Tag Archives: .BANK

.BANK and .INSURANCE To Be First New gTLDs to Implement HSTS… After Google

.fTLD Registry Services has announced they will be implementing a security protocol known as HSTS – HTTP Strict Transport Security – to their .bank and .insurance new gTLDs. They will be the first registry to implement HSTS across an entire top level domain outside of Google.

Implementing HSTS at the TLD level means all domain names registered under it will be secure and there will be secure connections between web browsers and all .bank and .insurance websites. As a result, domain name registrants and customers will automatically receive the security benefits of HSTS without needing to take any additional steps to be covered.

fTLD’s new generic top level domains will be added to the preload list on 18 January. Once added to the list, leading web browsers will honour the policy in subsequent updates, including Chrome, Firefox, Internet Explorer/Edge and Safari.

“The HTTPS Strict Transport Security (HSTS) preload list is built in to all major browsers (Chrome, Firefox, Safari, Internet Explorer/Edge, and Opera)”, explained Google in a post on their security blog, and reported in Domain Pulse in October 2017. “It consists of a list of hostnames for which browsers automatically enforce HTTPS-secured connections. For example, gmail.com is on the list, which means that the aforementioned browsers will never make insecure connections to Gmail; if the user types http://gmail.com, the browser first changes it to https://gmail.com before sending the request. This provides greater security because the browser never loads an http-to-https redirect page, which could be intercepted.”

“The HSTS preload list can contain individual domains or subdomains and even top-level domains (TLDs), which are added through the HSTS website. The TLD is the last part of the domain name, e.g., .com, .net, or .org. Google operates 45 TLDs, including .google, .how, and .soy. In 2015 we created the first secure TLD when we added .google to the HSTS preload list, and we are now rolling out HSTS for a larger number of our TLDs, starting with .foo and .dev.

“The use of TLD-level HSTS allows such namespaces to be secure by default. Registrants receive guaranteed protection for themselves and their users simply by choosing a secure TLD for their website and configuring an SSL certificate, without having to add individual domains or subdomains to the HSTS preload list. Moreover, since it typically takes months between adding a domain name to the list and browser upgrades reaching a majority of users, using an already-secured TLD provides immediate protection rather than eventual protection. Adding an entire TLD to the HSTS preload list is also more efficient, as it secures all domains under that TLD without the overhead of having to include all those domains individually.”

HSTS is a step on from HTTPS. “Connections to websites are encrypted using HTTPS, which prevents Web traffic from being intercepted, altered, or misdirected in transit. [Google] have taken many actions to make the use of HTTPS more widespread, both within Google and on the larger Internet.”

Google started “defaulting to HTTPS for Gmail and starting the transition to encrypted search by default” in 2010. “In 2014, [Google] started encouraging other websites to use HTTPS by giving secure sites a ranking boost in Google Search. In 2016, [Google] became a platinum sponsor of Let’s Encrypt, a service that provides simple and free SSL certificates. Earlier this year [Google] announced that Chrome will start displaying warnings on insecure sites, and we recently introduced fully managed SSL certificates in App Engine.”

And going forward Google “would like to see TLD-wide HSTS become the security standard for new TLDs.”

American Banker Outlines New gTLD Adoption Challenges, But One Bank Says It’s a “No Brainer”

Adopting a new gTLD domain name, or even changing a domain name, is not without its challenges. There are costs for changing promotional materials as well as the transition of websites and email addresses for staff. And customer awareness of the change may not be so straightforward.

In an article in American Banker, it focusses on the challenges for .bank. The main bank featured, Farmers & Merchants State Bank in Archbold, Ohio, switched from a .com to .bank got a handful of phone calls wondering where there website had gone. One wonders if they did a redirect – the article doesn’t say.

There were also some customers that thought where a sentence ended with “.bank” in some promotional materials that “the last period was part of the web address, instead of perfect punctuation.”

“We had to rework the sentence,” J. Marty Filogamo, the bank's marketing manager, chuckling, told American Banker.

According to the article a few hundred institutions have made the transition to a .bank domain name, a new generic top level domain that became available in mid-2015.

According to the article, “as Filogamo sees it, the bank’s conversion — which also included changing employee emails — was worth the work because it sets the bank apart and will help assure customers the bank is what it said it is online. The subtle change, after all, is meant to convey credibility, much like a FDIC seal does.”

As Filogamo sees it, the bank’s conversion — which also included changing employee emails — was worth the work because it sets the bank apart and will help assure customers the bank is what it said it is online. The subtle change, after all, is meant to convey credibility, much like a FDIC seal does.

