Possible new web address endings for banks are still in the works, but the hypothetical web handles are already capturing negative attention from a European group that claims they are unsafe and a magnet for web crime and potentially onerous legal costs.
The European Banking Authority (EBA) has asked ICANN to dump plans to allow new top level domains (TLDs) or new endings of web addresses (traditionally .com, .edu, .org, .gov, etc). The EBA warns these new domains could be used as part of phishing attacks and other crimes that trick users into turning over personal information. The EBA is a network of European Union and national organizations that advise regulators on matters of financial stability, market transparency and investor protection. ICANN, or the Internet Corporation for Assigned Names and Numbers, is a Marina del Ray, Ca.-based non profit group that oversees Internet related tasks, such as the Internet Assigned Numbers Authority.
Last year, ICANN said it would allow a far broader — potentially limitless — range of web address endings. For banks, this means that .bank, .bankname or .fin could become part of a financial institution's web address. There are marketing benefits — a bank's web address could include its full name, without the non-differentiating "dot com" handle. And the sites would arguably be more exclusive since the $185,000 fee and 250-page application would make it harder to squat on a domain or create a spoof. The new domains aren't without potential drawbacks, such as tech integration costs. But advocates of the new domains say these restrictions lend to the security of the new TLDs.
"The pool of potential registrants will be smaller because of the eligibility requirements and the registration fee," says Craig Schwartz, general manager for registry programs for BITS, the technology policy arm of the Financial Services Roundtable, which is a proponent of the new domains.
The EBA is not impressed by the new domains' safety and suggests the new domains may actually attract fraudsters because of the perceived regulatory stamp of approval that comes with a website that has the new address endings. In a statement, the EBA says, "it has come to the conclusion that there are many supervisory concerns regarding the operation of the TLDs by ICANN, relating mostly to the great potential, according to the EBA view, for misuse by unscrupulous individuals, and that therefore any plans for their operation should ideally be discontinued."
The EBA says the protective measures, such as creating a separate entity for the registration and control of the new TLDs, don't necessarily mitigate the group's concerns. "The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the companies operating under such TLDs is immense, and the risk for new types of fraud and phishing can be enormous." The EBA also says banks face possible legal fees from safeguarding trademarks.
Schwartz argues the added requirements and disclosures in the registration process make the new TLDs more secure. "We see a much more secure way for financial institutions to interact with one another and their customers than any other existing top level domain," he says, adding there will be a set of guidelines and rules that inform how the new domains operate and are secured. Schwartz also says passwords and other protections for consumers wouldn't change with the new domains, with the majority of the security responsibility falling on the shoulders of the registrants.
"There will always be malicious behavior on the internet, no domain will prohibit that," he says. "What we intend to do is to eliminate as much of the threat at we can by operating in a very small and tightly controlled space with security policies and procedures that aren't used in current top level domains."