Masters of Their Domain

Found on Foreign Policy on Monday, 07 May 2007
Browse Legal-Issues

Computer security is a complex issue, and there is no simple cure-all. But one thing that continues to baffle me is the way we bank online. Think about the Web address of your bank. It probably ends in one of the common top-level domains: ".com" if you're in the United States, or, depending on your home country, in something like ".uk," ".de," ".jp," or ".ru."

Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason—something like ".bank," for example.

Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn’t be just a few dollars: It could be something like $50,000—making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.

The creation of a new domain for a specific industry is not unprecedented: We’ve already done it for museums, with their restricted ".museum" top-level domain.

Baffling. I assumed that Mikko Hypponen from F-Secure would know his job better. A .bank TLD won't help much; users simply have to learn and pay attention. Seriously, if I look at all the phishing mails I receive, I wonder how this can actually work with URL's like bankofamerica.wescamyou.ru; some phishers don't even bother and use Geocities to host the site. Not to mention the catastrophic spelling and grammar. If you follow a link in an email, written by a dyslexic, leading to some weird country and are stupid enough to enter your bank details, then really, you deserve getting ripped off. (Oh, and I can't remember stumpling over a .museum domain).