To be eligible for a .bank domain name, one has to be a verified financial institution, which is verified by the registry fTLD Registry Services and “its partner Symantec. The mandatory verification and re-verification of dot-bank domain registrations also requires those who switch to the extension to follow security safeguards, such as obtaining a digital identity certificate.”

There are a number of reasons that those that have registered a .bank domain haven’t started using it. According to nTLDstats.com there are currently around 2,900 registrants.

One that has registered a few .bank domain names is Mercantile Bank in Grand Rapids, Michigan, who “bought a few of the domains to lock down availability, but the innovative bank has no short-term plans to convert to a new address because of the marketing expense and concerns about customer impact.”

“I am not sure when and if we’ll do it,” John Schulte, Mercantile Bank’s chief information officer, said in an email to American Banker.

Shirley Inscoe, a senior analyst with the research firm Aite Group, told American Banker a number of bank execs are still evaluating whether to make the conversion. On one hand, the project has many potential benefits, including added security. On the other hand, the project requires training consumers on the significance of a visually subtle change, and even then, people could still fall victim to spoofing and phishing attacks coming from a dot-com address.

For other banks, converting the domain name may just be a matter of getting to it. Since dot-bank became available in 2015, Inscoe said, banks have been buried in major IT projects, such as EMV rollouts and faster payments. “It’s a prioritisation issue I think,” Inscoe said.

But fTLD is hoping this will change.

Drew Schiff, director of engagement services at fTLD, said in the article that early movers were motivated for a variety of reasons, including the opportunity to own a unique, shorter URL or strengthen security. Others who defensively grabbed domains have been waiting because of concerns about costs and time required on what Schiff describes as “perceived complexity.”

But in the last three to four months, Schiff said, there has been a substantial increase in interest from its registrants to complete their migration to .bank.

“It’s trending up and in the right direction and that’s what we want to see it,” said Craig Schwartz, managing director of fTLD Registry Services.

Farmers & Merchants viewed its .bank domain as an investment that would add one more layer of security as cyberthreats continue to soar.

“Bad guys are always looking for a way in,” said Mike Hess, the bank’s IT systems administrator.

So the bank tied its change to the new domain with the launch of its new website, which other banks have also done. Another to tie its move to a .bank domain was Lead Bank in Garden City, Mo.

The .bank domain was a way to help distinguish the community bank in a new market, Melissa Beltrame, director of marketing at Lead Bank, told American Banker. She also saw it as a way to boost Lead Bank’s security and prove that small banks aren’t tech laggards as some suggest. Beltrame likened her bank’s .bank investment to a flu shot — it may not stop everything, but it strengthens the bank’s defences.

One problem the bank faced was their emails with the new domain ending up in spam filters, which was fixed. But the bank didn’t lose SEO value and consumers weren’t confused. “If anything, it created a sense of curiosity,” she said. They also managed to shave a few characters off their original domain name.

The article concludes with Beltrame saying she realised bank silos may be one reason more banks haven’t converted domains, however she is perplexed that Lead Bank is still an early mover two years after flipping the switch.

“I can’t figure out why more banks don’t move to dot-bank,” she said. “It seems like a no-brainer.”

Request for Proposal to Allocate Reserved Names

BANK gTLD logofTLD is permitted by ICANN to reserve names, which it may use for itself, allocate in the future per the mechanisms enumerated in its Name Allocation Policy or keep permanently unavailable for registration. fTLD has reserved names comprised of Common Community and Generic and others such as single-character and two-letters.

fTLD’s Reserved Names Challenge Policy provides a process for an eligible entity to request allocation of a Reserved Name or to challenge a Reserved Name allocation and this information is about the former. The process requires the requestor to first file a complaint with fTLD and provide evidence to support their right(s) to the domain name and fTLD will attempt to resolve the complaint internally. If fTLD is unable to resolve the complaint, the requestor may submit a challenge to the National Arbitration Forum (NAF).

The outcome of a successful challenge either with fTLD (or NAF) is the removal of the name from the respective Reserved Names list and potential allocation of the name by one of the mechanisms in the Name Allocation Policy. A successful challenge with fTLD does not result in the requestor being awarded the name, but rather gives them an opportunity to compete to receive it.

On August 4, 2015, fTLD was authorized by ICANN to release specific two-letter names in .BANK (the available two-letter names are referenced in the related RFP Process link below). fTLD will release applicable two-letter names as well as all single-character names as Premium Names, which will be subject to fTLD premium registration and renewal fees and therefore, you should consult with your registrar on their fees for such names.

