Financial Institutions Buy Top-Level Domains to Combat Phishing and Pharming

Major financial institutions have invested millions in new top-level domains that will be exclusive to their brand while financial industry groups apply for oversight of the top-level domain .bank in attempts to combat phishing by using exclusive, secure and trusted domains for their customer websites and services.


ICANN, the Internet Corporation for Assigned Names and Numbers, is expected begin launching alternative top-level domains in addition to the 22 existing generic top-level domains, such as .com and .org, sometime in 2013. The Wall Street Journal has reported that several financial institutions have already purchased unique domains, such as .jpmorgan, for $185,000 per domain. Financial institutions that have purchased these domains so far include Bank of America, Barclays, Capital One, Citigroup, JP Morgan Chase, UBS, Discover and American Express.


With cybercrime causing $2.5 billion in losses to the financial services industry in 2011, these banks are hoping that secure domains exclusive to their industry or brand will give consumers confidence they are dealing with their financial institution and help prevent phishing attacks from being as successful. Whereas anyone can register a .com domain, the financial institution will have control over their exclusive domain, such as .bofa, .citi, .discover or .barclays. Although they will likely take time to adjust, consumers may learn to recognize and trust these .brand domains and know they are dealing with the legitimate business when the exclusive brand domain is used.


While major financial institutions are already securing their brand domains, the American Bankers Association (ABA) and Financial Services Roundtable are trying to secure oversight of the .bank domain. The groups believe that a .bank domain should be managed by unbiased parties with financial expertise and also recommended a set of security standards that should apply to .bank and any other financial related domains. While multiple financial institutions would likely use the .bank name there would still be controls to restrict who can operate this domain intending to give consumers a greater level of confidence they are actually dealing with financial institution when on a .bank site.


The alternative top-level domains aren’t just affecting the financial industry; they can apply to almost anything as ICANN has accepted applications for thousands of potential new domains. Only 22 domains are in use today, but by mid-2013 some of the new alternative top levels domain will start to go live. No alternative top-level domains have been publicly approved by ICANN yet, but assuming approval for .bank and others we could start to see these sites sometime in 2013 with possibly thousands of different domains by the end of next year.


For more information:


No ‘Phishing’: Banks Try to Sink Scammers


ABA’s Take on ‘.bank’