Feeds

Euro banks slam dot-bank plan

Battle brews over American domain project

Choosing a cloud hosting partner with confidence

European banking regulators have slammed an American-led plan to create a new ".bank" top-level domain, saying it could give way to "a more dangerous form of phishing".

The European Banking Authority wrote to California-based domain name industry overseer ICANN earlier this month to say that plans for financially oriented extensions such as ".bank" and ".fin" should be axed.

The agency, which represents the head banking regulators of European Union member states, is concerned that a global ".bank" gTLD could give EU punters a false sense of security.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the the companies operating under such TLDs is immense," EBA chair Andrea Enria wrote, "and the risk for new types of fraud and 'phishing' can be enormous."

While .bank does not exist today, it is one of hundreds of new domain suffixes that are expect to be proposed to ICANN under its ongoing new gTLD programme.

Until 12 April, any organisation with the technical nous and a substantial wedge of cash can apply to operate virtually any gTLD string they desire. Based on current estimates, the first approved extensions could start going live as early as the first quarter of next year.

The most plausible candidate to emerge for .bank to date is BITS, the technology policy arm of the US-based Financial Services Roundtable. Its .bank bid is backed by the American Bankers Association and has contracted with Verisign, which runs .com, to manage its registry back-end.

BITS is planning a tightly regulated .bank space, in which only approved banks can register domain names. The hope is that, over the longer term, consumers will come to realise that .bank addresses can be trusted not to host phishing sites, while everything else is suspect.

While today any muppet with a credit card can cybersquat a typo of NatWest in the .com or .co.uk extensions, only NatWest would be able to register natwest.bank, and typos would be forbidden.

However, some banks may separately apply for so-called "dot-brand" gTLDs, which could confuse matters as potential addresses such as bank.barclays, mortgage.hsbc and loans.santander emerge.

The EBA acknowledged that a tightly controlled .bank space may not be a haven for fraud, but is still worried that European banking customers may assume that .bank addresses registered to overseas companies enjoy the same regulatory protections as those in their home nation.

The EBA called on ICANN's CEO Rod Beckstrom and chairman Steve Crocker "to reconsider its plans for allowing [.bank]... and to ban the establishment of such gTLDs altogether".

Failing an outright ICANN ban, the regulator said it would be forced to issue a "public consumer alert, warning consumers of banking services to the risks of these new naming conventions".

Under ICANN's new gTLD programme, there will be a seven-month window later this year during which anybody will be able to file a formal objection to any gTLD application. Trademark owners, for example, will be able to attempt to block gTLDs they believe closely match their brands.

National governments will also get a shot at blocking gTLD bids via ICANN's Governmental Advisory Committee (GAC), which has been given strong powers to intervene on controversial bids.

The GAC said last year that it was very concerned about domains that purport to represent regulated industries – it called out .bank and .pharma specifically – and said they should only be approved if they have the support of the relevant communities.

ICANN's rules state that if the GAC finds consensus against any given gTLD, there's a strong presumption that ICANN should reject it. If, however, the GAC is split, ICANN's board of directors will have some flexibility about whether to approve a controversial gTLD.

The ICANN programme also recognises that many gTLDs will be applied for by more than one company.

In such cases disputes can be settled, as a last resort, by auction.

Indeed, .bank is expected to be one of these contested domains. A small Wisconsin-based start-up known as Domain Security Company has said it intends to apply for .bank too.

The company applied for a US trademark on ".bank" last year, and for a few days in January it actually owned the registered trademark, before the US Patent and Trademark Office – which takes a dim view of companies attempting to trademark gTLD strings – revoked the registration.

The EBA's shot across the bow of the .bank bid could make for an interesting, and complicated, contest. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
YOU are the threat: True confessions of real-life sysadmins
Who will save the systems from the men and women who save the systems from you?
Virgin Media struck dumb by NATIONWIDE packet loss balls-up
Turning it off and on again fixes glitch 12 HOURS LATER
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.