ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Sponsored Archive
    • Podcast Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Sponsored Archive
    • Podcast Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Cybersecurity

What’s in a (Domain) Name?

April 30, 2015
Reading Time: 7 mins read

By Peggy Bresnick

Cyber attacks and data breaches continue to wreak financial havoc for organizations around the globe. The grim news is that online attacks are only going to become more numerous and more sophisticated in the future.

Says Ponemon Institute in a recent research report, “2014: A Year of Mega Breaches,” 2014 saw a series of mega security breaches and attacks that resulted in the exposure and theft of literally millions of customer and employee credit and debit card numbers and personal data. “2015 is predicted to be as bad or worse as more sensitive and confidential information and transactions are moved to the digital space and become vulnerable to attack,” says the report.

While organizations of all types and sizes are taking measures to stop data breaches, banks are working hard to shore up cyber defenses to minimize damage. Online fraud can injure a bank’s brand and reputation, erode customer trust and threaten customer loyalty. The financial damage is potentially enormous; the costs of successfully detecting fraud and thwarting a wide and expanding array of cyber threats are rising. Financial institutions today know they must address security concerns proactively, rather than simply address and react to issues after they occur.

Unfortunately, with increasing customer use of the mobile and online channels, banks are finding it challenging to stay one step ahead of cyber criminals, who are becoming more and more sophisticated in their attacks. Criminals can create email communications that appear to have been sent by the recipients’ financial institution, but contain corrupt Web links that are designed to extract personal and financial information from the unwitting customer. Cyber criminals using “spoofed” IP addresses that are disguised as trustworthy sources trick victims into clicking links that will install malware on their machines and extract personal information.

.BANK offers security, inspires trust

Securing customer information is a priority for all organizations today, yet banks are finding it challenging to protect customers from online crooks who pose as legitimate financial institutions—and ultimately steal customers’ account information. Within the next few months, however, banks will have a new way to improve online securityand proactively mitigate the risks of phishing and spoofing attacks while inspiring greater customer confidence and presenting new marketing and branding opportunities. ABA members and other verified members of the banking community can take advantage of .BANK, a new banking-specific top-level Internet domain with a variety of enhanced security controls.

The new domain is offered by fTLD Registry Services LLC, Washington, D.C., an entity formed by the ABA, Financial Services Roundtable and other banks, insurance companies and financial services trade associations to apply for the .BANK and .INSURANCE domains and to operate them securely. fTLD now includes a Board of Directors and an Advisory Council that currently includes financial institutions and financial services trade associations.

Not merely a new domain, .BANK will offer the banking community and its customers a trusted, protected and easily-identifiable space on the Internet to conduct banking business. Banks that utilize the new domain will help prevent users from being redirected to fake bank websites. .BANK also will make it difficult for cyber criminals to be successful with spoofed emails, since banking customers will know to look for and trust communications from email addresses that include the specific domain. The .BANK domain also provides a high level of encryption designed to protect communications that banks and their customers send through email, making it much more difficult to intercept, eavesdrop on or manipulate those conversations.

“In the current environment, there’s concern in the ability to trust that an email actually comes from a financial institution you’re doing business with,” says Doug Johnson, ABA’s SVP for payments and cybersecurity policy. “Because of the enhanced security measures that we’ll have in place with the .BANK domain, including email authentication, customers will have a higher level of confidence that when they get a communication from their bank, that it’s actually from their financial institution.”

Although .BANK is currently just in the process of being rolled out, plans have been in the works for some time. In 2008, the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit organization responsible for IP address allocation, as well as managing domain name system management, approved a program that opened the Internet to thousands of new generic top-level domains (gTLDs), in addition to the ubiquitous .com and .org extensions.

fTLD Registry Services was formed in 2011, but only after organizations like the ABA and Financial Services Roundtable had lobbied ICANN rigorously to prevent domain names like .BANK and .INSURANCE from becoming available. “We initially thought it would be more confusing to consumers, and we felt it would create more issues for brand holders while increasing the possibility of cyber attacks,” explains Craig Schwartz, managing director, fTLD Registry Services LLC, Washington, D.C. ABA and Financial Services Roundtable later decided to join together to establish and protect the .BANK and .INSURANCE domains.

