News & Commentary

10:03 AM
Ben Anderson and Luge Pravda, NetNames
Ben Anderson and Luge Pravda, NetNames

New TLD’s Can Help Address Online Banking Security Concerns

In the next few years hundreds of new top level domain names will be launched on the internet, which could help banks increase their online security, but also opens up new opportunities for fraudsters if banks are not vigilant.

As hundreds of new Top Level Domain names (TLDs) are in the process of being reviewed by regulatory group ICANN to serve as new internet addresses sometime later this year, financial institutions are understandably concerned about what this will mean to their existing, and expanding, online security issues. Cyber attacks through phishing, forged websites, and other security breaches take a serious toll on customer confidence in online banking and other services, and by extension, in the banks themselves, and are a major deterrent to customers getting on board with mobile payments.

The introduction of new TLDs could help change the landscape. For example, one new TLD currently under review is .secure . This domain has been applied for by Artemis Internet, a group of seasoned Internet security professionals. In terms of protocols and requirements that Artemis is putting up, such a TLD may be particularly attractive to financial institutions bombarded, quite literally, by DDOS and other such cyberhazards. In their proposal for .secure, the application stipulates that any organization applying for domain names ending in .secure must be willing to submit to stringent security requirements. In exchange, these organizations will get superior online security, both in layers of defense and in faster notification and action times. Any time a .secure company falls off on the baseline set for these security requirements, they are taken down.

What the New TLD’s Mean

In this last round, applying for a new TLD was a lengthy and expensive process. The application fee was $185,000 with additional yearly ICANN costs and operating costs on top of that. For future rounds, the cost is as yet unknown. But it’s not a venture to be undertaken lightly. What these new TLDs will mean, as hundreds of them begin to enter the online arena, amounts to a game-changing opening of the doors to all sorts of new possibilities, positive and negative, for organizations with any online presence. On the positive side, the marketing options that open up with TLDs like .hotel, .nyc, and .sports are evident, and legion. On the negative side, all those new right-of-dot presences means thousands of possible loopholes for cyber criminals to slink through in putting up fake websites and otherwise hijacking banks’ security systems.

Those companies not fortunate enough to have shored up their name and brand with a .com during the 90s internet land grab, now have a chance to redress that deficiency, but even companies with their own .coms need to consider the changes in specificity and search-ability afforded by this new crop of TLDs. Domains that indicate geography, industry, and of course brand name will suddenly throw the entire spectrum of a company’s online presence, from search terms to website authenticity, into question. While the cost and difficulty of gaining one of these top level domains should act as a deterrent to many fraudsters and other players in the field in this broader sense, their imminent presence on the web still opens up a world of choice for domain names in terms of what goes to the left of the dot.

Banks and other financial institutions that are under increasing pressure to deliver not only fast and efficient online services, but also intense security and protection of their customers’ assets and identities need to turn their attention to how they are going to face and interact with the new TLD landscape. While from a marketing standpoint some large banks have (wisely) already applied for their brand names -- .chase and .BofA are two examples – smaller and midsize institutions might be wise to consider incorporating some of the other new TLDs into their expanding web presence as they become available, such as the .secure example given above. For a fraction of the cost of acquiring a TLD all their own, a bank can establish a more trustworthy online identity – say, But ultimately, this is going to take some thought leadership, given industry inertia and sunk costs in the traditional .com URL marketing. That said, first mover advantage may well be gained by institutions that make the change.

What Else Can Banks Do?

There are some other safety mechanisms moving into place alongside the new TLDs that are geared toward a company’s marketing end. One example is ICANN’s Trademark Clearinghouse (TMCH), a virtual organization – an evolving database of submitted and validated trademarks – that will act as a traffic light for new TLD registrations. If someone tries to register a domain under a new TLD that exactly matches a brand’s mark lodged in the TMCH, the trademark owner will be given warning of the potential infringement. Likewise, the trademark holder will be notified if that registration takes place, as there are cases of legitimate brand name crossover. While the TMCH should not be considered a primary defense mechanism, there’s no reason for a brand not to use it. For companies with a small number of trademarks, it’s a relatively inexpensive measure, and should form part of a viable online brand protection strategy. It’s also important to note that the early warning system for the TMCH will only apply during the sunrise period of 90 days.

Preserving and protecting the integrity of an online security system, brand and platform should be first priority in financial institutions’ considerations of jumping into the tide of available new domain names. In the current TLD expansion, the risks of buying too many domain names or too few can be minimized and monitored by taking a sane and rational approach – a thought process for prioritizing a bank’s choice of domain names, and with it, the risks. Back when there were only a handful of available TLDs, the prevailing wisdom was to buy all the suffixes available, in order to protect the brand. But now, with tens or even hundreds of thousands of possible domain name permutations, it’s no longer the most viable move, or even financially possible, to buy up all possible TLDs. A number of generic TLDS lends themselves to the financial sector, either legitimately or otherwise: .credit, .insurance, .insure, .money, .mortgage, etc. But between the question of search and the mandate of online protection for both banks and their customers, a systematic approach to online security, and a strategy that incorporates the upcoming changes in the Internet space has to be fundamental.

In building protection around their offerings through such domains as .secure, financial companies will need to think strategically about how their current security and brands map to the gigantic new searchable TLD landscape in a meaningful and sensible fashion. Determining the institution’s specific needs, security issues and business interests, and separating what’s most relevant from what’s least relevant, is a worthwhile jumping off point. Then, once a company has made these choices and invested in a portfolio of strategic domain names, this expansion will necessitate a greater level of vigilance, and also greater allocation to risk management, than currently exists. Finding security hijackers and other online pirates and shutting them down is a job that, along with the enormous brand marketing opportunity posed by approximately 1,200 unique new TLDs, exponentially increases the challenge of protecting your bank, and your brand.

Ben Anderson is the head of new gTLD products at NetNames, overseeing the new gTLD operations there, and Luge Pravda is the senior vice president of NetNames USA, having worked on the TLD launches of .info, .eu, .asia and others.

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.