RFP Process – Name(s) Successfully Challenged in the Reserved Names Challenge Policy

RFP Process – Single-character and Two-Letter Names

Archived RFP’s

  • Issued: September 30, 2015 and closed on November 6, 2015 for the following names: american, associated, mercantile, northwest and savingsinstitute.

This fTLD announcement was sourced from:

Daily Wrap: Registrars Object To .BANK Demands, SIDN Rebrands, 2015 Record Year For .PL, Rightside Investor Wants Major Changes and Drown Bug Puts 11 Million Websites At Risk

SIDN transition logoRegistrars have objected to what they describe as unreasonable demands on new rules fTLD Registry Services are trying to impose on them for selling .bank domains.

According to a report in Domain Incite, “the Registrar Stakeholder Group formally relayed its concerns about a proposed revision of the .bank Registry-Registrar Agreement to ICANN at the weekend.”

“A key sticking point is fTLD’s demand that each registrar selling .bank domains have a dedicated .bank-branded web page” with some registrars saying it will “require extensive changes to the normal operation of the registrar.”

The Polish ccTLD, .pl, had its best year ever in 2015 in terms of the daily average number of .pl domain name registrations, according to the NASK’s report on the .pl domain name market for the fourth quarter. At the end of December the .pl domain Registry, with nearly 2.7 million names, was the eleventh largest ccTLD in the world.

Last year the daily average was 3,068 names .pl domains registered compared to 2,818 in 2014. 2015 was the sixth year that the number of new .pl domains exceeded one million, with 1,119,896 new domains registered. The total number of .pl domain names registered at the end of 2015 was 2,681,752.

“In accordance with the prognosis, the 2015 year was one of the best year in the history of the Polish Registry. Over the last twelve months the .pl Registry attained a record number of new registrations,” said Michał Chrzanowski, the Director of NASK.

“The annual growth dynamics for the end of December resulted with 6.23%, being the highest value for the last four years. At the same time the number of Registrants in the Registry grew last year by 60 thousand, thus the barrier of one million Registrants has been exceeded.”

The report is available for download from:

SIDN, which started life as the registry for .nl (Netherlands) is rebranding to take into account that they now provide registry services for additional TLDs – .aw and .amsterdam and most likely later in 2016 .bv.

Additionally, through a partnership with Simplerinvoicing, SIDN is taking their first steps as a trust framework manager.

The new branding has more colours than a rainbow and the organisation says the “new logo expresses the stability and reliability of our organisation, with an array of colours reflecting the diversity of our activities.”

SIDN has “also decided to use a less formal style of writing. One that suits the modern, accessible organisation we want to be.”

Rightside has upset one of its major investors, with “a hedge fund manager known for causing trouble at the companies he invests in [savaging] Rightside, saying its focus on new gTLDs at the expense of its registrar business is ruining the company,” according to a report in Domain Incite.

The report says “J Carlo Cannell of Cannell Capital is looking for some serious bloodletting. He wants Rightside to cut 20% of its staff, close offices, unify its products under the eNom brand and replace two of its directors.”

“He’s threatening to wage a proxy war to replace the Rightside board if he doesn’t get what he wants.”

“A major flaw in the HTTPS protocol has been uncovered that may leave as many as 11 million websites at risk, as well as any other services that use SSL and TLS encryption,” reports V3.

“The security protocols are widely used to encrypt web transactions and other highly sensitive traffic. HTTPS has also been increasingly deployed to protect people’s browsing of ordinary websites in an era when more and more governments are engaging in large-scale web surveillance.”

“The flaw, dubbed Drown, could be used to access all kinds of sensitive information, the researchers explained in a detailed posting on a dedicated website.”

More information is available from:

Daily Wrap: .BANK and .VN Keep Moving, Sherry Gets First .WINE Registration

BANK gTLD logoThe .bank gTLD continues to get traction with the banking community having reached 5,165 registrations from banks within the United States from 2,534 banks and 560 registrations from banks outside the US.

Registrations of .vn domains continue to grow with over 106,300 new .vn domains registered in the first 11 months of 2015 bringing the total number of registrations to 343,370, a year-on-year increase of 16.4 per cent, according to the Viet Nam Internet Network Information Centre (VNNIC).

Sherry Wines became the first company in the world to use a .wine domain apart from the registry, according to a report on The Drinks Business. Previously the company used the sherry.org domain. According to the report, “sherry.wine will publish interviews, events, recipes and news in English, Spanish, German and Dutch.”

