PayPals two-factor authentication could be circumvented
The security feature, known as two-factor authentication (2FA), is an option on many online services such as Google and mandatory on many financial services websites for certain kinds of high-risk transactions. Since the code is sent offline or generated by a mobile application, it is much more difficult for hackers to intercept although by no means impossible.
The attack requires a hacker to know a persons eBay and PayPal login credentials, but malicious software programs have long been able to harvest those details from compromised computers.
The fault lies in a page on eBay that allows users to link their eBay account with PayPal, which eBay owns. Linking the accounts creates a cookie that makes the PayPal application think the person is logged in, even if a six-digit code has not been entered.
The payment processors two-factor authentication could potentially be defeated in other ways. For example, if a user does not have a way to receive the six-digit code, PayPal allows them to skip it and instead answer two security questions.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright