Euro banks slam dot-bank plan

European banking regulators have slammed an American-led plan to create a new ".bank" top-level domain, saying it could give way to "a more dangerous form of phishing".

The European Banking Authority wrote to California-based domain name industry overseer ICANN earlier this month to say that plans for financially oriented extensions such as ".bank" and ".fin" should be axed.

The agency, which represents the head banking regulators of European Union member states, is concerned that a global ".bank" gTLD could give EU punters a false sense of security.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the the companies operating under such TLDs is immense," EBA chair Andrea Enria wrote, "and the risk for new types of fraud and 'phishing' can be enormous."

While .bank does not exist today, it is one of hundreds of new domain suffixes that are expect to be proposed to ICANN under its ongoing new gTLD programme.

Until 12 April, any organisation with the technical nous and a substantial wedge of cash can apply to operate virtually any gTLD string they desire. Based on current estimates, the first approved extensions could start going live as early as the first quarter of next year.

The most plausible candidate to emerge for .bank to date is BITS, the technology policy arm of the US-based Financial Services Roundtable. Its .bank bid is backed by the American Bankers Association and has contracted with Verisign, which runs .com, to manage its registry back-end.

BITS is planning a tightly regulated .bank space, in which only approved banks can register domain names. The hope is that, over the longer term, consumers will come to realise that .bank addresses can be trusted not to host phishing sites, while everything else is suspect.

While today any muppet with a credit card can cybersquat a typo of NatWest in the .com or .co.uk extensions, only NatWest would be able to register natwest.bank, and typos would be forbidden.

However, some banks may separately apply for so-called "dot-brand" gTLDs, which could confuse matters as potential addresses such as bank.barclays, mortgage.hsbc and loans.santander emerge.

The EBA acknowledged that a tightly controlled .bank space may not be a haven for fraud, but is still worried that European banking customers may assume that .bank addresses registered to overseas companies enjoy the same regulatory protections as those in their home nation.

The EBA called on ICANN's CEO Rod Beckstrom and chairman Steve Crocker "to reconsider its plans for allowing [.bank]... and to ban the establishment of such gTLDs altogether".

Failing an outright ICANN ban, the regulator said it would be forced to issue a "public consumer alert, warning consumers of banking services to the risks of these new naming conventions".

Under ICANN's new gTLD programme, there will be a seven-month window later this year during which anybody will be able to file a formal objection to any gTLD application. Trademark owners, for example, will be able to attempt to block gTLDs they believe closely match their brands.

National governments will also get a shot at blocking gTLD bids via ICANN's Governmental Advisory Committee (GAC), which has been given strong powers to intervene on controversial bids.

The GAC said last year that it was very concerned about domains that purport to represent regulated industries – it called out .bank and .pharma specifically – and said they should only be approved if they have the support of the relevant communities.

ICANN's rules state that if the GAC finds consensus against any given gTLD, there's a strong presumption that ICANN should reject it. If, however, the GAC is split, ICANN's board of directors will have some flexibility about whether to approve a controversial gTLD.

The ICANN programme also recognises that many gTLDs will be applied for by more than one company.

In such cases disputes can be settled, as a last resort, by auction.

Indeed, .bank is expected to be one of these contested domains. A small Wisconsin-based start-up known as Domain Security Company has said it intends to apply for .bank too.

The company applied for a US trademark on ".bank" last year, and for a few days in January it actually owned the registered trademark, before the US Patent and Trademark Office – which takes a dim view of companies attempting to trademark gTLD strings – revoked the registration.

The EBA's shot across the bow of the .bank bid could make for an interesting, and complicated, contest. ®