Extra security, added value

“The value of getting the .BANK domain is the extra security that’s required to be in the space and the trust and confidence that comes with knowing that others in the space are legitimate and have been verified,” says Schwartz. “When you’re talking to someone with a .BANK extension, you know that entity is legitimate and has been verified before it gets to use the name.”

A key benefit of the .BANK domain is that only members of the global banking community will be eligible to register domains. Registration follows a very rigorous authentication process, including charter verification by the registrant’s regulator—so it’s not possible for just anyone to receive the .BANK domain by simply applying through an Internet domain registrar and Web hosting company, such as Go Daddy.

“We’re the gatekeeper,” says Johnson. “In order to even play within the domain, any individual attempting to secure a .BANK domain has to prove that he or she is requesting the domain on behalf of a legitimate financial institution or other core processors and service providers to the bank. The person also has to prove that he or she has the authority within the bank to be making the request.”

Besides legitimate financial institutions, the .BANK domain is also available to vendors that work in the banking space. “Companies that provide core processing have to be able to operate through .BANK domains and have the same level of security as the bank,” Johnson explains. “Many banks are dependent on core providers to provide a significant amount of services that are vital to the bank so it makes sense that they are behind the same security wall.”

fTLD has partnered with security firm Symantec to prevent financial firms from registering if they don’t meet eligibility requirements. As the Registry Verification Agent, Symantec verifies companies when they initially register for the .BANK domain name, and also at each renewal. Symantec reviews all registrations and makes recommendations on which applications to approve or deny to fTLD, which is responsible for the final determination.

Registration is via registrars

Banks must register for and buy their .BANK domain names through registrars listed on the fTLD Registry Services website at fTLD.com, and acceptance isn’t immediate or guaranteed. Domain names are awarded on a first-come, first-served basis, and only after a strict verification process. Because costs are higher for fTLD to operate .BANK with increased security and other provisions, costs for the new domain name will be higher than for a typical domain. When evaluating potential registrars for their .BANK domain, financial institutions should be aware that some vendors bundle services like brand protection services along with the .BANK registration.

Banks that own the trademark on the name to the left of their .com address may be eligible to register the trademark with ICANN’s Trademark Clearinghouse and apply for the .BANK version of that name during the sunrise registration period. According to the registration process timeline, the sunrise period—during which only trademark holders who have registered their bank’s trademark with ICANN’s Trademark Clearinghouse may purchase domains— begins on May 18. Domain registration for founding members of fTLD will be from June 17-23 and general availability registrations will begin on June 24.

Dollar Bank, which is on the Board of Directors of fTLD Registry Services, has been active in the .BANK initiative. According to Al Williams, Dollar Bank’s executive vice president and COO, banks should also monitor the new financial-oriented new domains being launched. “We’ve registered probably 20 different domains, either because they’re useful or because we don’t want someone else to register them,” Williams explains.

“We’ve been dealing with domain names as an intellectual property since 1996 when we first registered dollarbank.com,” Williams points out. Dollar Bank currently owns at least a dozen domain names related to its company name. “In the early days of the Internet, companies needed the right domain names to be recognized by search engines used by those looking for a bank. And now, we own several domain names to protect the online world of Dollar Bank from others registering names close to ours.”

Says Johnson, fTLD exists to protect the .BANK domain for the industry to provide highly protective services for banking customers. “At the end of the day, we’re just looking for better ways to serve our customers,” he says. “We will have some measure of success when our customers actually recognize that and will look for the .BANK extension. We will have succeeded when our customers look for the .BANK domain and if they don’t see the .bank extension, and they question whether there’s appropriate security around the communication they’re currently having with the bank.”

Peggy Bresnick is a contributor to the ABA Banking Journal.

