ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Guarding the digital front door

February 10, 2023
Reading Time: 3 mins read
Larger financial institutions hit by variety of cyberattacks in 2022
ADVERTISEMENT

By Paul Benda

A key component of any bank’s cybersecurity posture is securing your bank’s domain name. Your domain is where your customers engage and transact with you online, making it critical that you remain in full control over it and that you do everything you can to ensure customers aren’t duped into engaging fraudulent domains acting as your bank.

Domain name security is such an important priority that ABA invested in the creation of the .bank top-level domain—carving out a piece of the internet to be used exclusively by banks, preventing bad actors from having access to domains for use in cyberattacks. (Thanks to the expert-developed .bank security requirements, banks using a .bank domain employ several additional layers of cybersecurity to enhance the protection the domain provides.)

But regardless of what domain your bank uses, ensuring it’s secure is critical. Here are seven top domain name security measures—measures that overlap with the .bank security requirements—that ABA recommends banks have in place. These measures can prevent access to, and abuse of, websites, online banking tools and email systems—the same way you have security measures preventing and monitoring unauthorized access to your bank and areas within it.

1. DNSSEC. DNS is like a phone book for the internet. It has a list of site names (for example, Google.com, CNN.com, or MyBank.com) and their corresponding IP addresses. DNSSEC uses something called digital signatures to ensure that the list of names and numbers is accurate by preventing unauthorized changes to them. This is a critical measure that ensures customers visiting your URL arrive at your site and aren’t redirected to a spoofed website controlled by hackers. These spoofed websites, designed to look like real bank websites, are used for credential harvesting, where customers attempt to log in with their usernames and passwords giving the hackers credentials to their real bank account.

2. Email authentication (SPF, DKIM and DMARC records). Authentication ensures the legitimacy of emails by authenticating the sender and confirming the email was not altered during transit. As more internet service providers and receiving mailboxes adopt stricter policies to protect their customers, senders without authentication will see difficulties with inbox placement and may find themselves and their customers at risk of phishing attacks. SPF is a whitelist of who can send email as your bank (for example, employees, cores and marketing platforms). DKIM adds an encrypted signature to every outbound email enabling email receivers to confirm the email was sent by you and that its content was not altered while in transit. And finally, DMARC is instructions for email receivers (Outlook, Gmail) on what to do with emails from senders not approved in your SPF record or that fail DKIM authentication. (Without DMARC instructions, most malicious emails will be delivered.)

Proper email authentication prevents phishing and email spoofing by ensuring only your bank and those you authorize can send emails as your organization. Email authentication also protects your email against tampering while in transit to the receiver via encryption. And authentication improves deliverability, since all leading email receivers detect the SPF and DKIM records of any incoming message as a feature. If you send an email without authentication protocols, there’s a good chance your users will find your messages in their spam. Properly authenticating emails enhances your sender reputation among email receivers and ISPs, reducing the number of messages labeled as spam and lowering email bounce rates.

3. TLS certificates. TLS, previously known as SSL, is a security protocol that encrypts data transmitted between a website and visitors’ devices. By installing an TLS certificate, organizations can help protect against eavesdropping and tampering.

Learn more about the .bank domain and how it can help strengthen a bank’s cybersecurity posture and customer confidence at aba.bank.
4. Multi-factor authentication. In wide use to prevent use of stolen credentials, MFA requires users to provide additional evidence of their identity, such as a code sent to their phone, in order to access a system. This can help prevent unauthorized access and changes to DNS records and other sensitive information.

5. Monitor DNS activity. Regularly monitoring DNS activity, via DNS logs and network monitoring tools, can help detect and respond to potential threats in a timely manner.

6. Use a reputable DNS provider. Choosing a reputable DNS provider can help ensure that DNS records are managed securely and that the provider has the necessary security measures in place to protect against cyber threats.

7. Use Registry Lock. This service (which is available for .bank domains) can prevent unauthorized DNS record updates (used to redirect website traffic or grant permission for the hacker to send email as your bank), unauthorized transfer of your domain to a new owner or registrar, or the deletion of your domain entirely. All requested changes require your registrar to request the domain to be unlocked by the registry, forcing a manual verification of the changes by the registry with the authorized registrant and ensuring that only authorized personnel are ever able to make domain and DNS changes.

Each of these steps—drawn from cybersecurity experts and overlapping with the security requirements that help make .bank domains secure—is part of a multilayered strategy to secure your bank’s online banking transactions and communications with customers.

Paul Benda is SVP for operational risk and cybersecurity at ABA.

Tags: CybersecurityDot-bankWebsites
ShareTweetPin

Related Posts

OCC to merge community bank, large bank supervision departments

OCC removes disparate impact from bank examinations

Compliance and Risk
July 14, 2025

The OCC has removed references to disparate impact liability in its documentation and directed examiners to no longer look for it in their bank exams.

Director’s Briefing: How a Maryland bank’s CEO is prioritizing strategy and governance

Director’s Briefing: How a Maryland bank’s CEO is prioritizing strategy and governance

Directors Briefing
July 14, 2025

Why deliberately separating CEO and board chair roles is a good idea. And the value of strategic planning ahead of a major asset threshold.

ABA donates to Texas flood relief efforts, urges bankers to contribute

FDIC issues regulatory relief guidance for Texas

Compliance and Risk
July 11, 2025

The FDIC released guidance with steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Texas recently affected by severe storms and flooding.

BIS drafts guidance for central banks on AI adoption

BIS releases report on connections between banks and nonbanks

Compliance and Risk
July 11, 2025

Differences between regulations for banks and those for nonbank financial intermediaries may have created incentives to shift business activities to the NBFI sector, so bank supervisors should apply “close scrutiny” to such interactions, according to the report.

Regulators take issue with discrimination definition in proposed appraisal standards

HUD reverses Biden-era policies on appraisal review

Compliance and Risk
July 11, 2025

HUD eliminated several of the core policies adopted by the Property Appraisal and Valuation Equity task force, an interagency group of 13 federal agencies formed during the Biden administration to address alleged discrimination in the appraisal process.

How to Hyper-Segment Your Customer Communications without Losing Control

Marketing Money Podcast: The 30-month plan to future-proof bank marketing

Retail and Marketing
July 11, 2025

How aligning marketing with executive and business-line goals can make a massive impact.

NEWSBYTES

OCC removes disparate impact from bank examinations

July 14, 2025

Zelle grows to more than 2,300 financial institutions

July 14, 2025

ABA, associations seek clarity about Fannie, Freddie credit scoring change

July 11, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Breaking down the bank-related provisions in the big budget bill

July 10, 2025

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.