Embodiments of the present invention relate generally to preventing online fraud. More specifically, embodiments of the present invention relate to methods and systems for validating ownership of domain names.
Today, banks and/or other entities are trying to find ways to extend strong enterprise-to-enterprise (also known as business-to-business) authentication schemes to consumers to enable consumers to know if they are actually connected to the legitimate bank and/or entity they believe they are connected to. These business-to-consumer or B2C approaches are complex, expensive and/or require considerable consumer understanding, compliance and patience.
One of the biggest challenges facing corporations and others entities trying to use the Internet for business and/or other legitimate purposes today is that it is very easy for a fraudster or bad actor to buy and use an Internet domain name or IP address that would appear to belong to the legitimate entity and that the fraudster promotes as belonging to the legitimate entity. The fraudster may use the similar domain name or IP address to deceive, confuse, scare or entice a consumer, customer or partner of the company or entity as part of an actual or attempted fraud, fake transaction, counterfeit sale, false association or other identity based crime or other abuse.
As a result of these scams, consumers and partners are losing trust in and are becoming less willing to use the Internet, online commerce or self-service systems, email, and/or other Internet based services to interact with and transact business with the entity. This causes harm to the entity such as lost revenue due to lower sales and/or increased operations costs as consumers and others become reluctant to use online services such as online banking, online account management, ecommerce, shopping, travel planning, etc.
In response to this, corporations, regulators and others are actively discussing multiple enhanced authentication solutions, such as enhanced authentication for online banking and other types of business to consumer (B2C) commerce and/or services. However, traditional authentication solutions are very costly or impractical, if not impossible to implement globally, across a large consumer population.
Domain Names were designed as the Internet's UI to communicate identity and ownership, in order to enable people to link to a corporation's or entity's Internet presence whose names are well known or memorable to them. Consumers intuitively understand that the domain name Microsoft.com (or dot other TLD) is the well known company Microsoft. And, if they know how to look up the domain name ownership whois record, they can read (increasingly in multiple languages) that is the well know company whose address is Redmond Wash.
In many ways, Domain Names have always been a better and more understandable means of communicating ownership and authenticity to consumers, than certificates, except for two things: First, ICANN requires domain name ownership records to be accurate but does not (and cannot) enforce this. And, second, prior to the URS and IE7, there has no secure and practical way to communicate them to consumers. Hence, there is a need in the art for improved methods and systems for validating ownership of domain names.