Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

PayPal Allows Apps To Accept Payment

Guest Payments, part of the PayPal Adaptive Payments API, allows developers to offer direct credit card payment in applications with requiring PayPal membership.

The eBay-owned company introduced Friday Guest Payments, which PayPal has made a part of its Adaptive Payments application programming interface. The feature provides the tools developers need to offer direct credit-card payments in applications built for the Web or mobile devices.

By eliminating membership requirement, application users are more likely to complete a purchase. PayPal acknowledges that developers, merchants and startups have been clamoring for a simpler payment method for third-party applications.

"We're thrilled to provide this new functionality to meet this need and look forward to seeing the ground-breaking apps our developer community will create with this," Naveed Anwar, senior director of PayPal's Developer Network, said in the company's blog.

PayPal is not the only payment service targeting such applications. Rival MasterCard last month announced that it would release Open APIs for third-party and independent software developers globally later this year.

MasterCard's payment and data services had been proprietary, but the growth in the use of mobile devices, such as smartphones, has put the pressure on more open tools for embedding credit-card payment services. Other credit-card companies, such as Visa and Discover Card, are also targeting mobile devices.

PayPal says mobile transactions through its service increased six-fold in 2009, rising to $141 million from $25 million in 2008. ABI Research predicts people will spend $119 billion through mobile phones by 2015.

Handset makers are also working at making it easier for people to buy with their phones. Nokia, for example, introduced in August 2009 a payment platform that lets people send money to others, pay for products in retail stores and online, recharge prepaid SIM cards, and pay utility bills. The platform generates revenue by charging transaction fees.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27905
PUBLISHED: 2021-04-13
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To...
CVE-2021-29262
PUBLISHED: 2021-04-13
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be rea...
CVE-2021-29425
PUBLISHED: 2021-04-13
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "...
CVE-2021-29943
PUBLISHED: 2021-04-13
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
CVE-2021-28938
PUBLISHED: 2021-04-13
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query exec...