ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Cybersecurity

What’s in a (Domain) Name?

April 30, 2015
Reading Time: 7 mins read

By Peggy Bresnick

Cyber attacks and data breaches continue to wreak financial havoc for organizations around the globe. The grim news is that online attacks are only going to become more numerous and more sophisticated in the future.

Says Ponemon Institute in a recent research report, “2014: A Year of Mega Breaches,” 2014 saw a series of mega security breaches and attacks that resulted in the exposure and theft of literally millions of customer and employee credit and debit card numbers and personal data. “2015 is predicted to be as bad or worse as more sensitive and confidential information and transactions are moved to the digital space and become vulnerable to attack,” says the report.

While organizations of all types and sizes are taking measures to stop data breaches, banks are working hard to shore up cyber defenses to minimize damage. Online fraud can injure a bank’s brand and reputation, erode customer trust and threaten customer loyalty. The financial damage is potentially enormous; the costs of successfully detecting fraud and thwarting a wide and expanding array of cyber threats are rising. Financial institutions today know they must address security concerns proactively, rather than simply address and react to issues after they occur.

Unfortunately, with increasing customer use of the mobile and online channels, banks are finding it challenging to stay one step ahead of cyber criminals, who are becoming more and more sophisticated in their attacks. Criminals can create email communications that appear to have been sent by the recipients’ financial institution, but contain corrupt Web links that are designed to extract personal and financial information from the unwitting customer. Cyber criminals using “spoofed” IP addresses that are disguised as trustworthy sources trick victims into clicking links that will install malware on their machines and extract personal information.

.BANK offers security, inspires trust

Securing customer information is a priority for all organizations today, yet banks are finding it challenging to protect customers from online crooks who pose as legitimate financial institutions—and ultimately steal customers’ account information. Within the next few months, however, banks will have a new way to improve online securityand proactively mitigate the risks of phishing and spoofing attacks while inspiring greater customer confidence and presenting new marketing and branding opportunities. ABA members and other verified members of the banking community can take advantage of .BANK, a new banking-specific top-level Internet domain with a variety of enhanced security controls.

The new domain is offered by fTLD Registry Services LLC, Washington, D.C., an entity formed by the ABA, Financial Services Roundtable and other banks, insurance companies and financial services trade associations to apply for the .BANK and .INSURANCE domains and to operate them securely. fTLD now includes a Board of Directors and an Advisory Council that currently includes financial institutions and financial services trade associations.

Not merely a new domain, .BANK will offer the banking community and its customers a trusted, protected and easily-identifiable space on the Internet to conduct banking business. Banks that utilize the new domain will help prevent users from being redirected to fake bank websites. .BANK also will make it difficult for cyber criminals to be successful with spoofed emails, since banking customers will know to look for and trust communications from email addresses that include the specific domain. The .BANK domain also provides a high level of encryption designed to protect communications that banks and their customers send through email, making it much more difficult to intercept, eavesdrop on or manipulate those conversations.

“In the current environment, there’s concern in the ability to trust that an email actually comes from a financial institution you’re doing business with,” says Doug Johnson, ABA’s SVP for payments and cybersecurity policy. “Because of the enhanced security measures that we’ll have in place with the .BANK domain, including email authentication, customers will have a higher level of confidence that when they get a communication from their bank, that it’s actually from their financial institution.”

Although .BANK is currently just in the process of being rolled out, plans have been in the works for some time. In 2008, the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit organization responsible for IP address allocation, as well as managing domain name system management, approved a program that opened the Internet to thousands of new generic top-level domains (gTLDs), in addition to the ubiquitous .com and .org extensions.

fTLD Registry Services was formed in 2011, but only after organizations like the ABA and Financial Services Roundtable had lobbied ICANN rigorously to prevent domain names like .BANK and .INSURANCE from becoming available. “We initially thought it would be more confusing to consumers, and we felt it would create more issues for brand holders while increasing the possibility of cyber attacks,” explains Craig Schwartz, managing director, fTLD Registry Services LLC, Washington, D.C. ABA and Financial Services Roundtable later decided to join together to establish and protect the .BANK and .INSURANCE domains.

