Is .BANK the domain ending that banks have waited for?

One of the banking communities' newest inventions to fight online scams is the introduction of new top level domain .BANK, which goes live 17th of May. This domain ending is restricted to the banking community (Full FAQ at the end of this post). The .BANK domain ending already now receives some consumer trust as shown in the recent study from DNA and our own poll confirming the results from the other study. So why on earth should a bank such as Wells Fargo change web address from to Did you know that half of all internet users receive one phishing email on a daily basis? Banks suffer from online scams at such a large scale today that it has become a huge problem. Gartner Group estimates that phishing costs alone for American banks amount to USD 2.8bn annually. A solution is needed, and the use of a .BANK domain mame seems to be one of the pieces of the puzzle to deliver a more secure environment on the internet for potential scamming victims. Today banks use so many different domain endings ranging from .com to any country code ending that there is no common industry identity. This is what .BANK gives the banking community. Let's take the example of phishing. It is the most common way to gain access to a bank account. You receive a fraudulent email which appears to be from your bank. In the email you will be urged to urgently update your account information. Fall for it by clicking a link in the email and you are then send to a website which looks legit, but which either just steal your password or install malware on your PC. In the process the victim can see both in the email address and on the website that it's not a .BANK and is therefore warned. If you want a personal phishing story, then do check this video I stumbled upon. .BANK for branding in the new labelled world Apart from the trust argument banks have some new branding opportunities with a .BANK domain. A bank such as Chase Bank is a good example. With a 5 characters generic term as your brand name they have to stay alert all the time to secure domain names such as, chase.web, chase.whatever. A common online strategy within the banking community to use and promote .BANK will eliminate this confusion to a certain degree. And it's the way we're going. Internet users will use web addresses much more as a signal after the introduction of +700 new domain endings. Yoga sites will use a .yoga, real estate agents will use .realtor and florists will use a .florist. This labelling is well underway, and surely it will take some years before we see the change - but the change does seem unavoidable. Interview with Craig Schwartz from fTLD Registry craig schwartz from fTLD Registry in charge of .bank domain names I talked to Craig Schwartz, the Managing Director at fTLD Registry Services (The registry behind .BANK and .INSURANCE) about who will be eligible to register and use a .BANK and if the community will embrace this new option. "The most important element, other than being eligible and choosing an acceptable domain name of course, is fulfilling the enhanced security requirements. For example, all registrants in .BANK will have to enable DNSSEC on their website, publish valid email authentication records, deploy enhance encryption standards. There are several technical requirements mandated by fTLD and they all will contribute to .BANK being a trusted, protected, more secure and easily identifiable space on the Internet." He expects that .BANK will be the new standard and is optimistic about banks' changing their domain name to a .BANK as early as 2015. "Judging by the interest we've received to date, I suspect we may see some banks using .BANK as their primary domain name as early as 2015 and certainly by 2016.
fTLD does not underestimate the time and costs it will take to transition from some other TLD to .BANK and we firmly believe that community members will see and appreciate the value in time and with much education and support from fTLD and our registrars." His statement is backed by fTLD's survey sent to members of the banking community: - 64% feel that a .BANK domain will be important for the security of the industry - 80% expressed a high interest in .BANK after reading the description and values presented in the survey - 85% said that a higher level of security will be a key factor in their purchase decision - More than 50% said that the vigorous verification standards are appealing in .BANK - More than 50% find it appealing that .BANK will be protected, trusted and an easily identifiable space. Will definitely be interesting to follow the development from 17th of May, when it goes live. The .BANK FAQ Below you will find the answers to the most frequent questions. 1. Who can register a .BANK domain name? The folllowing can apply for a .BANK: A. State, regional and provincial banks that are chartered and supervised by a government regulatory authority. B. Savings associations that are charted and supervised by a government regulatory authority. C. National banks that are chartered and supervised by a government regulatory authority. D. Associations whose members are primarily comprised of entities identified above in A, B and C. E. Groups of associations whose members are primarily comprised of associations identified above in D. F. Service providers that are principally owned by or predominantly supporting regulated entities identified above in A, B and C. (if approved by the Registry Operator Board). G. Government regulators of chartered and supervised banks or savings associations or organizations whose members are primarily comprised of such government regulators (if approved by the Registry Operator Board). 2. Which .BANK domain names can we register? Domain name must: A. Correspond to a trademark, trade name or service mark of the business or organization. B. Not be a Reserved Name. C. Not be likely to deceive or cause material detriment to a significant portion of the banking, insurance and/or financial services communities, its customers or Internet users. 3. Which documentation is required to register a .BANK domain name? A. Full legal name B. Business name C. Business address D. Business phone E. Business email F. Another proof of identity necessary to establish that the Applicant is an eligible member of the banking community (e.g., business license, certificate of formation, articles of incorporation, corporate operating agreement, charter documents, attorney opinion letter, mission statement for non-profit organization). G. For banks and savings associations, the assigned regulatory ID and government regulatory authority issuing its charter or license. Do you work in a bank? If you do then please let me know your thoughts about this new option in the comments. If you plan to register a .BANK and have questions to the process, then do contact me at
  • Joseph Peterson

