PayPal implements EV SLL to combat phishing

PayPal have moved further ahead in the fight against phishing by implementing EV SSL certificate support. SSL has been standard in browsers for some time and stands for Secure Socket layer, the EV stands for Extended Validation. Other browsers are looking to follow, but Microsoft plans implementation by the end of the month for Internet Explorer 7.

PayPal are one of the very first sites to go live with EV SSL certificates, having just released Security devices it’s good to see they’re pushing ahead with more stringent security as well.

The big difference you’ll see with EV SSL certificates is the lock icon (the padlock or key depending on your browser) will be moved from the Status Bar at the bottom of your browser to the address bar at the top (where you type the web address). In addition the address bar will turn green for known safe sites, red for known phishing sites, and yellow for suspected phishing sites.

One issue for the Firefox (Mozilla based) browser is that it already changes the address bar yellow for standard SSL certificated websites. With users trained to associate yellow as “safe”, using it for “Suspect” on IE will take some getting accustomed to and may lesson the security awareness it may have otherwise had. EV SSL support is unlikely to appear in FireFox until version 3.0 is released later this year.

There are also concerns that smaller websites who have been unaffected by phishing attacks will be able to afford certification costs leaving users unsure which sites are secure and which are simply uncertified.