Two financial industry groups: The American Bankers Association (ABA) and the Financial Services Roundtable announced on Thursday that they have applied to the Internet Corporation for Assigned Names and Numbers (ICANN) to operate to top level Internet domains, .bank and .insurance, on behalf of the financial services industry.

In a published statement, the groups said that they had applied for .bank and .insurance to “provide the highest security for the millions of customers conducting banking and insurance activities online.” The move comes as the U.S. Congress is set to begin hearings on e-banking fraud on Friday.

ICANN, which is caretaker for the Internet domain name system, voted in June, 2011, to expand the field of so-called “top level domains.” That list now includes country-level listings like .uk and .fr, as well as .com, .org and .net. The organization has steadily been adding TLDs to the list, including the addition, in 2010, of the first non-Latin character domains. The changes will introduce a number of sector specific TLDs, including .bank and .insurance, and also allow any organization that can afford a steep application fee ($185,000) and hefty annual maintenance fees ($25,000) to have their own top level domains. Prominent firms are expected to rush to secure brand-specific domain names. ICANN has reportedly received over 2,000 applications for new TLDs and raked in around $352 million in fees so far.

The European Banking Authority (EBA) warned ICANN in a letter in February of 2012 that, if not properly administered, the .bank TLD could be a boon to phishers and other online fraudsters, without helping consumers good guidance as to which banks are legitimate online. 

If awarded to the industry-backed groups, the new TLDs would be limited to organizations that adhere to 31 security standards that are set by the Roundtable and ABA. In addition, any bank or insurance firm that seeks a .bank and .insurance TLD would have to be chartered by their home country financial regulators and pass a vetting to ensure compliance with strict registration requirements, the groups said.

The banking and financial services industry isn’t the only ones to see the expansion of TLDs as a way to cordon off a section of the sprawling Internet domain name system from fraudsters, phishers and other miscreants. In May, a group of security experts proposed a new global TLD, .secure, that will require companies and individuals applying for domains to adhere to strict security policies and requirements. Domains in the .secure TLD would be a known safe group of domains and would include mandatory use of DNSSEC, TLS for every HTTP session and other security technologies.

A similar logic is behind the push for industry groups to be gatekeepers for .bank and .insurance when they go live. “Consumers need to feel confident that when they go to a .bank or .insurance site, that a trusted third-party has vetted these domains names,” said Doug Johnson, ABA vice president of risk management. “New financial domains will be a detriment – rather than asset – if they cannot be trusted. That’s why our groups are leading this effort.”

ICANN ceased taking new applications for TLDs on Wednesday and will be reviewing applications for new TLDs and expects the first to go live in about nine months, according to reports. 

Categories: Compliance, Critical Infrastructure, Social Engineering, Web Security

Comment (1)

Comments are closed.