1. Field of the Disclosure
The present disclosure relates to methods and systems for identification by a payment cardholder of phishing and/or deceptive Websites. In particular, in the methods and systems of this disclosure, a payment cardholder uses a proxy interaction to determine whether a merchant Website is registered with a payment card network.
2. Description of the Related Art
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social Websites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake Website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the Website is fake.
As the Internet and electronic mail (“e-mail”) continues to be utilized by an ever increasing number of users, so does fraudulent and criminal activity via the Internet and e-mail increase. Phishing is becoming more prevalent and is a growing concern that can take different forms. For example, a “phisher” can target an unsuspecting computer user with a deceptive e-mail that is an attempt to elicit the user to respond with personal and/or financial information that can then be used for monetary gain. Often a deceptive e-mail may appear to be legitimate or authentic, and from a well-known and/or trusted business site. A deceptive e-mail may also appear to be from, or affiliated with, a user's bank or other creditor to further entice the user to navigate to a phishing Website.
A deceptive e-mail may entice an unsuspecting user to visit a phishing Website and enter personal and/or financial information which is captured at the phishing Website. For example, a computer user may receive an e-mail with a message that indicates a financial account has been compromised, an account problem needs to be attended to, and/or to verify the user's credentials. The e-mail will also likely include a clickable (or otherwise “selectable”) link to a phishing Website where the user is requested to enter private information such as an account number, password or PIN information, mother's maiden name, social security number, credit card number, and the like. Alternatively, the deceptive e-mail may simply entice the user to reply, fax, IM (instant message), e-mail, or telephone with the personal and/or financial information that the requesting phisher is attempting to obtain.
Phishing is a substantial problem for payment cardholders, although tools such as McAfee's Site Advisor offer a blacklisting approach to the problem. The underlying problem is that anyone can obtain an Internet domain name, there are many tricks to confuse a payment cardholder into accessing an illegitimate webpage, and it is difficult to prevent a site from spoofing a legitimate one.
Thus, there exists a need to provide enhanced security for payment cardholders when accessing Websites.