Extra security, added value

“The value of getting the .BANK domain is the extra security that’s required to be in the space and the trust and confidence that comes with knowing that others in the space are legitimate and have been verified,” says Schwartz. “When you’re talking to someone with a .BANK extension, you know that entity is legitimate and has been verified before it gets to use the name.”

A key benefit of the .BANK domain is that only members of the global banking community will be eligible to register domains. Registration follows a very rigorous authentication process, including charter verification by the registrant’s regulator—so it’s not possible for just anyone to receive the .BANK domain by simply applying through an Internet domain registrar and Web hosting company, such as Go Daddy.

“We’re the gatekeeper,” says Johnson. “In order to even play within the domain, any individual attempting to secure a .BANK domain has to prove that he or she is requesting the domain on behalf of a legitimate financial institution or other core processors and service providers to the bank. The person also has to prove that he or she has the authority within the bank to be making the request.”

Besides legitimate financial institutions, the .BANK domain is also available to vendors that work in the banking space. “Companies that provide core processing have to be able to operate through .BANK domains and have the same level of security as the bank,” Johnson explains. “Many banks are dependent on core providers to provide a significant amount of services that are vital to the bank so it makes sense that they are behind the same security wall.”

fTLD has partnered with security firm Symantec to prevent financial firms from registering if they don’t meet eligibility requirements. As the Registry Verification Agent, Symantec verifies companies when they initially register for the .BANK domain name, and also at each renewal. Symantec reviews all registrations and makes recommendations on which applications to approve or deny to fTLD, which is responsible for the final determination.

Registration is via registrars

Banks must register for and buy their .BANK domain names through registrars listed on the fTLD Registry Services website at fTLD.com, and acceptance isn’t immediate or guaranteed. Domain names are awarded on a first-come, first-served basis, and only after a strict verification process. Because costs are higher for fTLD to operate .BANK with increased security and other provisions, costs for the new domain name will be higher than for a typical domain. When evaluating potential registrars for their .BANK domain, financial institutions should be aware that some vendors bundle services like brand protection services along with the .BANK registration.

Banks that own the trademark on the name to the left of their .com address may be eligible to register the trademark with ICANN’s Trademark Clearinghouse and apply for the .BANK version of that name during the sunrise registration period. According to the registration process timeline, the sunrise period—during which only trademark holders who have registered their bank’s trademark with ICANN’s Trademark Clearinghouse may purchase domains— begins on May 18. Domain registration for founding members of fTLD will be from June 17-23 and general availability registrations will begin on June 24.

Dollar Bank, which is on the Board of Directors of fTLD Registry Services, has been active in the .BANK initiative. According to Al Williams, Dollar Bank’s executive vice president and COO, banks should also monitor the new financial-oriented new domains being launched. “We’ve registered probably 20 different domains, either because they’re useful or because we don’t want someone else to register them,” Williams explains.

“We’ve been dealing with domain names as an intellectual property since 1996 when we first registered dollarbank.com,” Williams points out. Dollar Bank currently owns at least a dozen domain names related to its company name. “In the early days of the Internet, companies needed the right domain names to be recognized by search engines used by those looking for a bank. And now, we own several domain names to protect the online world of Dollar Bank from others registering names close to ours.”

ADVERTISEMENT

Says Johnson, fTLD exists to protect the .BANK domain for the industry to provide highly protective services for banking customers. “At the end of the day, we’re just looking for better ways to serve our customers,” he says. “We will have some measure of success when our customers actually recognize that and will look for the .BANK extension. We will have succeeded when our customers look for the .BANK domain and if they don’t see the .bank extension, and they question whether there’s appropriate security around the communication they’re currently having with the bank.”

Peggy Bresnick is a contributor to the ABA Banking Journal.


