Bank IT Security Experts Clash over Branded Domain Extensions as Anti-Phishing Measure

Financial IT

Some larger banks are adopting a new bank IT security strategy to try to thwart phishing attacks. According to a recent post by Andrew Seidman at the Wall Street Journal online, banks and financial services firms are buying new Internet addresses with extensions over which they will have exclusive control.

Banks that have purchased extensions, such as .bofa and .citi, believe that these extensions will make phishing attacks more difficult because owning a branded domain extension will give the bank exclusive control over all of the addresses with that extension. Of course, the banks also hope that consumers will become familiar enough with the extensions to recognize them as a crucial identifier of the bank’s legitimate sites.

According to the WSJ post, some of the largest banks have paid “at least 3.5 million or $185,000 per address” to ICANN, the non-profit entity that controls new domain extensions. Consumers will likely begin to see the new addresses next year once the extensions get the final approval from ICANN.

Banking Industry Divided Over Potential for Increased Security

Seidman notes that those resorting to this preemptive form of bank IT security include JP Morgan/Chase, Capital One, American Express, and Barclays. Wells Fargo, however, has elected not to purchase branded domain extension, citing both the cost of the exclusive domain extensions and the potential for “diluting of its online brand.”

The motivation for large financial institutions making the domain extension purchases is clear, but many still question whether domain extensions will actually reduce the number of successful phishing attacks on bank customers.

Do you think exclusive domain extensions are an effective strategy to fight phishing, or will they create more confusion among customers without much IT security benefits to banks? Should smaller banks, credit unions, and community banks adopt branded domain extensions? Inherently tempting to Internet scammers, financial institutions are often targeted so bank IT security professionals face unique challenges.

Learn how some of your peers have been meeting these challenges using IT automation. Discover the tools and tactics they have been using to impress auditors and raise the bank IT department’s standing in the C-suite. Register for Kaseya’s Financial IT Leadership webinar series to learn more about bank IT security for your financial institution. 


Person circle people icon with marker

Vertical Strategies and Top Vertical Markets

Vertical markets are a great way to expand your business. Going after more and more clients no matter their industryRead More

Security You Can Take to the Bank

How Banks and Credit Unions Can Safeguard Data and Ace Audits In today’s rough and tumble environment where hackers noRead More

How Banks Can Stop Fearing the IT Audit

There are few things people fear more than a tax audit. If you are an IT pro in a communityRead More

Simplifying IT Compliance for Credit Unions & Community Banks

As a CIO, IT manager, or MSP servicing financial institutions, you realize that compliance is an important priority. You needRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now