Banking on .bank for Security

ABA, BITS Say New Domains Could Improve Online Security
Banking on .bank for Security
Seeking to better secure online banking, the American Bankers Association and BITS, the technology policy division of The Financial Services Roundtable, have announced plans to get more involved in the generic Top Level Domain effort.

Generic Top Level Domains, also known as gTLDs, aim to offer more room for domain-naming innovation and brand-building on the Internet. But new gTLDs affiliated with the financial industry -- a .bank, for example -- have raised some concerns, and the ABA and BITS say they want to be at the forefront of the gTLD movement.

In cooperation with VeriSign Inc., an Internet infrastructure services provider, the ABA and BITS are exploring the possibility of being the gatekeepers in charge of managing and operating future bank-branded or financially affiliated domains. The two organizations are expected to make their pitch in October to the Internet Corporation for Assigned Names and Numbers, the overseer of the gTLD movement.

"With the limited availability of .com domain names, some companies may opt to become early adopters of new TLDs to satisfy their marketing needs," says the Internet Corporation for Assigned Names and Numbers, better known as ICANN, in a summary about its gTLD program. "There will also be opportunities to apply for community and geographic top-level domains, such as .city, .brand, and .blog."

Leigh Williams, president of BITS, says the initiative is truly an international one, and its success depends on global consensus and partnership.

"I'm hoping that if we ultimately see international domains, they will become international centers that connect international constituents, so that those people can work together on a whole variety of issues," especially in the financial space, Williams says. "We're working with ICANN and the ABA to see if we should submit an application for one or more of these suffixes, and we would welcome others as partners."

Improvements to Online Security?

Williams does not expect the new domaining system to "automatically" improve online security. But he says online security could improve "in a way that allows us to enforce security more than we could in an open .com and .net environment."

If BITS and the ABA are granted the ability to manage domains affiliated with bank brands and/or financial interests, generally, the management and operation of those domains has not been determined. And no action is likely to gel until 2012, after the first approved gTLDs are set to launch. If all goes as planned, ICANN will approve and finalize its gTLD guidelines in June. From there, applications for new gTLDs will be accepted in the fall.

"We are just looking for a way to make sure the financial infrastructure is well provided for," Williams says. "If we move forward, we would be doing it to make sure that the most responsible operators are overseeing and representing the financial industry's interests. We have concerns about other groups that don't know as much about banking coming in and operating these names in a way that might not benefit the financial-services industry."

Without that kind of oversight, entities that are not insured banking institutions could acquire banking-affiliated domains. "We are working to set criteria -- an approval process for institutions that could use the banking domain," says Doug Johnson, the ABA's vice president and senior advisor of risk management policy. "It also could be, for the sake of argument, open to core processors. But the bottom line is that as the operator of the domain, we could mandate specific levels of security for that domain. That is something we are looking at as part of this process."

The gTLD initiative could result in an unprecedented number of new consumer domains, and that's also concerning, Johnson says. "When we first started evaluating this, clearly the issues surrounding domain defense and brand protection came to mind. Even small banks have multiple domains ... and you see how the issue can multiply, particularly if you have a valuable domain like '.bank' that you would want to protect."

Beyond the brand protection, is the security of how the domain itself is run, Johnson says. "If a domain is not run in a way that is highly secure, that could impact overall confidence in the banking industry, and that is why we have an interest."

gTLDs: Future of Domains

ICANN, a not-for-profit organization, was created 10 years ago to coordinate the future of the Internet's domain-addressing system. ICANN's decision in 2008 to introduce so-called gTLDs hinged on the new domaining system's ability to allow room for innovation and build flexibility into the Internet's addressing system. The new addressing system also was expected to increase competition at the top-level of the Domain Name System, or DNS, by offering new opportunities for digital identities.

ICANN notes that companies and brands, as well as organizations, may want to manage their own names, and could have an interest in securing rights as the new gTLD program unfolds.

"If we are charged with operating these domains, we could control who is and who is not allowed to register in a certain domain space, like only financial institutions can register under a certain domain," Williams says.

Williams says the number reasons to move forward with the gTLD program equal the number of reasons to be cautious. "That's why we've been involved with this expansion process for the last three years or so, and we've been involved with ICANN for five," he says. "We all want to be sure it's done right."

An interesting note about gTLDs is that they are expected to bring the international online world closer, connecting the interests of international financial systems. The introduction of Internationalized Domain Names, known as IDNs, also aims to allow Internet users throughout the world to establish and use domains in their native languages and scripts, such as ASCII.


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.