Internet Governance & Policy

Online Banking – new gTLDs could help reduce impact of phishing attacks and lead to greater consumer trust online

author portrait

June 28, 2013

By jbourne

 

When the new gTLDs roll out, banking online will take a step toward better security.      Approximately 20 banks applied for their own .BRAND, including  Citigroup (.CITI),    Bank of America (.BOFA), HSBC (.HSBC), and The State Bank of India (.STATEBANK).    Other banks, including smaller regional banks, will have the opportunity to register in  the  generic TLD .BANK.

 

Those banks will be ahead of the game, particularly since the Wall Street Journal has  reported that that phishing was related to $2.5 billion in financial-industry losses in  2011.

 

 

https://gtldresult.icann.org/application-result/applicationstatus/viewstatus

fTLD Registry Services, LLC  (FRS) and Dotsecure, Inc. applied for .BANK. As fTLD explains in the public portion of its application, it is applying for the new gTLD “on behalf of the global banking community to ensure that the .bank gTLD will serve as a trusted, hierarchical, and intuitive namespace for this community, the businesses that are either supported by or represent the community and the consumers it serves.” Dotsecure, on the other hand, did not submit a community-based application for .BANK.  “The mission⁄purpose for .bank is to be the Global Banking TLD. Keeping this in mind, .bank will look to contribute to the Internet Namespace in several ways” and then proceeds to list Enhance Trust, Searchability and Recognition, Registrant Choice, Create a Cleaner Internet Space and Create a Stable and Resilient Internet.  Where fTLD focused on the community aspect of its application, Dotsecure focuses on the technical aspects of running a gTLD.

In its application, FRS (which was formed by the American Bankers Association (ABA) and Financial Services Roundtable), explains that registrants – those applying for websites or domain names within the .BANK TLD – will be vetted to ensure that the prospective registrant is, in fact, a recognized bank and financial services company.  Dotsecure also discusses the problem of banking online, “Within the current gTLD and ccTLD environment, there are constant attempts of fraudulent representation of banking institutions on the Internet. Fraudulent “Nigerian Bank emails” or “Chinese Funds Transfer emails” have occurred so often they have become common spam. Using the new gTLD program, it is possible to build a unique and trusted Internet space for banking institutions. In this gTLD, all registrations will be fully restricted to only certified banking institutions. The banking organization’s identity and accreditation will have been verified prior to allowing live web services of name resolution. The .bank new gTLD will be a more trustworthy system.”

FRS references recent reports by RSA and the Anti-Phishing Working Group (APWG) on phishing attacks, explaining that a secure and trustworthy TLD would reduce the incidents of phishing and phishing emails, which can contain harmful and dangerous malware.  As Josh Bourne of FairWinds Partners explains, “If bad-actors are not allowed to register in .BANK, then consumers can and will trust .BANK sites and emails that lead to .BANK sites. Those who try to scam consumers using official-looking emails from websites not ending in .BANK will be less likely to trick Internet users who know that their bank or financial services company only uses a .BANK website, for example.”

Customers of banks who applied for their .BRAND – like .BOFA – are likely to  benefit from knowing that any correspondence claiming to be from the bank but not generated by .BOFA is fraudulent (or highly likely to be fraudulent).  Hopefully, by establishing these secure, online territories for banks, the amount of financial industry-related phishing will be reduced for consumers worldwide.

Share on Social

Author portrait

About jbourne