Recently in a magazine article I read that PayPal service has never been hacked in its history. What kind of security model are they employing to protect their data and provide financial security?

1) A large percentage of early technical employees in all areas (software engineering, network engineering, system administration, database administration, you name it) were both very good technically and very practical at the same time, which led them to understand real-world security risks and considerations (starting with Max Levchin who was deeply versed in math and cryptography).

2) Employees who were intimately involved with live site support and operations were universally top-notch and extremely dedicated and would consider any security breach a personal affront, so they did everything possible to guard against it (NB: it was a lot easier to have developers be involved in live site support before SOX [1]).

3) While the team had cut plenty of corners in feature development and the codebase was far from perfect, when it came to security infrastructure the standards were extremely high (another example of practicality that was a universal trait of the vast majority of early PayPal'ers).

I vividly remember one of the first new concepts I learned after joining - that of a "share party": at the time restarting live services after maintenance or outages required simultaneous involvement of 3 out of 8 trusted "shareholders" who jointly held the keys to the secrets (encryption keys etc) that were required for the system to operate.


Neteller here: