Much of PayPal Inc.'s success has been attributed to its rigorous behind-the-scenes war against fraud. Now the online payments company is taking its battle to the computer desktop, where customers can see its efforts.
In mid-December it began to offer free downloads of software meant to filter e-mail for spam and, more important to the payments business, fraudulent phishing e-mails as well.
The software is a limited version of SafetyBar from Cloudmark Inc. of San Francisco, an add-on to Microsoft Corp.'s e-mail programs, Outlook and Outlook Express.
The offer puts PayPal, a San Jose unit of the online auctioneer eBay Inc., in the forefront of the fight against online fraud - an area to which banks have generally been reluctant to draw customers' attention.
Ken Miller, PayPal's vice president of risk management, said its offer should enhance its reputation, not undermine it. "Coming forward and advising users that these problems do exist and here's what they can do about it is definitely the right way to go," Mr. Miller said.
"Internet users have matured a bit," he said. "Now, they are looking to ways to protect themselves."
Except for Citigroup Inc., which has a high-profile marketing campaign warning of the dangers of identity theft, much of the online fraud fighting has been left to Internet companies such as PayPal and Time Warner Inc.'s America Online.
Avivah Litan, a vice president and research director at the Stamford, Conn., market research company Gartner Inc., said most banks are reluctant to distribute anti-fraud tools to customers.
One reason, she said, is fear of drawing unnecessary attention to the fraud problem. Another, she said, is that banks tend to take the position that "it's not our role to protect consumers for all their access on the Internet."
By providing free software PayPal is being much more bold than most banks have been, Ms. Litan said. Even Citi, she noted, merely refers cardholders to Webroot Software Inc. of Boulder, Colo., which sells software for keeping personal computers clear of viruses and spyware (secretly installed computer programs that can sometimes recognize and steal bank account information).
Though PayPal is not a bank, it has been among the top companies impersonated by phishers - criminals who send e-mail messages purporting to be from a bank or other company.
Ms. Litan said the need to actually distribute software to customers may be more urgent for PayPal than for many banks. One reason is PayPal's size - it has 17.4 million active accounts, several million more than the online enrollment of any U.S. bank. (PayPal defines an active account as one who transacted in the past calendar quarter.)
Since its customers need to use e-mail when they move money, PayPal is "directly hurt if consumers don't trust their e-mail," Ms. Litan said.
Mr. Miller said the software offer is a logical extension to PayPal's efforts to fight fraud.
"On the phishing front, a lot of our early efforts were spent with this sort of user education campaign," he said, but lately, PayPal is also looking at "ways to empower users to protect themselves."
Karl Jacob, the chief executive of Cloudmark, said his software relies on users' wanting to take such action. He said SafetyBar functions by asking users to submit actual spam e-mails so they can be "fingerprinted" and recognized by the software. It does not use keywords to guess whether e-mails are spam, he said.
"We get from our 'spamfighters' - our community - about 15 reports a second," he said. The program is smart enough to evaluate the validity of the reports, he said. For example, a user who reports a legitimate e-mail newsletter as a lazy way of unsubscribing will not cause other SafetyBar users to stop receiving the same legitimate e-mails.
The software catches phishing and spam e-mails 97% of the time with no false positives, Mr. Jacob said. The version distributed by PayPal, however, will filter only fraudulent e-mails that purport to be from PayPal; users who want more must buy an upgrade.
Mr. Jacob said his software may also be distributed by banks. "PayPal is the first company to announce using this, but we're working with unnamed financial institutions on using that as well," he said. "PayPal got there first."
The Cloudmark software complements another toolbar that eBay and Paypal distribute free to their members.
That toolbar, which attaches to Web browser software rather than to e-mail programs, uses software from WholeSecurity Inc. of Austin, Texas. That program alerts eBay users when they visit known phishing sites and detects when users type their eBay or PayPal passwords at other sites. (The toolbar issues a warning in a pop-up window.)
Earthlink Inc., an Atlanta Internet portal, also uses WholeSecurity software in an Earthlink-branded version of the toolbar.
But by attaching the new program to the e-mail software, PayPal provides a more prominent warning to users about the dangers of phishing.