Daily Wrap: Verisign and XYZ in Dodgy Deals, Domains Becoming More Relevant and Who Should Use New gTLDs

dotXYZ logoVerisign and the .xyz registry operator XYZ.com have both come off looking a little stupid following a recent court case whereby the .com and .net registry operator took XYZ.com saying they both looked a bit dodgy, according to a recent Domain Incite report.

“Explaining his dismissal of Verisign’s false advertising lawsuit against .xyz registry XYZ.com, Virginia judge Claude Hilton today said that XYZ.com’s statements about its registration numbers were ‘verifiably true’.”

“At the same time, he confirmed that they came about as a result of a bullshit deal with Network Solutions to bolster .xyz’s launch numbers.”

“That bogus deal enabled XYZ to report big reg volume numbers without actually, legally, lying.”

He may have a bit of bias since he’s the Managing Director of fTLD Registry Services, the operator of .bank, but Craig Schwartz argues on The DNA blog that domain names are increasingly becoming more relevant, not less.

Schwartz argues in part that “in many ways, a website’s domain name is a critical component of the [customer] introduction.”

“As we are painfully aware, cybersecurity breaches have increased significantly in the past decade, causing financial and perhaps even reputational, losses for brands that are not at the forefront of anti-cyber attack practices (and even some which are). Yet consumers across the globe still continue to conduct business online. As such, they are looking for brands to take the lead in ensuring a safe virtual experience.”

Schwartz then concludes “yet the foundational structure for a brand will always harken back to a website, anchored by a relevant domain name.”

Who should be using new gTLDs and when? That was a question the European Domain Name Centre asked of various industry participants recently. Reasons given include the ability to get a good domain, memorable name that isn’t available in often preferred TLDs, a regional gTLD can tell website visitors that you are providing services to that particular region, regional gTLDs can assist with targeting a wider customer base, underline a local heritage such as with the .wales and cymru gTLDs, assist with search rankings in local geo-gTLDs.

36% of US. Banks Purchased .BANK Domains Names

BANK gTLD logo[news release] In the United States there are approximately 6,800 banks. Right now, you’ll find most of them online at a .COM domain name — but all of that is starting to change.

Since May 2015, 2,465 banks have purchase d one or more .BANK domain names — signalling their commitment to providing a trusted, verified and more secure location online for their banking services.

Purchasing a .BANK domain name is available only to verified members of the global banking community , and fTLD Registry Services , alongside trusted partners, ensures it stays that way.

For the financial services industry, the need to provide higher levels of security and verification in the face of mounting cybersecurity breaches and growing fraud is strong. BITS President Chris Feeney cited the whirlwind of .BANK activity earlier this summer: “In less than a week, the new .BANK web extension surpassed more than 5,000 applications from more than 2,100 institutions in the banking community.”

Doug Johnson, senior vice president of payments and cybersecurity policy for the American Bankers Association recently called the banks’ actions to further curb cyber fraud “a proactive step to address an issue we know exists.”

Now, fTLD Registry’s recently released infographic paints a picture of what has been happening behind the scenes during the past six months to provide a trusted and more secure location on the Internet for banks and consumers.

Of the 4,907 domain names registered by banks in the U.S. (banks can register more than one domain name), five states lead the pack: Texas, Massachusetts, Missouri, Illinois and Pennsylvania.

Globally, .BANK is taking hold too. Outside of the U.S., 441 .BANK domain names have been registered.

Migrating an online banking platform will understandably take a considerable amount of time, which is why we’re just now seeing banks starting to use their .BANK domain names .

But, as a recent Cleveland Plain Dealer article stated, “it will help customers know they are going to the real site and getting emails from a real employee at the actual bank.”

And that is good news for both banks and consumers.

This fTLD Registry Services news release was sourced from:

.BANK Commences GA With Trust For Banking Customers At Its Heart

BANK gTLD logoAs the new gTLD roll out rolls on one that has trust and security at its heart launched its General Availability today (24 June). The .bank gTLD became available for the global banking community and is intended as a way internet users can be sure their financial institution is legitimate.

“For .bank, the level of security provided is crucial. Consumers need to be absolutely certain that their personal and financial details are safe,” said Gunter Ollmann, CTO of NCC Group’s Domain Services division.

“Open generics aren’t good for businesses or customers alike unless security has been given the utmost priority.”

“The Technical Policy that we created for the .trust domain is a benchmark that they should be looking at. Network, web application, email, malware and DNS risks all need to be covered.”

.Bank is operated by fTLD Registry Services, LLC—a coalition of banks, insurance companies and financial services trade associations from around the world—to ensure it is governed in the best interests of banks and their customers. fTLD has a deep understanding of the banking and insurance communities, their customers’ and their institutions’ needs.

fTLD was granted the right to operate .BANK on September 25, 2014, and .INSURANCE on February 19, 2015. All applicants will undergo a thorough verification process before being awarded a domain and must comply with strict registry policies. Verification of the eligibility of registrants will be undertaken by Symantec.

.BANK Launches into General Availability On 24 June

BANK gTLD logo.bank will launch into general availability on 24 June at 00:00:00 UTC for all eligible members of the global banking community. Managed by fTLD Registry Services, the private company owned, operated and governed by banks, insurance companies and their respective trade associations, “.bank”, is a new communications channel, fortified with enhanced security measures that exceed those of most existing and new gTLDs . During the initial sunrise registration period, there were more than 700 applications made for .bank domains.

“For banks looking for an innovative, secure way to connect with customers, partners and regulators, .bank is the solution,” said Craig Schwartz, managing director of fTLD. “This is a pivotal opportunity for the industry moving forward, and we’ve seen significant demand for .bank registrations during sunrise. An increasing number of banks recognise that a .bank domain will signify that their institution has been verified as legitimate and committed to implementing security requirements that go beyond existing standards to protect customers’ sensitive information.”

All .bank domains will meet enhanced security requirements that are not mandated in other top level domains. Symantec, a global leader in security, is adding a layer of trust to .bank by verifying the authenticity and eligibility of companies requesting domain names before they are awarded. Additionally, Architelos will provide security monitoring services for the .bank domain and will provide an additional layer of protection to the new domains by implementing its NameSentry service to monitor for domain name abuse schemes including phishing, distribution of malware, use of botnets and spamming.

.bank is the first top level domain created specifically by and for the banking industry,” said Nate Wehunt, senior vice president and digital channels manager at City National Bank. “The enhanced controls and protocols that are integral to .bank raise the standards for security. What’s more, this initiative provides a new layer of support for the ever – evolving cyber security space, and – as the first bank to be issued a .bank domain name – City National is pleased to play a leadership role.”

In addition, the enhanced security requirements will help eliminate cybersquatting and typosquatting. Requirements for strong encryption will help prevent cyber criminals from eavesdropping and data tampering, while ensuring that the intended recipient – other institutions, vendors, customers and regulators – is reading the exact communication sent.

“Symantec has partnered with fTLD to ensure that every .bank domain begins with a solid foundation on which a bank can build and maintain its online brand,” said Geoffrey Noakes, Senior Director of Business Development at Symantec Corporation. “We recognize the industry demand for a more secure channel to exchange information with other institutions, vendors and regulators. With a leadership position in the security industry, Symantec is proud to bring its knowledge and expertise to the .bank platform.”

“More and more, clients are using online services to manage their financial lives,” said BB&T Chairman and CEO Kelly King. “The new .bank domain is a great way to show them that financial institutions are committed to a safe and secure experience. This is an opportunity for the entire banking community to create a trusted and clearly identified space for online banking services.”

All chartered and supervised banks and savings association are eligible to register domains in “.bank.” All domains are available from fTLD – approved registrars and will be awarded on a first – come, first – served basis. The current list of registrars is available at www.register.bank/registrars.

About .BANK
.BANK is a new top level domain developed by and for the global banking community. It is a trusted, verified and more secure location on the Internet for the banking industry and the customers it serves. fTLD Registry Services, an organization established in 2011 by a coalition of banks, insurance companies and financial services trade associations from around the world, manages the .BANK domain. For more information, visit www.ftld.com

This .bank news release was sourced from:

fTLD Registry Selects Symantec as Verification Agent For .BANK

Verifying that domains registered in new gTLDs such as .bank and .insurance are genuine and not some sort of scam, and to gain the trust of potential registrants and internet users, is an issue to overcome for such gTLDs. For .bank and the pending .insurance, to be operated by fTLD Registry Services, the job has been given to Symantec Corporation.

In this role, Symantec will add a layer of protection to the new domains by verifying the eligibility of companies requesting domain names, making sure the person requesting the domain name is authorized by the company and ensuring the name requested by the company complies with fTLD’s policies.

“The cornerstone of consumer trust in ‘.bank’ and ‘.insurance’ is ensuring that only verified members of the banking and insurance communities are permitted to register domain names,” said Craig Schwartz, managing director of fTLD. “Symantec is the market leader in verifying the authenticity of organisations and we are confident in their ability to uphold our strict standards.”

fTLD announced they selected Symantec following a public request for proposals process in April 2014. Symantec is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere.

fTLD is owned, operated and governed by members of the global banking and insurance communities. For more information, see ftld.com.