The PayPal approach to customer security
An interview with PayPal's Michael Barrett, Chief Information Security Officer – 21/01/09
Interview and transcript by Terry Relph-Knight
PayPal, the on-line payment transaction company, a subsidiary of eBay, has recently taken a fresh look at customer security and is introducing some new security options for their customers. On the 21st of January 2009, heise Security UK spoke to Michael Barrett, the Chief Information Security Officer for PayPal worldwide and to Rob Skinner, the Head of PR, UK PayPal, about the new initiatives and about the PayPal approach to security in general.
heise Security UK: This is perhaps outside your area, but how would you respond to the criticisms of PayPal policy on handling account problems.
Michael Barrett: Well that's an interesting question, although my job is strictly information security and helping keep customers secure, but when you look at this from a customer perspective, customers do seem to either love us, or hate us. Often they seem to think we don't have customer services, but we do, although for some reason sometimes customers aren't able to find them. We are always trying to improve our relationship to our customers.
hS: The biggest complaint seems to revolve around frozen accounts and how difficult it is to get accounts unfrozen.
MB: Well as I said this is not my field of expertise, my experience is that these things get sorted out relatively quickly, but I think part of the issue is, if people wind up in obscure corner cases they can find it hard to get the right people to resolve it. Rob I think you probably see more of this sort of thing than I do ......
Rob Skinner: The thing to bear in mind in the cases you are talking about, you have a buyer and a seller who have diametrically opposed views on what has happened, so we are the people in the middle ...
hS: PayPal set out clear guidelines for buyers and sellers and clearly state their responsibilities in a transaction, but despite this you get the blame?
MB: Exactly, we are just trying to resolve the situation ......
RS: And that's why, as you may be aware, on eBay we have extensive buyer and seller protections, which help buyers and sellers in those kind of scenarios, and as Michael says, we are always trying to improve the situation. For example, we make it very clear that as a seller you do need to have a trackable delivery audit to show clearly that goods you send, have arrived. In the UK, well in fact everywhere, if the goods are over a particular value, you have to have a signature of receipt, as well and a lot of sellers don't meet these criteria, so if the buyer says they didn't receive the goods it comes down to one persons word against the other, really. But as Michael said that's not really why we are here, that's not Michaels field.