Banking industry pins its hopes on new dot-bank TLD

It's hoped that a new TLD will revolutionise online bank security, but time will only tell if it will gain traction with the industry and the public.

Swiss Bank Corporation London office (1900)
Swiss Bank Corporation London office (1900)

A new top level domain (TLD) for the banking sector – “.bank” – will begin making an appearance in our browsers and inboxes soon.

fTLD Registry Services is administering the .bank suffix which was made available to select banks in May and was made more widely available this week. It is one of hundreds of generic TLDs that were put up for sale by the Internet Corporation for Assigned Names and Numbers (ICANN).

Another TLD currently up for sale is .secure which may require identity validation to purchase.

Although it initially opposed the .bank TLD, the American Banking Association (ABA) is now firmly behind it, helping to set up fTLD and promote the new suffix.

The main selling point of .bank is its enhanced security features. Registrants will be expected to pay for this as the standard price for a two-year registration is reported to be in the neighbourhood of $1000 (£600). The cost is justified on the basis of the additional administrative overhead associated with vetting registrants and maintaining security.

The vetting process includes submitting organisational details including your regulatory ID number (if applicable), with all applicants vetted by Symantec.

A set of security requirements was developed by fTLD's Security Requirements Working Group and include:

  • Mandatory verification and re-verification of charters and licences to ensure only legitimate banks are awarded domain names.
  • Domain Name System Security Extensions (DNSSEC) to ensure internet users aren't being misdirected to malicious websites. DNSSEC is required of fTLD as the operator of .bank as well as its registrants, creating a chain of trust that is unique to .bank, fTLD said.
  • Email authentication to control spoofing and phishing.
  • Multi-factor authentication for any changes to registry data.
  • Enhanced encryption for secure communications.
  • Prohibition of proxy/privacy registration services to ensure full disclosure of domain registration information to expose bad actors.

Demand for .bank names has been high, according to fTLD, with more than 3000 domains requested in the past week.

However, this might be of more interest to American banks than European ones, as a casual browse of the www.register.bank website revealed that some key brands – including HSBC, Deutsche Bank, RBS, Worldpay, BNP Paribas, Barclay's and NatWest – had not reserved their domain names. However, given the vetting process, it's unlikely that domain squatters would get very far in trying to register these names.

The lack of take-up by major brands is recognised as a weakness of the .bank initiative. Doug Johnson, senior vice president of payments and cyber-security policy at the American Banking Association, said the adoption of .bank would be “a marathon”, not a sprint.

Another downside is introducing yet another TLD into the public consciousness and the titanic effort it will take to train billions of consumers how to recognise .bank suffixes.

Page 1 of 2