The .bank gTLD will move from the Sunrise phase to general availability on June 24. This new gTLD, focused on security, already seems to be attracting many banks; there have been over 500 Sunrise applications, according to the registry—a strong number for any New gTLD. This is good news for both banking—a popular target for fraudulent online activity—and online security in general. APWG points out that the largest sectors targeted for phishing are financial at 27%, and payment services at 32%. In terms of security, this new gTLD is designated for banks and banks alone, so verification is strict, and policed by one of the biggest names in global cybersecurity, SymantecTM. If a company doesn’t possess a banking license or its equivalent, or if it fails the stringent verification procedures of fTLD Registry Services and Symantec, it won’t get into this exclusive club. Once the protection and reassurance that .bank provides become widely known, customers will know that when they receive an email with a .bank suffix, or interact with a .bank website, that they are dealing with a trusted operator.
In an industry where reputation is everything, no credible bank can possibly bemoan the strict security requirements for .bank registration. However such sophisticated precautions mean that getting .bank online services to market is complex; far more so than any other new gTLD launch. The rules are strict. Some participants are eligible for registration right now; others aren’t. Professional advice from a domain name expert is the only way to navigate the path. For example, only verified regulated banks or their recognized professional vendors such as processing companies that predominantly support a regulated institution are eligible. There are some gray areas. Credit unions are eligible, but a parent company that controls one or more banks that doesn’t engage in banking itself, isn’t. Community banks can participate, but an entity without a banking license, such as some well-known mobile payment systems, can’t. All of this and more will be verified by Symantec, and if the organization’s banking credentials don’t stack up, or the bank’s HR department can’t authenticate the name of the applicant, the route to this new gTLD will be blocked.
And there’s more. Having jumped the eligibility hurdle, rules around what domain names are permissible have to be addressed, and this is complex too. A trademark or trade name is fine—perhaps the name of a credit card or proprietary savings product, for instance. But commonly used or generic terms in the financial services sector will be refused. The organization that tries to register savings.bank will have wasted their time and money (as yet, no premium names are on offer), but at some point, that may change. At CSC Digital Brand Services we make sure to monitor those developments closely, so our clients can act swiftly.
In the meantime, getting the technical aspects in order is important too. Before any .bank domain is accepted, the registrant will need Two-Factor Authentication (2FA) in place (CSC offers both ‘hard’ physical and ‘soft’ app-based 2FA tokens), Secure Sockets Layer/Transport Layer Security protocol to provide underlying encryption and visual indicators that a site is safe, DNSSEC on live sites, and DMARC email authentication.
But the prize looks tantalizing for those who successfully launch a .bank domain. . The new .bank gTLD, if communicated clearly, frequently, and with strong anti-fraud, pro-consumer messaging, should generate a feeling of much-improved confidence. Soon customers will have the reassurance that anything that comes with the .bank suffix really does come from a bank. Any URL. And any email.
General availability begins June 24. If you haven’t already done so, financial institutions should speak with your IP and brand professionals without delay. CSC Digital Brand Services has expert advisors available to discuss the implications of the new .bank gTLD. For a no-obligation conversation, please email us now and we’ll be in touch.