Embodiments of the present invention relate generally to methods and systems for establishing trust between parties to an online interaction and more particularly to using a non-static, location-based anti-phishing image that can, in some cases, include authentication information.
As online activity, and in particular online commerce, continues to grow, the incidence of online scams and schemes grows at an equal, if not greater, pace. For example, phishing operations often involve mass contact of consumers (e.g., by “spam” email messages, text messages, VoIP calls, instant messages, etc. as well as through other devices) claiming to be from a particular, and probably well-known, company or other entity and generally direct contacted consumers to a response site, which often is a web site but can also be a telephone number, etc. The response site may appear to be that of the company or entity indicated by the message but is, however, fraudulent and not associated with that company or other entity. Rather, the site is designed to lure the consumers into providing personal information such as passwords, account numbers, etc. that can then be used by the criminals operating the phishing site.
To prevent phishing attacks many or most online solutions today use anti-phishing images as a way to establish trust and to ensure the end user that he has entered the correct website. For example, upon registering with a known site of a particular company or other entity, the user can select or provide a particular image. Upon future visits to this site, typically as part of a login process, this image can be provided to the user as a quick and easy visual confirmation that the site is indeed the same, trusted site. However, current anti-phishing images used in most online solutions are static images. As such, it is still relatively easy for a hacker to setup a phishing site and harvest the user information if the hacker is able to steal or otherwise determine the image used. Additionally, knowledge based authentication, One Time Passwords (OTPs) delivered by Short Message Service (SMS) or email OTP or combinations of these methods used as secondary authentication have their own limitations. Hence, there is a need for improved methods and systems for establishing trust between parties to an online interaction.