New bank TLD to leave phishers high and dry?

Online security specialist, F-Secure, has this week called on the Internet Corporation for Assigned Names and Numbers (ICANN) to introduce a new Top Level Domain (TLD) for financial institutions. The firm has proposed that creating a ‘.bank’ TLD – or fitting equivalent – that could only be used by registered money-movers could dramatically reduce levels of ‘phishing’, where fraudsters carry out email stings by hiding behind innocent URLs.

A recent study of the domain names landscape – previously reported on IP Review Online – found that the ‘.gov’ code held by the US government is the only spotless TLD in use. It was found to be entirely free of malware (malicious software) and associated phishing risks. Financial instututions have made previous attempts to authenticate their own portals; for example, in summer 2005, the Bank of America began to use specific graphics for its website and customer emails that functioned like watermarks on banknotes, denoting reliability.

However, F-Secure senior security specialist, Patrik Runald, believes it is time to impose a standard TLD across the entire sector. ‘Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank,’ he said on 10 April. ‘So a small bank or credit union phishing site is something that has to be researched.

‘If “.safe” or “.sure” is locked down, then security companies would have a much better set of assumptions to start with when filtering email and web traffic. Security providers would then be able to build a better security product and users would feel safe online.

‘ICANN has the power to create a safer online banking world.’