PayPal: Steer clear of Safari

PayPal has dealt a devastating blow by stating categorically that internet users who don't want to get their ID stolen or their money swipped, should steer clear of Safari.

The eCommerce expert has released its list of recommended browers and Apple's Safari isn't on it.

According to Michael Barrett, PayPal's chief information security officer, the key reason for this is that Safari doesn't have two important anti-phishing security features.

"Apple, unfortunately, is lagging behind what they need to do, to protect their customers", Barrett said in an interview. "Our recommendation at this point, to our customers, is use Internet Explorer 7 or 8 when it comes out, or Firefox 2 or Firefox 3, or indeed Opera."

Safari has no built-in phishing filter, which will warn users when they are visiting suspicious websites, Barrett continued.

The second key issue is Safari's lack of support for another anti-phishing technology, called Extended Validation (EV) certificates.

This is a secure web browsing technology that turns the address bar green when the browser is visiting a legitimate website.

EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's website for more than a year now.

The next versions of Firefox and Opera are expected to support the technology.

When it comes to fighting phishing, "Safari has got nothing in terms of security support, only SSL (Secure Sockets Layer encryption), that's it", Barrett said.

Safari is currently the default browser on Macs and the iPhone, but it is also available for the PC.

But rivals Firefox and Opera also run on Macs as well as PCs.

The PayPal representative concluded: Opera, IE, and Firefox are "safer, precisely because we think they are safer for the average consumer. I'd love to say that Safari was a safer browser, but at this point it isn't".

Apple is not commenting on this story.


>