4 Online Security Reasons for '.bank'

New DNS Initiative Gives Financial Services More Web Control

By , June 1, 2012.
4 Online Security Reasons for '.bank'

It's been a year since the financial industry started talking about .bank - a generic Top Level Domain that aims to offer banking institutions, and consumers, more secure ways to interact and transact online. (See Banking on .bank for Security.)

Now, the American Bankers Association and The Financial Services Roundtable are moving forward with efforts to become the domain registrar of the .bank gTLD for websites is moving forward.

On June 13, the Internet Corporation for Assigned Names and Numbers, the overseer of the gTLD movement, is slated to reveal the entities that have applied to manage certain domains, like .bank. By the end of the year, the ABA and Roundtable should know whether they've been approved to manage the new domain.

Craig Schwartz, who is overseeing the gTLD initiative for the ABA and the Roundtable, says in addition to .bank, the two groups also have applied to manage .insurance. "Because insurance takes a lot of personal information online from consumers, in a way similar to banks, we thought it made sense to pursue it," Schwartz says.

The ABA and Roundtable initiative has been endorsed by the Australian Bankers' Association, American Bankers Insurance Association, and British Bankers' Association, European Banking Federation, Independent Community Bankers of America, the International Banking Federation and numerous financial-services institutions.

Backers of the new gTLD system say it will enhance online security by protecting consumers from spoofed websites, which often contain malware. If approved to manage .bank and .insurance, the ABA and Roundtable plan to take a variety of security steps, including carefully vetting applicants.

In 2008, ICANN introduced its plan for gTLDs, based on the notion that the new naming system would offer more room for domain-naming innovation and brand-building on the Internet.

"With the limited availability of .com domain names, some companies may opt to become early adopters of new TLDs to satisfy their marketing needs," says the Internet Corporation for Assigned Names and Numbers, better known as ICANN, in a summary about its gTLD program. "There will also be opportunities to apply for community and geographic top-level domains, such as .city, .brand, and .blog."

Within the next 30 to 60 days, Schwartz says the ABA and the Roundtable expect to announce the creation of a new business entity that will oversee the domain registry initiative. This entity, which will set the rules for .bank and .insurance domain registration, will have a board of directors that will oversee business operations. The name of the business will be announced next week, Schwartz says.

The initiative is moving quickly. By late 2013, .bank and .insurance domains could already be in use.

What it Means for Banks

In the financial-services space, the .bank and .insurance domains, if approved by ICANN, will have to adhere to the 31 security standards outlined by the ABA and the Roundtable in December 2011.

If approved, any entity that wants to use the .bank or .insurance domains would have to be vetted by the ABA and Roundtable first. All financial-institution registrants must be chartered by their home country financial regulators, and any other financial entities would be vetted to ensure compliance with strict registration requirements.

"Consumers need to feel confident that when they go to a .bank or .insurance site, that a trusted third-party has vetted these domains names," said Doug Johnson, vice president of risk management for the ABA.

4 Keys to Heightened Security

Schwartz says the new system will enhance online security within the financial and insurance sectors by:

  • Calling for stronger vetting of domain-name approval;
  • Requiring multifactor authentication for banks and insurance entities that register;
  • Employing DNS Security Extensions for all .bank and .insurance sites; and
  • Ensuring stronger site encryption standards.

"We're developing multilevel way for the users (the institutions) to prove who they are before they can request a domain name or make changes once the domain has been approved," Schwartz says.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Industry News: Symantec Works with Narus

Leading this week's industry news roundup, Symantec has entered an agreement with Narus to provide...

Latest Tweets and Mentions

ARTICLE Industry News: Symantec Works with Narus

Leading this week's industry news roundup, Symantec has entered an agreement with Narus to provide...