As consumers increasingly turn to the internet for their banking needs, the financial services industry is moving to create its own systems to bolster cybersecurity. The web domain .bank, which launched on June 23, is the latest effort to standardize and secure the online presence of banks.
And it’s an effort that brought together two groups that can at times be at odds with each other: community banks and larger financial institutions.
“It was a result of banks, including community banks, offering more online services,” said Viveca Ware, executive vice president for regulatory policy at the Independent Community Bankers of America. “It was a proactive measure to strengthen the security of the banks and their customers.”
For bigger banks that are increasingly becoming more inviting targets for hackers, the extra layer of security is a welcome one, particularly in the wake of last year’s cyberattack on JPMorgan Chase & Co.’s website that resulted in the exposure of 83 million client records.
Banking groups such as ICBA and the American Bankers Association say they strongly encourage their members to start the process of moving toward implementing the security measures associated with acquiring .bank web addresses, which cost between $1,000 and $1,700.
For financial firms looking to receive the .bank name, they must first prove they are a regulated financial entity, with a re-verification process every two years. In addition, the .bank sites use encryption for their communications and multi-factor authentication systems for registered users.
These measures are “designed to mitigate malicious activities including cybersquatting, typosquatting and phishing,” according to the registration guide issued by fTLD Registry Services LLC, which manages registrations for the .bank domain.
So far, the new domain has been popular with banks of all sizes, according to Craig Schwartz, managing director of fTLD. He said that 2,300 banks have registered since late June.
There are approximately 6,400 financial institutions in the United States insured by the Federal Deposit Insurance Corp.
“We have a tremendous number of community banks – they’re looking for security, they’re looking for a way to differentiate themselves from their competitors, as well as top banks like Chase,” Schwartz said in an interview. “This is a major step forward in carving out a trusted space on the internet for members of the global banking community.”
However, Schwartz cautioned that while the domain was a major step forward for banking cybersecurity, he did not expect it to solve every issue related to online banking.
“Is there anything in the world that can eradicate all the bad things that happen on the internet? Obviously not,” he said. “But the fact that we highly control who gets verified as a legitimate banking institution makes this a safer and more trusted space.”
Schwartz’s company was founded in 2011 by a group of banks and insurance companies and also handles registrations for the new .insurance domain.
Two years later the Internet Corporation for Assigned Names and Numbers, which coordinates web domain names, began expanding its 22 top-level domains, such as .com and .org, to hundreds of new names.
“When ICANN decided to expand the generic top-level domains, the banking industry looked at the process and decided it was important to have a top-level domain designed specifically for the industry and controlled by the industry,” ICBA’s Ware said in an interview.
Banks will not necessarily move to use .bank domains for all of their operations. Instead, Schwartz said banks could decide which domains are for which aspects of their businesses – for example, they might keep a .com domain for marketing their products, while keeping client accounts on their .bank site. Some larger banks have even opted to buy domains that are only used by them, in order to further customize their platform to meet their security needs.
“What is Chase going to do with .chase as opposed to what they keep in their .com?” Schwartz said. “Banks take time to set up their digital strategy.”
Still, despite the number of registrations, the widespread use of .bank will not happen overnight, as the implementation process involves changing a lender’s internal security systems and thoroughly revamping its web presence. Banks must also market their new systems to consumers who may not yet have heard about .bank.
But from Schwartz’s perspective, those changes are worth the time and effort.
“This is a major step forward in carving out a trusted space on the internet for members of the global banking community,” he said.