As early as May 14, eligible banking institutions will be able to register domain names under the new “.bank” top-level domain, which will include a number of enhanced security features aimed at preventing phishing and spoofing attacks that are predominantly targeted at banks.
According to the most recent report by the Anti-Phishing Working Group, the payments and financial services sectors were the targets of approximately 59% of all phishing attacks in the third quarter of 2014. Phishing and spoofing attacks are enabled in part by the relatively unrestricted nature of domain name registry for most top-level domains. In the case of the “.com” top-level domain, anyone can purchase an unclaimed domain name through one of the numerous domain name registrars. This system enables criminals to set up websites with URLs similar to those of banks, so that bank customers may unknowingly mistype a URL or click through a link in a phishing email to a website designed to deceive visitors into entering their bank login credentials or other sensitive personal information.
Unlike “.com” domains, all registrants of “.bank” domain names must be either banks or certain bank service providers and may only register domain names that correspond to a registrant’s trademarks, trade names, or service marks. This policy reduces the risk of bad actors registering “.bank” domain names confusingly similar to legitimate bank website URLs and spoofing those websites. In addition, all companies registering “.bank” domain names are required to adhere to a number of security requirements that mandate, among other measures, security extensions to ensure Internet users are landing on the companies’ actual websites and enhanced encryption and authentication protocols.
Registration of “.bank” domain names is managed by TLD Registry Services, an organization founded by a consortium of banks, insurance companies, and related trade associations. More information about eligibility and security requirements for “.bank” domain names can be found at the TLD Registry Services website.