Chicago (IL) - When PayPal’s information security chief recently outlined new measures the company will take to battle phishing attacks and online frauds, it became evident that Apple’s Safari browser lacks certain basic security features. Some predicted PayPal will block Safari users from accessing the online payment service altogether. A company spokesperson now reassured users that this wasn’t the case. However, there are no security features in Safari to protect users from online scams and identity theft.

Over last couple of days, multiple online sources claimed Ebay’s PayPal is planning to block Safari users from accessing the online payment service altogether. For example, AppleInsider cited Safari’s lack of anti-phishing mechanism and no support for the Extended Validation Secure Socket Layer (EV SSL) certificate as the two reasons that are in direct collision with PayPal’s strengthened security policies.

PayPal went on record last night with the Wall Street Journal and explained that it won’t, at least at this moment, block Safari users from accessing PayPal. "PayPal is developing features to block customers from logging into PayPal when using obsolete browsers on outdated or unsupported operating systems. An example of such a browser/OS combination might be, for example, Internet Explorer 4 running on Windows 98. In doing so, we better protect our customers from viewing a phishing site through their browser. We have absolutely no intention of blocking current versions of any browsers, including Apple’s Safari, from our website," said Michael Oldenburg, PayPal’s corporate communications spokesman.

That statement however, doesn’t quite help Safari users and you could wonder whether Apple is doing enough to protect Safari users from online frauds.

The story first broke out when online media outlets picked up a white paper (

Phishing is a method of deceiving a user into believing that a certain site or email is genuine to convince users to provide critical information such as login data. Sites like eBay or PayPal have been a popular target in phishing scams.

EV SSL support comes built-in with IE7 and the upcoming Firefox 3. Users of Firefox 2 can install the Verisign EV Green Bar extension to gain EV SSL certificate support free of charge. When a user visits a site that has an EV SSL security certificate, IE7’s address bar turns green, and Firefox 2’s gray, meaning the site passed the authenticity checks. A user can then click on a certificate to identify the company running a site, providing another layer of assurance. Safari, however, lacks EV SSL support.

A lack of both anti-phishing mechanisms and EV SSL support puts Safari in the same security category as IE4. Although PayPal says it has no immediate plans to blacklist Safari users, it is obvious Apple should act quickly and provide Safari users with anti-phishing tools and a better handling of security certificates. So far, Apple does not have a great track record in browser security. It took too long until Safari received even the most basic certificate features. If Apple wants to expand its Safari user base and make the browser an alternative to IE and Firefox, it will have to match security features of competing products, no question about it.