 

Next Steps

Banks that wish to purchase the .BANK domain for their institution can take the following steps:

  • Assemble a team within your financial institution, including members from legal, IT and marketing and any outside provider that may run your banking platform.
  • Think about intellectual property rights protection, and consider trademarking the name to the left of your .com extension. According to Johnson, most banks currently haven’t trademarked these names. “They can register that trademark within the ICANN clearinghouse, which gives banks not only the ability to dispute anyone attempting to use their name in other domains, but also to participate in the sunrise period, which is about a month before general availability.”
  • Consider purchasing related names under financial domains. There will be about 1,500 new domains introduced within the next several years, many seemingly related to financial services and banking activities like .invest, .loan or .mortgage. However, since these domains are not owned or operated by the industry, bank names could be used by cybercriminals with unregulated extensions to reach out to customers on your behalf for nefarious purposes. A bank might choose to defensively purchase its names across all financial services-related domains, like .mortgage and .loan—not because it will actively utilize the extension, but to prevent others from misusing its name.
  • Develop a deployment strategy to determine how you’ll use the .com and .BANK extension, when you’d like to roll out a new extension and what you’d like to register. “Every financial institution will be different in terms of how it goes about deployment, and every institution will have its own feel for what it will leave in .com or move over into .BANK, and in the timeline for the deployment process,” Johnson says.
  • Consult the fTLD Registry Services LLC website at fTLD.com for updates on .BANK registration, registrars and additional information on policies and requirements.
  • Consider contacting a registrar now to determine if you can enter a “pre-screening” process that will set up an account and collect application information early. Orders will still be processed on a first-come, first-served basis after the launch, but much of the application process will be out of the way early.

 

ADVERTISEMENT
Tags: CybersecurityDot-bank
ShareTweetPin

Related Posts

Fed’s Waller: FedNow grows to nearly 1,000 institutions

FedNow grew to $17.5B in transactions in third quarter 2024

Newsbytes
November 22, 2024

The FedNow instant payments service saw nearly $17.5 billion in transactions in the third quarter of the year, up from less than $500 million in the second quarter.

Study: Banking apps make deposits less ‘sticky’ as rates rise

ABA survey: Mobile apps most popular tool to manage bank accounts

Newsbytes
November 22, 2024

More than half of U.S. consumers are conducting their banking via mobile apps more often than any other method, according to a new survey conducted by Morning Consult on behalf of the ABA.

Fed Survey: Banks tighten policies on commercial real estate lending

Federal report identifies CRE, cybersecurity as financial stability risks

Commercial Lending
November 22, 2024

Commercial real estate and cybersecurity risks remain potential vulnerabilities for the U.S. financial system, the Office of Financial Research said in its annual report to Congress. The report also identified “data gaps” that could complicate projections.

Report: Financial services most impersonated industry in phishing scams

FS-ISAC releases framework to help financial institutions fight phishing

Compliance and Risk
November 20, 2024

The Financial Services Information Sharing and Analysis Center has published a framework of recommended best practices to help financial services institutions counter phishing attacks.

These four banks excel at creating employer brands

Chair’s View: Core values in an ever-changing world

ABA Banking Journal
November 20, 2024

Caring about people is the essence of relationship banking, and it’s one of the things that, in my opinion, makes this a noble profession.

BAFT releases report on best practices, guidance for ISO 20022 migration

ABA opposes Canada-based institute’s application to become open banking standard-setting body

Newsbytes
November 18, 2024

ABA opposes an application by the Digital Governance Standards Institution to become a recognized standard-setting body under the CFPB’s final financial data-sharing regulation.

NEWSBYTES

Fed financial stability report: Bank system remains resilient

November 22, 2024

FedNow grew to $17.5B in transactions in third quarter 2024

November 22, 2024

ABA DataBank: Thanksgiving dinner costs decline for second year

November 22, 2024

SPONSORED CONTENT

Dynamic Personal Experiences: Transform Your Digital Banking Into a Brand Differentiator

Dynamic Personal Experiences: Transform Your Digital Banking Into a Brand Differentiator

November 1, 2024
Redefining “Financial Security”

Redefining “Financial Security”

October 1, 2024
Keeping Fraudsters at Bay

Keeping Fraudsters at Bay

October 1, 2024
Revolutionizing Commercial Lending: A Look Inside DataScan360

Revolutionizing Commercial Lending: A Look Inside DataScan360

October 1, 2024

PODCASTS

Podcast: Why middle market businesses are growing more optimistic

November 20, 2024

Podcast: Tax reform comes into focus for 2025

November 14, 2024

Podcast: Strategies to help America’s agricultural producers

November 7, 2024
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2024 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Sponsored Archive
    • Podcast Archive

© 2024 American Bankers Association. All rights reserved.