ABA applies for .bank domain to frustrate phishers

ABA applies for .bank domain to frustrate phishers

The American Bankers Association (ABA) and the Financial Services Roundtable have teamed up to apply to operate .bank and .insurance generic Top Level Domains (gTLDs) on behalf of the industry.

Last year the Icann board gave the go-ahead for a raft of new generic top-level domains, giving applicants until June to register their interest.

However, the issue has caused concern in the financial services industry, with the European Banking Authority calling on Icann in February to ditch plans to allow '.bank' and '.fin' domains, warning that they could be used by phishers to trick customers.

Taking a different route, the ABA and Roundtable - backed by counterparts including the Australian Bankers' Association, British Bankers' Association and European Banking Federation - have moved to snap up the .bank and .insurance strings in order to safeguard consumers against imposters.

The pair say that the domains will adhere to the 31 security standards they submitted to Icann late last year, with the request that any new financially-orientated gTLD be required to provide heightened security.

According to the Icann site, there has been one other application for .bank and three more for .insurance. Several financial institutions have also applied for their own domains, including .BofA, .Citi, .HSBC, .Visa and .Amex.

Doug Johnson, VP, risk management, ABA, says: "Consumers need to feel confident that when they go to a .bank or .insurance site, that a trusted third-party has vetted these domains names. New financial domains will be a detriment - rather than asset - if they cannot be trusted. That's why our groups are leading this effort."

Comments: (1)

A Finextra member
A Finextra member 26 June, 2012, 12:051 like 1 like

One doesn't need to wait for those TLDs to be approved to start using them (for phishing attacks) - www.GetCompensationFromNatWest.bank

It won't take a skilled hacker long to display the above address in the browser window too, when you reach that page.