Our unverified account has never processed a single payment, and yet with the amount of ID they require for something as simple as a contact name change you could get a passport in some countries.

Business Contact Name Change
To process your name change request, you need to fax in additional information. Please provide a current photo identification and one of the other following documents:

• A copy of a valid photo identification showing your new name.
• Acceptable forms of photo identification are a driver’s license, passport or any other state or government issued photo identification.
• A copy of a recent utility bill showing your new name and address exactly as they appear on your PayPal account.
• A copy of a recent bank statement for the bank account listed on your PayPal account (if applicable).

Please include a letter on company stationery indicating the primary email address, current name, address and telephone number on the PayPal account, the reason for the name change, and the new business contact name.

So that we can process your request efficiently, please ensure that your documents are valid and legible. As always, any personal identification information that you submit to PayPal will remain secure and will never be transmitted to any third party.

PayPal have never had a rep as a particularly customer friendly organisation, but this isn’t even beneficial to them! With no transactions in the past and less documentation than this required for establishing a NEW account it doesn’t pose any credible threat so far as hijacked accounts/money laundering/whatever goes, and they need to spend time reviewing documents sent in a thoroughly nonstandard way. The bank account verification process is pretty good in terms of automation (albeit risky — you’re essentially giving PayPal license to do whatever with all funds in that account) — this is most certainly not.

Anyone have any good, low % fee or cost/transaction way of hooking into CBA’s Evolve system? The application doesn’t warrant us spending heaps setting it up just yet, and PayPal are good at making things way too risky and difficult. Grumble.

These things can be had from PayPal for about five bucks. Or $7.50 if you’re an Aussie. Verisign will flog them off to you for $30, if you’d like, but basically PayPal rocks for this kinda stuff. It’s a one-time password token that effectively enhances your authentication by a massive degree. It’s cool because it works with PayPal and eBay. It’s cooler (and worthwhile) because you can potentially use it with OpenID.

Essentially, it’s a random number seeded with a unique key that gets appended to your regular password. This defeats keyloggers and pretty much all kinds of phishing currently out there. These kinds of devices have been used in corporate VPN/dial-in scenarios for years now (predominantly, in the situations I’m aware of, with technology by RSA SecureID), but this is the first I’ve seen of it from Verisign.

And, sure, it’s only as secure as physical security or the endpoints themselves are, but it’s a massive step up from “what’s your cat’s name?” two-factor auth (though, unfortunately, I think PayPal/eBay offer that as a backup).

I’ve ordered mine and will probably be having a play with OpenID implementations of it (backed by Verisign’s PIP service, but not overly tied to it because of OpenID’s identity-delegation ability) once it arrives (10 business days).

Can’t help but wonder what Verisign’s rates for these things are in a standalone sense. Normally on 5 year contracts, but in terms of cost-per-token. Seems like a great way to defeat the idiot users who insist on having passwords that are blatantly obvious (argue all you like about strength policies: it’s often not feasible when balanced against support load for resultant forgotten passwords).

Also, to those who argue PayPal = evil, if you’re in Australia then please… don’t. Unlike in the US, here they’ve basically got the same financial reporting obligations as any bank does, and customer service necessarily to match it. All the horror stories from the ‘States (not that I think them universally untrue!) pretty much couldn’t happen here or they’d be chucked out of the country. And, whilst they’re so heavily subsidising (or at least obtaining bulk discounts for) this kinda tech, that’s cool with me.