FairWinds Partners — August 24, 2012
These days, you’d be hard pressed to find a person who owns a personal computer and has a checking account that doesn’t utilize online banking in some capacity, whether to pay their bills, check their balance, or transfer funds. But with the ease and convenience of online banking comes a certain degree of risk, specifically, a risk of fraud. Just as you’d be hard pressed to find someone who doesn’t use online banking, you’d be equally hard pressed to find someone who hadn’t at some point received a sketchy email from a scammer masquerading as a “bank,” luring users to enter their personal and account information.
This type of scam is called phishing, and it’s become something of a scourge for the Banking and Financial Services industries. It’s also one of the reasons the American Bankers Association (ABA) and the Financial Services Roundtable (FSR) submitted an application for the .BANK gTLD.
In an interview with BankInfoSecurity, the ABA’s Doug Johnson, who is responsible for overseeing risk management policy for the organization, points out that not only will the ABA and FSR be able to control who can register a domain name in .BANK, but the applicants also developed a set of 31 security standards, including higher levels of authentication, that they recommended ICANN require all financial-related gTLDs to follow. These two factors are designed to minimize the occurrence of phishing on domains in the .BANK gTLD, which cost the Financial industry approximately $2.5 billion in losses last year. In time, Johnson argues, consumers will learn to place greater trust in .BANK domains than in other, less strictly regulated domains.
In a recent Wall Street Journal article, FairWinds’ co-founder Josh Bourne agrees that if financial companies put in the effort to communicate to customers that new gTLD domains – whether they end in .BANK or .BARCLAYS, for example – are the best and most secure places to access their accounts, banking information, and other financial content, then users will in fact learn to trust those domains more than others. When it comes to navigating the Web, if an Internet user ends up on a site with an unfamiliar domain, he or she can err on the side of getting out of there.
But that doesn’t mean that the gTLDs themselves will be a panacea to the phishing problem. While the domains themselves can provide customers with “a tool that they know is proof positive that is their bank,” as Josh put it, the companies themselves (and in the case of .BANK, the ABA and FSR) will also have to do some legwork to ensure that users know the tool is out there for them to utilize. And it’s also important that these companies remember that any email address, regardless of the domain, can be spoofed. So even in the new gTLD future, Internet users must still be vigilant when scrutinizing emails that appear to come from banks.
It is worth noting that another organization, Dotsecure Inc., has also submitted an application for .BANK. The ABA and FSR’s application is community-based, though, meaning that unless they fail to meet the community requirements, they will likely beat out Dotsecure Inc. for this gTLD.