PayPal is to add two-factor authentication with a one-time password via text message or by using a security token as well as the standard password.


VeriSign is to provide the service to users of the ‘PayPal Security Key' and ‘PayPal SMS Security Key', as during an online session the password is entered into the user login interface along with the user's usual account name and password.


Consumers whose devices support SMS – and who subscribe to SMS services from their mobile providers – can receive PayPal one-time passwords without having to download any special software.


Garreth Griffith, head of risk management at PayPal UK, said: “Successful fraud attacks on PayPal accounts are very rare, but we know that some people want extra reassurance, and that's what the PayPal Security Key will offer. It's like a combination lock for your account – designed to let you in and keep others out, with the extra safeguard that the combination always changes.”


Mike Davies, director of identity and authentication services at VeriSign, said: “PayPal has proven itself to be an innovator when it comes to online safety for consumers. With today's announcement, PayPal and VeriSign are deploying what is truly a token for everyone. Now, consumers have even easier access to proven safeguards from the most trusted security brand on the internet.”