I cannot tell if PayPal’s new virtual debit card is really any more secure than any other form of online transaction. No, seriously, it’s apparently Windows only, working with MSIE 5.01 and later. Even though I have access to a virtual instance of Windows, I refuse to use MSIE for any personal surfing, in particular for anything security sensitive.
Based on the FAQ, though, I am a little concerned. While the randomized credit card numbers seem like a good idea, the auto fill, in my mind, is questionable. No password manager I am aware of tries to adequately protect privacy data from possible cross site scripting attacks (Sxip is admittedly working on this for a future build of Sxipper). And the fact that PayPal is so often the spoofed site of choice in phishing attacks worries me all the more as I try to imagine how this new functionality may be subverted.
I also know many people, personally, who seem to have some trust issues with PayPal, though I do not know on what basis.
Also, has anyone read much lately about AmEx’s attempts to do the same thing? If memory serves, the AmEx solution required extra hardware, interoperating with their smart card whereas this PayPal solution appears to be pure software. Makes me wonder what the track record is with this approach, I’m guessing it’s not supremely great or this would be a more common offering.