⇤ Back to edition

The .bank domain could help prevent phishing. Now banks just need to normalize it.

The .bank domain requires verification, which makes it a safer alternative to .com, which bad actors can easily mimic. There’s huge potential for .bank to become a trusted signifier like .gov and .edu and it’s relatively easy for banks to switch: To reap the benefits, they simply need to prioritize it.

It’s frighteningly easy for bad actors to create realistic-looking fake bank websites to dupe customers into giving up their login credentials. Not only can scammers replicate a bank’s user experience, but they can buy URLs that render almost exactly like financial firms’ real websites.  

A rise in phishing has spurred a renewed push for banks to adopt .bank domains (and insurance firms to start using .insurance). Because the domain requires verification for access, bad actors can’t buy URLs that use it. If banks start using the domain, they can teach their customers to only trust websites that include it, which would neutralize most common phishing attacks.  

“The move to .bank is easily managed alongside other bank projects” and will “protect banks and their customers from the ever-increasing, ever-more-costly cyberattacks they face,” Drew Schiff, senior director at fTLD Registry Services, told Insights Distilled. The company oversees .bank domain name issuance, and its best practices make switching “easy, affordable, and completely seamless for customers,” according to Schiff. 

More than 2,200 banks have registered their .bank domains and over 745 are actively using them for website and email security, he added. So, what’s required to make the transition more mainstream? A coordinated effort from the largest banks would be effective, but ultimately, each institution will need to own its own customer messaging. Schiff says that fTLD has created a communication guide to help. 

Paul Benda, SVP of operational risk and cybersecurity at the American Bankers Association, says that the domain’s additional security benefits are an impetus: “Banks looking to bolster their defenses sooner rather than later may want to make the transition faster.”