Retail business over the Internet has expanded rapidly since it began. Although many transactions occur via public data networks many consumers fear providing their credit card information to their computer. In many cases these fears are well founded.
Today, a common approach to acquiring people's information without their knowledge is using a method known as phishing. This technique involves finding a company webpage that allows a user to access money or credit, such as the webpage of a bank. The hacker then provides a false webpage that resembles the company webpage for use in convincing a user that they are at the company web site. This webpage simply receives client identification information and client password information. The hacker then provides an email message to a person that the hacker hopes is a client of the company. The email provides the webpage address for the false webpage provided by the hacker and an indication that the client should click on a link that leads to the false webpage and sign in. The client does so, thereby providing their username and password to the hacker. The false webpage transfers this data to the hacker or alternatively, uses this data to access the money or credit available. In this way, the hacker is able to gain information and/or assets relating to the client. Once the user name and password information is known, it is a simple matter for the hacker to impersonate the client at the real webpage of the business and take advantage of assets of the client.
It would be beneficial to provide a system that provides robust authentication. It would be particularly beneficial if such a system were resistant to “phishing” attacks.