Some larger banks are adopting a new bank IT security strategy to try to thwart phishing attacks. According to a recent post by Andrew Seidman at the Wall Street Journal online, banks and financial services firms are buying new Internet addresses with extensions over which they will have exclusive control.
Banks that have purchased extensions, such as .bofa and .citi, believe that these extensions will make phishing attacks more difficult because owning a branded domain extension will give the bank exclusive control over all of the addresses with that extension. Of course, the banks also hope that consumers will become familiar enough with the extensions to recognize them as a crucial identifier of the bank’s legitimate sites.
According to the WSJ post, some of the largest banks have paid “at least 3.5 million or $185,000 per address” to ICANN, the non-profit entity that controls new domain extensions. Consumers will likely begin to see the new addresses next year once the extensions get the final approval from ICANN.
Banking Industry Divided Over Potential for Increased Security
Seidman notes that those resorting to this preemptive form of bank IT security include JP Morgan/Chase, Capital One, American Express, and Barclays. Wells Fargo, however, has elected not to purchase branded domain extension, citing both the cost of the exclusive domain extensions and the potential for “diluting of its online brand.”
The motivation for large financial institutions making the domain extension purchases is clear, but many still question whether domain extensions will actually reduce the number of successful phishing attacks on bank customers.
Do you think exclusive domain extensions are an effective strategy to fight phishing, or will they create more confusion among customers without much IT security benefits to banks? Should smaller banks, credit unions, and community banks adopt branded domain extensions? Inherently tempting to Internet scammers, financial institutions are often targeted so bank IT security professionals face unique challenges.
Learn how some of your peers have been meeting these challenges using IT automation. Discover the tools and tactics they have been using to impress auditors and raise the bank IT department’s standing in the C-suite. Register for Kaseya’s Financial IT Leadership webinar series to learn more about bank IT security for your financial institution.