    Use of .BANK for heightened security, as a regulated name space isolated from phishing schemes, is an intriguing idea. Right now I don’t want to comment on how far or how soon adoption might proceed.

    What I will say, though, is that any bank switching to .BANK as an antidote to phishing would face some major challenges. Mere forwarding is not enough to realize the purported benefits. For as long as the old domain remains a functional doorway for accessing bank accounts, consumers will continue to log in through the .COM or ccTLD address they’re accustomed to; and “phishermen” will continue to exploit that tendency. No, banks would need to go further and PHASE OUT the old domains, forcing login through .BANK. That might be a good idea, actually. But it implies a severe, categorical transition. Ideally customers wouldn’t be locked out overnight, but they might be greeted by a link to the new .BANK website alongside a notice about the old familiar domain ceasing to function in a year’s time.

    Banks implementing this fairly drastic (and perhaps justifiable) change would need to educate 100% of their account holders. Fortunately, banks are adept at reaching their membership online, by phone, and in person. So this is entirely doable.

    What’s most tantalizing (from a domain-industry perspective) is that banks might mobilize their very significant internal marketing and customer resources to educate their members about .BANK and new TLDs in general. This wouldn’t be an empty sales pitch. Unlike most marketing efforts, which largely fail to make an impression, a bank would – nay, must – succeed in reaching 100% of its audience. And because people depend on access to their money, they would sit up and pay attention.

    • Christopher Hofman

      Hi Joseph,

      Thanks for your comment. Always thoughtful. Banks have already today a huge task ahead of them educating not only their clients but also their employees about online scams. When the Carbanak gang ran off with USD 300M from Russian banks over the last year it was due to employees getting phished. Banks need to heighten their security levels, and .Bank can be used as the visual symbol of this project – And yes, a clean slate, where old domain names are 301’ed and nothing else.

  • Interalia

    Thinking globally, will there be a .BANCO for Spanish speaking countries, .BANCA for Italian, .BANKAS for Lithuanian etc. When America first created the Domain name system it demoted the rest of the world to a second level. Is this happening again. Will there one day be a .BANCA.IT or are you seriously expecting all the countries in the world with their myriad of tongues to start using the English word for BANK?

    • Christopher Hofman

      Thanks for your question. The banking community needs one standard extension if they want to increase security. .Bank is the most obvious global term, even though, as you also point out, this isn’t necessarily the case regionally. I would be very disappointed to see a .banco or .bankas out there in phase 2. All banks should make the decision to stand behind one ending and not confuse their clients – and any bank, whether global or local, are all facing he challenge of phishing – an online scam which cost a total of USD 2bn annually.

      • Interalia

        My worry has been with gTLDs that they make it more likely that less that phishing will occur. I say that because when regular folk glance at a URL and see .com/{then a query string} they feel fairly confident at the origin of the domain. As the number of gTLDs increases it will become harder on the eye to assess whether a domain is real or some scammy URL. I also notice that while takeup of gTLDs has been respectable, probably to avoid the risk of domain squatting, there are few in common usage. Take for example the Alexa top five hundred list of websites by traffic, not one gTLD appears. Even among the XXX porn domain not a single one is in the top 500. Do you think then that all the world’s banks will be persuaded to switch from .COM to .BANK to increase security at the expense of loosing their Google rank? Right now I’m!

        • Christopher Hofman

          There was already plenty of room before 2014 to scam people with any of the original domain endings. The difference is now that the banking sector has the opportunity to create a common identifier online.
          Yes, it’s a doubt whether all banks will rebrand to .bank, however it’s one of the more organized sectors, and they all have a big problem in common, where a .bank solves it part of the way.
          If you said that all yoga studios were to use a .yoga being such a fragmented sector and without any obvious reason to change domain name, then we wouldn’t even have this discussion.
          fTLD Registry, the .bank registry, is a brainchild of the American Bankers Association. They wouldn’t be behind this project unless there was commitment to start using the TLD, and as Craig Schwartz says in the interview, it should already happen in 2015.

  • Pingback: .BANK就是银行界所翘首期盼的域名吗? - Brandma Co.()