Feeds

Euro banks slam dot-bank plan

Battle brews over American domain project

3 Big data security analytics techniques

European banking regulators have slammed an American-led plan to create a new ".bank" top-level domain, saying it could give way to "a more dangerous form of phishing".

The European Banking Authority wrote to California-based domain name industry overseer ICANN earlier this month to say that plans for financially oriented extensions such as ".bank" and ".fin" should be axed.

The agency, which represents the head banking regulators of European Union member states, is concerned that a global ".bank" gTLD could give EU punters a false sense of security.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the the companies operating under such TLDs is immense," EBA chair Andrea Enria wrote, "and the risk for new types of fraud and 'phishing' can be enormous."

While .bank does not exist today, it is one of hundreds of new domain suffixes that are expect to be proposed to ICANN under its ongoing new gTLD programme.

Until 12 April, any organisation with the technical nous and a substantial wedge of cash can apply to operate virtually any gTLD string they desire. Based on current estimates, the first approved extensions could start going live as early as the first quarter of next year.

The most plausible candidate to emerge for .bank to date is BITS, the technology policy arm of the US-based Financial Services Roundtable. Its .bank bid is backed by the American Bankers Association and has contracted with Verisign, which runs .com, to manage its registry back-end.

BITS is planning a tightly regulated .bank space, in which only approved banks can register domain names. The hope is that, over the longer term, consumers will come to realise that .bank addresses can be trusted not to host phishing sites, while everything else is suspect.

While today any muppet with a credit card can cybersquat a typo of NatWest in the .com or .co.uk extensions, only NatWest would be able to register natwest.bank, and typos would be forbidden.

However, some banks may separately apply for so-called "dot-brand" gTLDs, which could confuse matters as potential addresses such as bank.barclays, mortgage.hsbc and loans.santander emerge.

The EBA acknowledged that a tightly controlled .bank space may not be a haven for fraud, but is still worried that European banking customers may assume that .bank addresses registered to overseas companies enjoy the same regulatory protections as those in their home nation.

The EBA called on ICANN's CEO Rod Beckstrom and chairman Steve Crocker "to reconsider its plans for allowing [.bank]... and to ban the establishment of such gTLDs altogether".

Failing an outright ICANN ban, the regulator said it would be forced to issue a "public consumer alert, warning consumers of banking services to the risks of these new naming conventions".

Under ICANN's new gTLD programme, there will be a seven-month window later this year during which anybody will be able to file a formal objection to any gTLD application. Trademark owners, for example, will be able to attempt to block gTLDs they believe closely match their brands.

National governments will also get a shot at blocking gTLD bids via ICANN's Governmental Advisory Committee (GAC), which has been given strong powers to intervene on controversial bids.

The GAC said last year that it was very concerned about domains that purport to represent regulated industries – it called out .bank and .pharma specifically – and said they should only be approved if they have the support of the relevant communities.

ICANN's rules state that if the GAC finds consensus against any given gTLD, there's a strong presumption that ICANN should reject it. If, however, the GAC is split, ICANN's board of directors will have some flexibility about whether to approve a controversial gTLD.

The ICANN programme also recognises that many gTLDs will be applied for by more than one company.

In such cases disputes can be settled, as a last resort, by auction.

Indeed, .bank is expected to be one of these contested domains. A small Wisconsin-based start-up known as Domain Security Company has said it intends to apply for .bank too.

The company applied for a US trademark on ".bank" last year, and for a few days in January it actually owned the registered trademark, before the US Patent and Trademark Office – which takes a dim view of companies attempting to trademark gTLD strings – revoked the registration.

The EBA's shot across the bow of the .bank bid could make for an interesting, and complicated, contest. ®

SANS - Survey on application security programs

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE & Vodafone will let you BONK on the TUBE – with Boris' blessing
Transport for London: You can pay, but don't touch
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
Google eyes business service in latest Fiber trials
Lucky Kansas City buggers to host yet another pilot program
Huawei exec: 'Word of mouth' will beat Apple and Samsung in Europe
World Mobile Telephone Factory No.3 won't fling the big bucks around just yet
Brazilian president signs internet civil rights law
Marco Civil bill enshines 'net neutrality', 'privacy' as law
DeSENSORtised: Why the 'Internet of Things' will FAIL without IPv6
What's stopping a tinyputer invasion? An IP address shortage, says Cisco
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.