Should Your Financial Institution Adopt New .Bank Domain?
Turbulent Past
Reaction has varied from financial sector companies concerning the new .Bank generic Top-Level Domain (gTLD) created in 2010. The American Bankers Association (ABA) was initially opposed to these domain names on the web, but now supports them as a way to enhance security and trust. However, as of this writing, no large financial institution such as Citigroup or Wells Fargo have changed from their commercial .Com web addresses. Further, few small or regional banks have made the switch as well.
.BANK opened for General Availability on June 24, 2015.
Leaders in the financial services community registered fTLD Registry Services LLC in Washington D.C. in 2011. The “f” represents financial and has nothing to do with Federal oversight. Although LLC ownership is not publicly listed, fTLD is purportedly owned, operated and governed by banks, insurance companies, and their respective trade associations from around the world (including communist and US opposed countries). fTLD was granted the right to operate .BANK domains on September 25, 2014, and .INSURANCE domains on February 19, 2015.
Pending Cyber Trust Verification
The stated fTLD goal is to create trusted, verified, more secure and easily-identifiable locations on the Internet for financial companies and the customers they serve. Only banking institutions may register .Bank domain names (excluding credit unions and holding companies). Symantec validates each bank’s charter and eligibility and there are approximately 20 niche domain registrars for .Bank domains that set their own pricing. (See Register .Bank FAQ)
While .Bank registration is tightly controlled, the claim of increased “spoof proof” security for using .Bank registrar DNS servers is questionable. Domain Name Servers (DNS) are the critical machines that convert IP addresses to web addresses. Many of these niche registrars are largely unknown with one recently converted Oklahoma bank finding the registrar’s servers that routed web and e-mail were actually located in Asia. These registrars typically want $200 per month or more to provide self-service DNS portals for bank security personnel that are free with well known registrars like Network Solutions or Register.
The .Bank registrars state that the use of technology called DNSsec (sec for security) is more secure for name resolution than other common registrars. At a high level, DNSsec is similar to HTTPS for websites to encrypt communication using cryptography keys behind the scenes. fTLD is requiring .Bank registrants to support DNSsec for hosted e-mail systems, content delivery networks, security fraud systems by January 1, 2018. However, most major services around the web will likely have implemented DNSsec and niche banking registrars will simply be charging financial institutions a premium price for little security difference. (See fTLD security requirements)
Reserve .Bank Domain Name and Convert Later
Most banks will want to register their .Bank domain and wait until the financial community embraces the idea and security enhancements are truly proven. Some of our supported banks are converting now if their .COM website domains do not fully match the institution name or brand as a new opportunity to secure their unique name. Be sure to coordinate with auditors and request that DNS servers are located in secure locations in the United States. While .Bank may be exclusive only to banks, Bank of America had already implemented DNSsec technology which did not prevent the recent breach.
Download a free chapter of our Amazon #1 Best Selling Cybersecurity book Easy Prey.
Concerned about ransomware and compliance penalties, then check out:
