PayPal aims for Asian Market despite fears over phone hacking

Chris Lake
Authored by Chris Lake
Posted Tuesday, August 21, 2018 - 6:11am

Despite recent concerns that the payment platform giant could be vulnerable to ingenious new attacks from hackers, PayPal is doggedly pursuing a licence in the Chinese market.

The Paper, China’s state-funded media website, reported earlier this month that the organisation has been actively attempting to secure licences in the Chinese region for the past 4 years. Lu Liuliu, general manager of the PayPal Merchant Business Unit in China has stated that despite the complex legal procedure involved in applying for licenses to operate in the Chinese domestic market, obtaining them will allow the payment platform to further expand its influence on cross-border eCommerce within the region.

PayPal has a global presence

PayPal is known throughout the world for being one of the leaders in the online payment processing arena, since being acquired by eBay in 2002 it has grown exponentially in terms of reach and visibility. Currently, the platform is unable to conduct business within the domestic market in China, focusing instead on offering services to cross-border eCommerce merchants.

This approach has had a positive effect on SMEs within the Chinese region, more than 21% of global transactions processed through PayPal fall under the cross-border category, with China being the largest market for these. PayPal’s cross-border operations have also significantly opened up channels within the buyer market in China, every one in five cross-border shopping transaction is carried out by a Chinese buyer using PayPal’s current services.

Of course, throughout much of the Western business world, PayPal is ubiquitous - in the first half of 2018 alone there were a total of 244 million registered consumer and merchant accounts (Source: Statista). It's used by everyone from digital content producers to multinational retailers as a way to send and receive payments, and more recently iGaming operators have begun integrating the payment platform as well as bricks and mortars stores and merchants.

Point of sale transactions are convenient with a PayPal card

Although it will be familiar to some traditional merchants in the UK and Europe, it’s in the US that PayPal is really transcending the usual barriers between bricks and mortar operations and online payments. Since December 2017, 13% of North American retailers accepted and used PayPal as a payment method, with a further 14% aiming to integrate it over the next 12 months. The use of a PayPal card for transactions at point-of-sale locations has meant that customers can quickly and conveniently purchase goods in much the same way that shopping with a VISA or MasterCard allows. 

New methods of hacking could pose a risk

PayPal has also been making the news recently on British shores, with concerns arising over the security of customer accounts from hackers. As reported by The Guardian on its news website, research provided by Martin Vigo - a hacker and mobile security specialist - has indicated a potential weakness in the armour of online account services like PayPal. Even social media accounts, such as WhatsApp and Instagram could be the target for an ingenious hacker with a script and a virtual phone number.

Presenting at the Def Con hacking conference in Las Vegas earlier in August, Vigo demonstrated how a hacker could access phone voicemails and use that information to breach the security of online accounts. To anyone who remembers the infamous activities of News of the World journalists, voicemail hacking is nothing new, but as Vigo demonstrated these techniques can have further implications to online systems.

Many online account service providers have an additional layer of security, requiring a two-step authentication that is primarily sent via text messages to the account holder’s phone. However, in some cases that information can be sent via an automated phone call, even if that call isn’t answered and is pushed to voicemail the automated system will still relay the secure information. It’s at this point that enterprising hackers can step in.

According to Vigo, the services that are most likely at risk from this still niche form of account hacking are “Authentication for WhatsApp, Signal, Twilio, Google Voice” and password resets for PayPal, eBay, LinkedIn, Netflix and Instagram. PayPal is one of the online service companies that does try to short-circuit such attacks, account holders can reset their passwords with a phone call but they have to type in a unique code during the call to do so. But Vigo was able to compromise the security of a PayPal account in another demonstration by changing a voicemail greeting message to a recording of keypad tones. 

Far from scaremongering, Vigo’s point with the demonstrations was to alert people to potential security pitfalls in online accounts and since he was presenting at a conference, compromising a PayPal account did act as a showstopper! Operating in today’s business world does involve a lot of online payment processing, however PayPal still remains one of the most secure and reputable ways to do that.


   



Share this

Gallery