PayPal works on anti-fraud method for Cookies

PayPal has announced that it is working on new protective technology to combat the theft of authentication cookies, a growing digital security threat. Through the filing of a patent application, PayPal has presented an innovative system aimed at recognizing the illicit acquisition of "super-cookies", i.e. advanced cookies which, in addition to storing standard data, record multiple user information. These can resist deletion attempts, hiding in remote parts of the system to ensure easier and more continuous access to user accounts.

Surveillance of access to web services

The system created by PayPal offers a mechanism that, when accessing a web platform, determines whether the session belongs to a returning user or a new visitor. This approach is crucial for identifying potential fraudulent entries. The method is based on login cookies and the analysis of their vulnerability. A score is assigned based on the degree of security of the places where the cookie is stored, thus offering a probabilistic estimate of the fraud risk associated with the access request.

Using sequential encryption

The innovative aspect of the PayPal system is the use of sequential encryption, which establishes a cryptographic connection between the cookies distributed in the different memory locations. With this technique, the finding of an unexpected cryptographic value in subsequent access requests could indicate an intrusion, leading the system to deny access and potentially activate additional security counterweights.

Online security and the impact of patent filing

Although a patent application does not automatically correspond to a directly implementable new feature, this indication from PayPal reflects the growing need for more stringent protection measures against secure cookie theft. This relevance underlines the importance of online security and the constant search for solutions to safeguard the integrity and privacy of users in various web environments.