3 min read

Publication: Navigating the New Domain Landscape. A Relatively Unknown Business Challenge.

Picture of Daniel Morgan Daniel Morgan : Jul 26, 2024

Managed IT Cybersecurity

7:02

A WBA Issues and Answers publication. Dan Morgan addresses regulated domains such as .bank and cybersecurity considerations around domain spoofing and the need for customer education and awareness.

By: Dan Morgan, CTO at Teknologize | Issues and Answers, Washington Bankers Association (WBA), July 2024 | View Article

What Is Going on With Domain Names?

The domain name landscape has transformed significantly since its inception in the early 1980s. Initially serving as organizational tools for the internet, domain names gained prominence in the 2000s as businesses rushed to establish their online presence. Common practices included securing ".com", ".net", or ".org" domains, which served as virtual storefronts for showcasing products and services. While websites were often developed and left relatively unchanged for years, the rise of online banking prompted businesses to make incremental updates to their digital platforms. In recent years, the domain name landscape has expanded with the introduction of new top-level domains (TLDs), providing businesses with a wider array of options beyond traditional extensions. This proliferation offers opportunities for businesses to align their domain names more closely with their industry, offerings, or branding strategies, reflecting the dynamic nature of the internet and its increasing importance in modern business practices.

Fast Forward to the Present.

In 2024, the domain name landscape has evolved dramatically beyond the traditional ".com", ".net", or ".org" extensions. The introduction of new top-level domains (TLDs) has diversified options for businesses, with extensions like “.bank" becoming increasingly familiar. Additionally, TLDs such as ".app" have emerged, reflecting the expanding digital ecosystem. While traditional TLDs remain unregulated, requiring only a registration fee for acquisition, the emergence of regulated and highly regulated domain names marks a significant shift. These regulated domains impose specific rules and requirements, ensuring authenticity and trustworthiness. This evolution underscores the dynamic nature of the internet and its ongoing impact on business practices, emphasizing the importance of adapting to new trends and regulations in the domain name landscape.

What’s the Difference Between Regulated and Unregulated Domain Names?

Regulated domain names are governed by specific rules and criteria. For instance, TLDs like ".games" have stringent policies regarding trademark usage, requiring proof of ownership for registration. Additionally, these domains often prohibit illegal activities and mandate adherence to data protection standards.

Contrastingly, TLDs such as ".loan", ".mortgage", and others offer broader accessibility, catering to both individuals and businesses without stringent verification requirements.

However, the spotlight shines brightest on highly regulated domains like ".doctor", ".bank", and ".university". Governed by strict oversight bodies, these TLDs undergo thorough authentication processes, including verification of credentials and licensure, typically conducted bi-annually. This meticulous scrutiny ensures that only legitimate entities secure these domains, enhancing trust and credibility in the online space. In the ever-evolving digital landscape, these highly regulated domains serve as beacons of reliability, providing reassurance amidst the complexities of online presence management.

Effect on Cybersecurity.

Initially, the introduction of new top-level domain (TLD) options may appear to have minimal impact on an organization's cybersecurity posture. After all, the verification process for registering parties should theoretically bolster trust among end-users. However, as with many innovations, there are drawbacks alongside the benefits. Consider social media: while it facilitates communication and outreach, it also presents security risks.

Take, for instance, the availability of ".bank" domains. While securing such a domain may authenticate a financial institution's status, it can inadvertently foster a false sense of security among customers. This becomes evident when unsavory individuals exploit similar-sounding domains, such as "myBank.loan" or "yourbank.mortgage" to create spoofing pages. These deceptive sites can dupe customers into divulging sensitive information like loan numbers or social security numbers, often without raising immediate red flags.

Unfortunately, many customers may not recognize these fraudulent activities until after their data has been compromised. Hence, it's imperative to educate customers about these risks and actively mitigate them. One approach could involve defensively acquiring additional TLDs like "myBank.mortgage" or "myBank.loan" to prevent malicious actors from exploiting similar domains. Alternatively, investing in robust customer education campaigns can empower users to identify and report suspicious online activities promptly. Ultimately, safeguarding both data and customer trust in the digital realm necessitates a multifaceted strategy that combines proactive defense measures with comprehensive education initiatives.

Brand and Reputation Management.

Another significant concern stemming from the proliferation of domain name TLD offerings is reputation management. Certain TLDs, such as ".sucks" or ".fails" carry connotations that institutions like ours would prefer to avoid. Affiliation with these TLDs could potentially tarnish our organization's reputation, attracting negative attention and distracting us from the positive work we strive to accomplish daily. Just as we diligently monitor for spoofed domains, it's essential to remain vigilant regarding websites that may misrepresent our organization or propagate false narratives about us.

In light of these challenges, adopting a defensive approach akin to that of celebrities acquiring their affiliated ".sucks" TLDs to mitigate negative press may be warranted. Proactively securing domains like "yourbank.sucks" or "yourbank.fails" could prevent unauthorized entities from exploiting them and tarnishing our brand image. By preemptively addressing potential reputational risks associated with specific TLDs, we can uphold our organization's integrity and maintain the trust and confidence of our stakeholders.

WBA Member Logo