 

Next Steps

Banks that wish to purchase the .BANK domain for their institution can take the following steps:

  • Assemble a team within your financial institution, including members from legal, IT and marketing and any outside provider that may run your banking platform.
  • Think about intellectual property rights protection, and consider trademarking the name to the left of your .com extension. According to Johnson, most banks currently haven’t trademarked these names. “They can register that trademark within the ICANN clearinghouse, which gives banks not only the ability to dispute anyone attempting to use their name in other domains, but also to participate in the sunrise period, which is about a month before general availability.”
  • Consider purchasing related names under financial domains. There will be about 1,500 new domains introduced within the next several years, many seemingly related to financial services and banking activities like .invest, .loan or .mortgage. However, since these domains are not owned or operated by the industry, bank names could be used by cybercriminals with unregulated extensions to reach out to customers on your behalf for nefarious purposes. A bank might choose to defensively purchase its names across all financial services-related domains, like .mortgage and .loan—not because it will actively utilize the extension, but to prevent others from misusing its name.
  • Develop a deployment strategy to determine how you’ll use the .com and .BANK extension, when you’d like to roll out a new extension and what you’d like to register. “Every financial institution will be different in terms of how it goes about deployment, and every institution will have its own feel for what it will leave in .com or move over into .BANK, and in the timeline for the deployment process,” Johnson says.
  • Consult the fTLD Registry Services LLC website at fTLD.com for updates on .BANK registration, registrars and additional information on policies and requirements.
  • Consider contacting a registrar now to determine if you can enter a “pre-screening” process that will set up an account and collect application information early. Orders will still be processed on a first-come, first-served basis after the launch, but much of the application process will be out of the way early.

 

Tags: CybersecurityDot-bank
ShareTweetPin

Related Posts

BAFT releases report on best practices, guidance for ISO 20022 migration

ABA offers fixes for small-business lending data collection rule

Commercial Lending
July 18, 2025

In a letter, ABA said it is pleased with the CFPB's proposal to revise its small-business lending data rule and offered several recommendations to reduce the compliance burden for banks.

ABA points to role of regulators in discouraging bank engagement in digital assets

ABA, associations urge OCC to postpone crypto firm applications for bank charters

Newsbytes
July 18, 2025

ABA joined four banking and credit union associations in raising concerns about a push by digital asset firms to establish national trust banks, saying there are significant policy and legal questions as to whether the applicants' proposed business...

ABA, associations urge lawmakers to finalize deal on debt ceiling

House passes bills on stablecoins, digital assets, CBDCs

Cybersecurity
July 17, 2025

The House voted in favor of two bills to create a regulatory framework for payment stablecoins and digital assets. House members also voted in favor of a separate bill to ban the Federal Reserve from issuing a CBDC.

BIS: Stablecoins fail as ‘sound money’

ABA urges lawmakers to include safeguards in stablecoin bill

Compliance and Risk
July 17, 2025

A durable regulatory framework for stablecoins must balance the potential for enhancing payments with the need to limit negative economic consequences, promote financial stability and guard against consumer protection risks, ABA President and CEO Rob Nichols said in...

How customer primacy drives value in 2025

How customer primacy drives value in 2025

Retail and Marketing
July 17, 2025

Shifting consumer behavior and increased competition redefine what it means for banks, but the payoff can be great.

ABA urges FCC to combat illegal call spoofing

ABA urges FCC to impose call authentication requirement for non-IP networks, mandate IP transition

Compliance and Risk
July 16, 2025

ABA joined six trade associations in urging the FCC to adopt a proposal to create a new call authentication requirement designed to limit criminal access to the U.S. calling network.

NEWSBYTES

ABA offers fixes for small-business lending data collection rule

July 18, 2025

ABA DataBank: Retail sales rebounded in June

July 18, 2025

CFPB to keep notification procedures for state enforcement of consumer law

July 18, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

The future of careers in risk and compliance

July 17, 2025

Breaking down the bank-related provisions in the big budget bill

July 10, 2025

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.