Bank IT Security Experts Clash over Branded Domain Extensions as Anti-Phishing Measure

Some larger banks are adopting a new bank IT security strategy to try to thwart phishing attacks. According to a recent post by Andrew Seidman at the Wall Street Journal online, banks and financial services firms are buying new Internet addresses with extensions over which they will have exclusive control.

Banks that have purchased extensions, such as .bofa and .citi, believe that these extensions will make phishing attacks more difficult because owning a branded domain extension will give the bank exclusive control over all of the addresses with that extension. Of course, the banks also hope that consumers will become familiar enough with the extensions to recognize them as a crucial identifier of the bank’s legitimate sites.

According to the WSJ post, some of the largest banks have paid “at least 3.5 million or $185,000 per address” to ICANN, the non-profit entity that controls new domain extensions. Consumers will likely begin to see the new addresses next year once the extensions get the final approval from ICANN.

Banking Industry Divided Over Potential for Increased Security

Seidman notes that those resorting to this preemptive form of bank IT security include JP Morgan/Chase, Capital One, American Express, and Barclays. Wells Fargo, however, has elected not to purchase branded domain extension, citing both the cost of the exclusive domain extensions and the potential for “diluting of its online brand.”

The motivation for large financial institutions making the domain extension purchases is clear, but many still question whether domain extensions will actually reduce the number of successful phishing attacks on bank customers.

Do you think exclusive domain extensions are an effective strategy to fight phishing, or will they create more confusion among customers without much IT security benefits to banks? Should smaller banks, credit unions, and community banks adopt branded domain extensions? Inherently tempting to Internet scammers, financial institutions are often targeted so bank IT security professionals face unique challenges.

Learn how some of your peers have been meeting these challenges using IT automation. Discover the tools and tactics they have been using to impress auditors and raise the bank IT department’s standing in the C-suite. Register for Kaseya’s Financial IT Leadership webinar series to learn more about bank IT security for your financial institution. 

 

3 Responses to “Bank IT Security Experts Clash over Branded Domain Extensions as Anti-Phishing Measure”

  1. Data102 September 11, 2012 at 7:02 pm #

    Well it’s an interesting idea but I worry if the use of anything other than .com will aid the fishers in confusing the public. Now they could use a .net or other and the customer may not know for a certainty that its not the legitimate extension since they no longer use .com exclusively.

    • Brendan Cosgrove September 14, 2012 at 4:20 pm #

      They are faced with a significant PR campaign to socialize the new root levels and how they are the only one’s who control them. Then of course there’s the spoofing that will be attempted.

  2. electronic cigarettes September 25, 2013 at 11:12 am #

    This post is really a fastidious one it assists new web
    people, who are wishing for blogging.

Leave a Reply:

Gravatar Image

-->