With the rise of fintech and crypto came an explosion of products and services that appear to be backed by banks but are unregulated and pose a significant financial risk to consumers. In an effort to quickly identify legitimate banking institutions, fTLD Registry Services, LLC created the .BANK URL in 2015 to mitigate online phishing scams that can cost consumers devastating losses to their bank accounts and online security in a data breach. fTLD bills the .BANK domain as an “online stamp of trust1.” When a consumer sees the .BANK domain they should know that they are dealing with a credible institution that has undergone a rigorous application process and meets the highest level of ongoing compliance regulations.
With the completion of system integration for Allegiance Bank and CommunityBank of Texas on February 21, 2023, the newly formed Stellar Bank launched a new website and URL, Stellar.Bank. As the largest community bank in the Houston area, Stellar Bank is committed to providing the same online security found at national and global financial institutions. Below we provide insights on what the .BANK domain is and how it benefits our clients.
What is a .BANK URL?
A .BANK URL is simply a gated domain like a .gov or .edu, but for verified banks2. While anyone may purchase a .com, Stellar Bank has decided to be verified with a .BANK URL so that clients can quickly and confidently verify any online communication with Stellar Bank.
Is .BANK more secure?
.BANK is an HTTPS-only community to support privacy and integrity of web services by default. The Security Requirements mandate encryption via a digital identity certificate (e.g., TLS certificate) and specifies Encryption/TLS requirements for .BANK websites. Banks that choose to enhance their cybersecurity with .BANK have a security advantage over other banks that stick with public domains such as .com, .net, and .org that do not mandate encryption or HTTPS requirements3.
Who Can Purchase A .BANK URL?
Only eligible organizations may purchase a .BANK URL. fTLD Registery Services, LLC requires organizations to meet strict criteria of what they define as an eligible organization to maintain the highest level of compliance and cybersecurity. An eligible organization must be one of four government-regulated entities of a:
- Retail bank
- Savings Association
- National retail bank
- A retail bank or savings association holding or parent company
fTLD performs the initial verification of an organization, and continues an annual verification thereafter. If an organization changes their name or information, fTLD will also conduct another verification to ensure the organization is maintaining eligibility criteria.
What Are the Additional Security Requirements of a .BANK Domain That Make It More Secure?
An eligible organization must meet four registrant security requirements to acquire the .BANK domain. After being verified in the preliminary verification round, the eligible organization is then required to complete the Zone, Encryption, and Email Authentication cybersecurity requirements. Below is a brief explanation of the Registrant Security Requirements4.
- Preliminary Verification: The eligible organization’s name is verified to correspond to the domain. This verification prevents cybersquatting and makes it impossible for scammers to register a domain name or contact bank customers posing as an imposter.
- Zone: The first Zone requirement ensures that authoritative name server host names are within the .BANK domain zone. The second Zone requirement implements Domain Name System Security Extensions (DNSSEC). These ensure that internet users are reaching your organization online and have not been redirected to a fraudulent website.
- Encryption: The first encryption requirement is to obtain a digital identity certificate and will resolve to HTTPS, which ensures all data is secure in transit. The second encryption requirement ensures that Transport Layer Security (TLS) has been implemented, which creates an encrypted connection, protecting online communication and secure transmission of information and transactions.
- Email Authentication: Domain-based Message Authentication, Reporting, and Conformance (DMARC), protects against phishing and spoofing, and increases the deliverability of email to clients.
A full description of these four security requirements may be found here.
Of course, any efforts to combat cyber-criminals are not 100% foolproof. Online users should be vigilant when accessing information online. Pay special attention as you navigate the web, ensuring the correct .BANK domain is present in any web or email communication. Following the launch of stellar.bank on February 21, 2023, Stellar Bank clients should make sure to update any bookmarks on mobile devices, computers, or tablets to ensure you are being directed to the .BANK domain.
Questions, comments or concerns about our transition to Stellar.Bank?
Sources:
https://www.bankrate.com/banking/what-is-dot-bank-domain/https://www.register.bank/customerfaq/
https://www.register.bank/faq/#securityhttps://www.register.bank/securityrequirements/
