The option of reducing the risk of domain names being hijacked by cybercriminals by signing up to a Registry Lock has been available through many top-level domains for several years now, but the uptake among brands, to which they are mostly aimed, has been very slow.
This is the subject of a recent blog post from SIDN, the manager for the Netherlands ccTLD .nl, who note that only 150 of the 5.8 million .nl domain names are secured with .nl Control, SIDN’s name for their Registry Lock.
While there is a cost involved in securing a domain name with a Registry Lock due to extra costs incurred, mostly in time by registrars and registries, the cost is inconsequential to business. And the costs of having one’s domain name hijacked by criminals can be major through loss of reputation and sales. Businesses known to have suffered having their domain name hijacked, and which the option of a Registry Lock likely would likely have prevented, in recent years even include Google, among other high-profile brands.
Despite the benefits of a Registry Lock and that to date they haven’t proven popular, they do protect against all hacks, including the hacking of a hoster or registrar. SIDN in their post say by “offering registry locks to customers, a registrar is effectively implying that its own systems are not entirely secure against hacking.”
They work by requiring any changes in a domain name record to be verified before the change can happen.
SIDN also note another problem: “the lack of good (international) e-IDs.” SIDN offer than own eID – eHerkenning in the Netherlands, but this is “only just starting to gather momentum as a business eID. And, without an e-ID system that everyone’s at home with, old-fashioned paperwork is the only way of verifying a customer’s identify in order to set up a registry lock.”
And when it comes to Registry Locks there’s a lack of standardisation which is an issue for the industry as well. A .com lock doesn’t work the same as a .nl lock, so things can get complex for an international company with multiple domains. Standardisation, SIDN note, was an issue of discussion between registries and registrars at the CENTR Registrar Day: why can’t the national registries get together and agree on a uniform registry lock?
SIDN go on to say that “as cybersecurity awareness grows and the value of a domain name is recognised more widely, the business community is coming to see an unprotected name as a vulnerability. It’s also increasingly common for a domain name to be pledged as collateral for a business loan. And the desire to make sure that a pledged domain name is completely secure is understandably strong. The rise of electronic IDs, such as eHerkenning, is also significant. By reducing the administrative burden associated with a registry lock, e-IDs are lowering the threshold to getting a name locked. It comes as no surprise, therefore, that various national registries represented in Brussels announced plans to introduce locks or to expand their existing services.”