PayPal has filed a patent for an innovative method of detecting stolen “super-cookies” and reducing the risk of unauthorized account access.
A cookie refers to tiny pieces of data a web server generates when you visit a website. Cookies are usually stored on your device by your web browser. “Cookies may include, for example, data strings, tokenized data, or other types of data, which may be used to identify a particular user and/or user device,” PayPal explained.
Super-cookies, according to PayPal, differ from standard cookies in their persistence and tracking capabilities.
Super-cookies can follow users across various sites and browsers, collecting extensive data on their browsing habits. Unlike regular cookies, super-cookies are not stored in the usual browser locations, making them harder to detect and eliminate.
How PayPal Plans to Fight Cookie Theft
In its patent application, PayPal described the challenge of cookie theft, where attackers steal or replicate cookies from a victim’s computer to bypass security measures like two-factor authentication (2FA).
“With stolen cookies, often containing hashed passwords, the attacker can use a web browser on the attacker’s computer to impersonate the user (or authenticated device thereof) and gain access to secure information associated with the user’s account without having to manually login or provide authentication credentials,” PayPal said in its U.S. patent filing on Feb. 1.
The patent, titled “Super-Cookie Identification for Stolen Cookie Detection,” introduces a novel approach to detecting when malicious actors are using stolen cookies to log into an account.
PayPal’s solution calculates the fraud risk score within the cookie-based authentication system to detect and prevent fraudulent login attempts. This process involves identifying cookie storage locations on a device, retrieving cookie values from these locations, and then comparing expected values to identify discrepancies that may indicate fraud.
Based on this risk assessment, authentication requests could be accepted, rejected, or subjected to additional security checks by PayPal, depending on the level of risk detected.
How to Stay Safe on PayPal
PayPal is one of the most popular digital payments platforms in the world, boasting over 400 million active accounts. Despite tight security measures, PayPal users are still targeted by cybercriminals, with many hacked accounts found for sale on the dark web.
In 2023, PayPal introduced passkey authentication to improve security and limit the potential for unauthorized account access. Its latest patent shows that the company is actively looking at other ways to keep its users safe.
To learn more about how to protect your PayPal account, check out our guide to staying safe on PayPal. We also recommend educating yourself about sophisticated PayPal scams and how to avoid them.
For more news, follow us on X (Twitter), Threads, and Mastodon!
