Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
May 2007

Interview: PayPal CISO Michael Barrett

How does PayPal defend against phishing? One of the back-end defenses we have is a lot of fraud modeling. It's very advanced, and it's resulted in extremely low fraud rates compared to the rest of the financial services industry. We've gotten very good at detecting fraud on the back end, so what's [the phishers'] response? They generate more mail on the front end. Can you quantify losses due to phishing for PayPal? Forty-one basis points is the total fraud number [on PayPal's fraud model], and we don't break out where phishing is in that overall mix. I will say, it isn't very high on that list. That's one of the issues here--there is a perception there is a huge problem, whereas the financials don't indicate that. How much can you share about your fraud models? They're internally developed. We don't talk about what they do, because this is an area where the more you disclose about what the models are looking for, the more you're telling the bad guy how to evade them. I can say, they're broad-based, real-time front- and back-end ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

  • Intellectual property protection do's and don'ts

    Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual property and tips for data protection, including risk assessment, encryption, and corporate governance.

  • Product review: Watchfire's AppScan 7.0

    Product review of Watchfire's AppScan 7.0, an application security testing tool for developers, quality assurance teams and penetration testers. The security product runs on Windows XP, Vista or 2003 Server.

  • Bit9 Parity product review for endpoint security

    Product review of Bit9's Parity 3.5, a PC security tool designed to give enterprises control over what users can do on company computers and prevent executables in malware from running on desktops. Automatically installs SQL Server 2005 and Apache Web Server, which is used for remote administration.

Columns in this issue

  • Hacker demonstrates targeted attack

    Hacker Robert Hansen, also known as RSnake, demonstrates the pains cybercriminals take to target specific organizations and individuals through an exercise posted on his blog, which targeted the head of Google's spam team. Hansen's exercise underscores the threat companies face from today's organized and patient cybercriminals.

  • Fight cybercrime by understanding a hacker's mind and attack motive

    Computer crime laws and security policies aren't enough to combat increasingly sophisticated cybercrime. Understanding the criminal mind and a hacker's motive can help an organization determine what assets are most valuable and better distribute security resources.

  • Interview: PayPal CISO Michael Barrett

    PayPal's 133 million online customers are the biggest ocean for phishers to plunder. CISO Michael Barrett wants to make it safe to be in the water, and he's not going at it alone. Backed by PayPal's sophisticated fraud models and help from ISPs, Barrett is succeeding in protecting the most-spoofed brand on the Internet.

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close