrect.

                  PayPal corporate communications spokesman Michael Oldenburg told 9 to 5 Mac: “PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems. An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98. In doing so, we better protect our customers from viewing a phishing site through their browser. We have absolutely no intention of blocking current versions of any browsers, including Apple’s Safari, from our website.”

                  PayPal last week warned of plans to block PayPal users from accessing the electronic payment service if they are using older versions of web browsers as it continues its war against phishing attacks.

                  Phishing sites are designed to look like the legitimate websites of major brands such as banks and seek to elicit financial and personal information. Users are lured to the sites through unsolicited emails, or can unwittingly land on one if a phisher has bought a domain with a convincing-looking name or one with slightly different spelling.

                  Comment


                    #10
                    Re: PayPal to Block Browsers

                    I fail to see how paypal.com changing their site is going to stop phishing. The whole idea is to trick people into visiting a completely different site and thinking it is paypal.com; then harvesting their login and password as they enter it at the fake site that looks like paypal. They could be using version 1x of a browser to do that. The thief is then going to use that newly acquired info to empty the person's paypal.com account using a browser that IS acceptable at paypal.com.
                    Last edited by wcw; 04-22-08, 04:30 AM.
                    Bill Weiland - Emporium Plus http://www.emporiumplus.com/store.mvc
                    Online Documentation http://www.emporiumplus.com/tk3/v3/doc.htm
                    Question http://www.emporiumplus.com/mivamodu...vc?Screen=SPTS
                    Facebook http://www.facebook.com/EmporiumPlus
                    Twitter http://twitter.com/emporiumplus

                    Comment


                      #11
                      Re: PayPal to Block Browsers

                      Originally posted by Biffy View Post
                      The EV SSL certificate costs $2,695.00 for a 2 year license or $1,499.00 for 1 year. You can upgrade an existing Verisign certificate but prices are not posted.
                      You can get EV's from most of the vendors now for a lot less - we have them from Comodo for $499 and GeoTrust (a VeriSign company) for half of the Verisign direct cost - but generally the trouble/time it takes to get them and the very limited browser support doesn't make it worthwhile right now. You only get the pretty green EV bar in IE7 if you've left the Phishing Filter turned on, which a lot of people turn off because of the added delay in loading pages.

                      Jen
                      Hostasaurus.Com
                      Miva Merchant Premier Hosting Partner
                      877.DINO.POWER
                      813.217.4570
                      [email protected]

                      Comment


                        #12
                        Re: PayPal to Block Browsers

                        OH THE IRONY!!!!!

                        PayPal, which was suggesting they would start blocking certain web browsers in the name of improving security, has a ridiculously serious XSS (cross-site scripting) vulnerability on their own web site, and even the latest and greatest EV SSL won't help them - ie: the URL actually starts with https://www.paypal.com. Is obviously not a "spoofed" web site - it's an actual vulnerability on their own site which allows hackers to "easily steal credentials" (according to the person who discovered this vulnerability). Remember when just last month they were talking about how EV certificates protect people from phishing and that "everyone should use EV SSL"? :-) This should be proof positive that SSL certificate has nothing to do with whether or not one's site has 'secure' code on it that won't allow XSS or other injection type exploits.

                        You can read more about it here.
                        Last edited by d_host; 05-17-08, 07:12 AM.

                        Comment

                        Working...
                        X