Feeds

Euro banks slam dot-bank plan

Battle brews over American domain project

Secure remote control for conventional and virtual desktops

European banking regulators have slammed an American-led plan to create a new ".bank" top-level domain, saying it could give way to "a more dangerous form of phishing".

The European Banking Authority wrote to California-based domain name industry overseer ICANN earlier this month to say that plans for financially oriented extensions such as ".bank" and ".fin" should be axed.

The agency, which represents the head banking regulators of European Union member states, is concerned that a global ".bank" gTLD could give EU punters a false sense of security.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the the companies operating under such TLDs is immense," EBA chair Andrea Enria wrote, "and the risk for new types of fraud and 'phishing' can be enormous."

While .bank does not exist today, it is one of hundreds of new domain suffixes that are expect to be proposed to ICANN under its ongoing new gTLD programme.

Until 12 April, any organisation with the technical nous and a substantial wedge of cash can apply to operate virtually any gTLD string they desire. Based on current estimates, the first approved extensions could start going live as early as the first quarter of next year.

The most plausible candidate to emerge for .bank to date is BITS, the technology policy arm of the US-based Financial Services Roundtable. Its .bank bid is backed by the American Bankers Association and has contracted with Verisign, which runs .com, to manage its registry back-end.

BITS is planning a tightly regulated .bank space, in which only approved banks can register domain names. The hope is that, over the longer term, consumers will come to realise that .bank addresses can be trusted not to host phishing sites, while everything else is suspect.

While today any muppet with a credit card can cybersquat a typo of NatWest in the .com or .co.uk extensions, only NatWest would be able to register natwest.bank, and typos would be forbidden.

However, some banks may separately apply for so-called "dot-brand" gTLDs, which could confuse matters as potential addresses such as bank.barclays, mortgage.hsbc and loans.santander emerge.

The EBA acknowledged that a tightly controlled .bank space may not be a haven for fraud, but is still worried that European banking customers may assume that .bank addresses registered to overseas companies enjoy the same regulatory protections as those in their home nation.

The EBA called on ICANN's CEO Rod Beckstrom and chairman Steve Crocker "to reconsider its plans for allowing [.bank]... and to ban the establishment of such gTLDs altogether".

Failing an outright ICANN ban, the regulator said it would be forced to issue a "public consumer alert, warning consumers of banking services to the risks of these new naming conventions".

Under ICANN's new gTLD programme, there will be a seven-month window later this year during which anybody will be able to file a formal objection to any gTLD application. Trademark owners, for example, will be able to attempt to block gTLDs they believe closely match their brands.

National governments will also get a shot at blocking gTLD bids via ICANN's Governmental Advisory Committee (GAC), which has been given strong powers to intervene on controversial bids.

The GAC said last year that it was very concerned about domains that purport to represent regulated industries – it called out .bank and .pharma specifically – and said they should only be approved if they have the support of the relevant communities.

ICANN's rules state that if the GAC finds consensus against any given gTLD, there's a strong presumption that ICANN should reject it. If, however, the GAC is split, ICANN's board of directors will have some flexibility about whether to approve a controversial gTLD.

The ICANN programme also recognises that many gTLDs will be applied for by more than one company.

In such cases disputes can be settled, as a last resort, by auction.

Indeed, .bank is expected to be one of these contested domains. A small Wisconsin-based start-up known as Domain Security Company has said it intends to apply for .bank too.

The company applied for a US trademark on ".bank" last year, and for a few days in January it actually owned the registered trademark, before the US Patent and Trademark Office – which takes a dim view of companies attempting to trademark gTLD strings – revoked the registration.

The EBA's shot across the bow of the .bank bid could make for an interesting, and complicated, contest. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.