.BANK Domain Goes Live. Now What?
Jeffrey Mansir, Risk and Business Advisory Senior Manager
Since June 24, 2015, most banks have been eligible to register .BANK domains relevant to their company’s trademarks, trade names, or service marks. For example, if you currently use myfinancialinstitution.com for your bank’s website, you may be eligible to register and use myfinancialinstitution.BANK as an alternate, or complementary, website to your existing .com site. While only verified banks are eligible to register a .BANK domain, within that group, registration is available on a first-come, first-served basis (i.e. if you are FirstBank located in Maine, FirstBank located in Oregon may have equal rights to the use of firstbank.BANK). Note that .INSURANCE domains will become available later this year, and .CREDITUNION domains are expected in early 2016.
Use of a .BANK domain is optional, and involves a different approach to security. For example:
- Use is limited to verified financial institutions, who must re-verify their use of the domain over time with Symantec (the verification agent). Use of proxies and privacy registration services is prohibited.
- Dual-factor authentication for communications with registrars.
- Requirements that banks use Domain Name System Security Extensions to authenticate name servers (and prevent malicious re-directs away from your website).
If you haven’t already, now is the time to investigate .BANK to see if a domain is available to you that suits your needs. In a quick survey of some BNN client banks, we noted most have registered a domain. Now what?
Just because they registered the domain, we do not expect that most banks will necessarily move to use .BANK domains for all of their operations. Most banks will not be willing to undergo the effort of implementing a .BANK domain to replace the .com domain that works perfectly well. Marketing will not be pleased to see existing internet branding trumped by the .BANK upstart. Some banks may decide to keep their .com domain for marketing, while moving client data to their more secure .BANK site. Some may keep the domain for internal purposes only. fTLD Registry Services, the .BANK operator, has already issued guidance allowing banks to redirect traffic from their .BANK sites to other sites they control, recognizing that at least in the short term, acceptance of .BANK will likely be piecemeal. In short, practical implementation of .BANK is an emerging story, and best practice is yet to be defined.
If you have registered your .BANK domain and wonder what to do next, consider the following:
- How will this impact my outsourced services? If the requirements specifically prohibit aliasing to domains outside of my .BANK domain, does this impact how I use third party content services?
- With all of the concern presented by email spoofing attacks, how might email authentication through my .BANK domain address that issue? Without getting into the details of the various available email authentication protocols, this is an exciting way to attack a very real issue threatening customer acceptance of bank communications. What if a bank and its customers could trust email communications?
- fTLD has released “A Guide to Leveraging .BANK,” a framework of communications recommendations for banks adopting the new domain. It includes many technical considerations beyond the scope of this brief update, and is well worth a read.
A debrief on acceptance and implementation of .BANK is due from fTLD in late October 2015; at that point we should have a better understanding of how banks and their customers are responding to the .BANK domain, and how we can expect to see it used going forward.
If you have questions or would like to discuss this further, please contact Jeff Mansir or your BNN professional at 1.800.244.7444.
Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.