Sunday, June 8, 2008

PayPal Plug-In

Copyright 2008-2009, Paul Jackson, all rights reserved

Not .Net or programming related, but useful nonetheless.

I'm always a bit reluctant to enter credit card numbers when shopping at a new site, because I don't know how good their security is.  Once my credit card's past the SSL layer at their site, what becomes of it?

Is it being stuffed into some unsecure database?

Is it being transmitted in clear text as part of a SOAP message throughout their SOA architecture?

Is the order actually being processed by hand, so my credit card's being printed out and stored in a file somewhere?  Or shipped around via email?

PayPal has released a browser plug-in that eliminates these concerns for me. 

One of its features is generation of one-time or multi-use "Secure Cards" -- MasterCard numbers tied to your PayPal account.  This allows your PayPal account to be used securely at any site, even those that don't explicitly support PayPal.

Once installed, the plug-in adds an icon-menu to the browser's toolbar:


"Generate Secure Card" prompts for PayPal login:


With the image-verification to ensure you're sending the information to PayPal and when combined with the PayPal Security Key:


This seems like a very secure login.

You're then prompted to choose either a single- or multi-use card number to generate:


And, presto, you have a secure card number to use for your purchase(s):


And, no, the card number above isn't valid any more -- nice try.

No comments: