On January 11, C|Net reported that Paypal will now start offering its VIP One-Time-PIN generating tokens to users in an attempt to defeat phishing attacks, reduce overall fraud and increase customer confidence.

These devices work by generating a new PIN number every 30 seconds. A user will go to Paypal, log in with their existing user ID and password and, in addition, will provide this PIN.

The overall concept is that since the PIN numbers change every 30 seconds, implementing this technology will reduce fraud as a a phishing site might be able to capture one PIN. Now, since this PIN is only good for 30 seconds, the amount of time that a fraudster can actually access an account if they are able to capture the PIN is very limited. Now, does this remove the possibility for fraud? No. An automated site could easily capture the pin and immediately use this to re-login to Paypal and enact a transfer. However, the chance of fraud is extremely reduced.

The plan, as it stands now, is that merchant service (commercial) customers will get these VIP keyfobs for free, and personal accountholders can request one for $5. Considering that token based one time pin generators have overall costs of over $30 per device (but scaling down based on volume), this shows that the overall cost of fraud is high enough to warrant Paypal losing a minimum of $5-10 per user who receives the device.

(Image from C|Net News)