If a website uses a domain name containing the word "bank," is it really a bank? The answer may be as puzzling as the ancient thought-provoking philosophical question, "If a tree falls in a forest and no one is around to hear it, does it make a sound?" With the rising problems that banks and other financial institutions are facing online, the question is becoming increasingly important.
Fortunately, there's a (relatively) short answer to the bank domain name question. Unfortunately, it's like the answer to many legal questions: It depends.
It depends where in the domain name the word "bank" appears:
- If the word "bank" is a part of the second-level portion of the domain name, such as <bankofamerica.com>, then the corresponding website may or may not be for a real bank. (To be clear, the domain name I just cited as an example is indeed used by Bank of America -- a real bank.) That's because second-level domain name registrations in most top-level domain names (such as .com) are not restricted. In other words, anyone can register a second-level domain containing the word "bank" in the .com top-level domain.
- On the other hand, if the word "bank" is actually the top-level domain (TLD) -- that is, .bank -- then the domain name must be associated with a website for an actual bank or related entity. That's because the .bank TLD, operated by fTLD Registry Services (which also operates .insurance), is restricted. Specifically, fTLD's Registrant Eligibility Policy for .bank states that .bank domains are available only for "[s]tate, regional and provincial banks that are chartered and supervised by a government regulatory authority," or certain other qualified banks or bank-related entities.
The distinction is an important one.
That's because many domain names with the word "bank" in the second level are not registered by banks and, instead, have been used to conduct various scams. For example, the domain name <capitallbank.com> was used by a cybersquatter (not by Capital Bank) to "conduct a phishing scheme designed to obtain sensitive personal and financial information" from Capital Bank's customers. Other domain names, such as <amgybank.com> and <td-bank-support.com>, have been used by cybersquatters to provide banking-related links that were not necessarily associated with the obvious trademark owners (that is, Amegy Bank and The Toronto-Dominion Bank).
Fortunately, all of the domain names in the preceding paragraph, which were once registered by cybersquatters, were transferred to the real banks through proceedings under the Uniform Domain Name Dispute Resolution Policy (UDRP).
Real banks apparently are finding the .bank TLD attractive. For example, Badger Bank in Wisconsin is now using the domain name <badgerbank.bank> because " banking staff knew that instituting a .BANK domain name would help solidify its strategic plan of focusing on cybersecurity measures to better serve its customers."
But, not all of the new gTLDs are restricted, including many of those that might be attractive to banks or other financial service providers. For example, .creditunion is intended for use only by "organizations that have a nexus with the credit union sector." But .creditcard is unrestricted.
Given the long list of new gTLDs that are associated with the banking and financial services industries -- such as .accountant, .broker, .financial, .fund, .markets, .money, mortgage, .netbank and .trading (just to name some!) -- the potential for confusion (by both trademark owners and their customers) is apparent.
Additionally, many of the hundreds of other new gTLDs that have nothing to do with the financial services sector are being used by cybersquatters. For example, banks already have filed and won UDRP complaints for the domain names <dollarbankloancenter.xyz>, <citibank.porn>, <hancockbank.online> and <tdbank.email>.
Thus, it is apparent that the new gTLDs are providing both opportunities and significant new risks for banks and other financial service providers. As a result, these organizations must become even more vigilant in policing domain names that violate their trademarks , to protect their customers as well as the future of their ability to safely conduct business online.