A Domain You Can .Bank On? - F-Secure’s .Bank Idea
(Page 2 of 4 )
The likeliest suffix to use for this theoretical TLD would be .bank, since, as one observer pointed out, .safe would imply that other sites are unsafe and .sure doesn’t really sound professional enough for a financial institution’s web site. If such a domain existed, security providers could create software built around the idea that real financial web sites have that suffix but fake ones don’t. Additionally, customers using financial web sites would know to look for the .bank suffix to assure them that they’re in the right place.
That’s all well and good, but what’s to prevent someone from buying a name in the domain as they do now with .com? Currently, anyone can register any new .com domain name for less than $10, so it’s a simple matter to take a bank’s domain name and add something like “verification,” “authorization,” or some other appropriate word to it. Registrars don’t even check to make sure that you’re entitled to use the trademark.
Mikko Hypponen, chief research officer at F-Secure, sees this kind of thing “every day.” In an interview with Times Online, he said that “Somebody comes onto these domain re-seller sites every day and snaps up PayPal or eBay or a big bank like HSBC and adds the words ‘verification’ or ‘upgrade.’ This happens maybe five times a day. It boggles the mind that nobody is doing anything about it, or that a registrar doesn’t even ask if the person can prove he’s from Bank of America.”
The way to keep phishers from latching on to a new .bank domain name, Hypponen believes, is to price it beyond their means. He thinks that $500,000 is about right. He also believes they should be handled by just one registrar – unlike .com domain names, which can be purchased from just about any registrar. A .bank registrar would thus also have the responsibility of confirming that anyone who wants a .bank domain name really is a legitimate bank. More specifically, the registrar would also have to confirm that they’re entitled to use the trademarked name.
Neither F-Secure nor ICANN can simply will new domains into existence, however. ICANN has specific principles regarding the introduction of new generic TLDs. There is a procedure, of course, and proposals need to meet certain requirements. Sadly, your humble researcher found it extraordinarily difficult to find a step-by-step description of what a hopeful registry needs to go through (and take into consideration) when proposing a new generic TLD. But surely putting ICANN on the spot like this is not one of the required steps!
More Web Hosting News Articles
More By Terri Wells