Get set to update your bookmarks, the banking industry is looking to carve out a special place for itself on the Web: a .bank top-level domain. The Internet Corporation for Assigned Names and Numbers (ICANN) revealed a long list of new top-level domain applications on Wednesday, and .bank and .insurance showed up multiple times. The Financial Services Roundtable and the American Bankers Association, a pair of banking industry lobbying groups, applied jointly for .bank and .insurance. So did a company called Radix Registry that works solely in the top-level domain acquisition business.
Generic top-level domains are the part of a URL that follows the “dot” — com, org, gov, edu, etc. And from the Web’s beginnings, the different extensions were created to differentiate between different sorts of entities with web presences: com for companies, edu for schools, gov for governmental organizations, and org for non-profits.
ICANN decided to open up gTLDs to be whatever series of letters interested parties asked them to allow — for a price. It cost $185,000 to apply for a new gTLD, and so we see many corporations dominating the long list of new proposed web addresses. A company that appears to be Google or acting on behalf of Google applied for about 100.
A number of financial services companies applied for ownership of their own brand names. Citigroup applied for .citi; Capital One applied for .capitalone; JPMorgan Chase applied for both .jpmorgan and .jpmorganchase; Visa applied for .visa.
Considering an application costs nearly $200,000, there ought to be good reason for a political lobbing groups to invest in such a domain when so many banks are already buying their own names, and when navigating to your bank’s website is currently as easy as remembering your bank’s name, removing the spaces, and adding “.com” to the end of it. Or, you can use your browser’s bookmark function.
Apparently, it’s for security reasons. Understandably, security is a growing concern for financial institutions as more and more of their business is done on the Web. In the interest of protecting consumers from phishing scams and phony sites, the American Bankers Association and The Financial Services Roundtable teamed up to apply for the rights to the .bank and .insurance domains.
Craig Schwartz, Head of Operations for the joint venture, said their goal is to create a “more secure space both operationally and technically.” Any company seeking a .bank domain name will need to meed strict eligibility requirements, said Schwartz. “It will be a very small space compared to other top-level domains.” There are only so many banks in the country, after all. But, Schwartz made clear, it’s an international effort and ABA and FSR have the blessing of a number of international banking groups.
The reason a .bank TLD is more secure than .com is precisely because of its exclusivity. A Bulgarian hacker can’t buy BankOfAmercia.bank to fool typo-prone customers to a fake site, where he can harvest passwords and other financial information from them, because the ABA and FSR won’t let Bulgarian hackers own a .bank domain. (BankOfAmercia.com, it’s worth noting, redirects to Bank of America®’s proper website, as do a number of presumably common misspellings. Some banks are being proactive about phishing threats already.)
Radix Registry, the other company that applied for .bank with ICANN, might not be so selective. Radix applied for 30 other domains, including .deals, .city, .app, .news, .music, and even .website. Radix, owned by Web-hosting and registration powerhouse Directi, has said it has invested $30 million in the application process, and is the sole applicant for .space, .press and .host strings. All that money will need to be recouped somehow, and possibly not through selective screening of applicants to the domain names.
How does Schwartz rank his chances against Radix? “I think our odds are very strong.” The ABA and FSR have been concerned about the issue and in contact with ICANN for half a decade, he said. They will, of course, also be charging for access to their TLD, but that cost has yet to be determined. After all, they’re still just applicants alongside Radix Registry right now.
As more banking moves toward mobile applications, and the web becomes more app-centric, phishing concerns like those that plague the so-called open web might be a thing of the past. You won’t need to worry about a phony URL if you only access your bank through an app on your mobile device. Until then, keep your eyes peeled for potentially redundant URLs (bankofamerica.bank) and some elegant ones — pnc.bank and us.bank actually look nice.