The website you visit for online banking may soon be changing.
In an effort to improve cybersecurity at banks, the Internet Corporation for Assigned Names and Numbers, which is the nonprofit organization responsible for managing the domains and web addresses across the Internet, has created a new domain name: .bank. It is only available for verified banks, credit unions, and other qualifying financial institutions.
The .bank domain will be managed by a financial industry advocacy group, ensuring that all websites ending with .bank are owned by real banks conducting real business with consumers around the world. To understand why this change is such a positive one, let's break down exactly what's changing and why it matters to you.
What's actually changing?
Prior to the creation of .bank, banks and other financial services companies registered their websites just like everyone else with a .com address. Because anyone can register any available .com web address, banks didn't have control over who owned web addresses with similar words or phrasing as their brand.
For example, Bank of Anytown could have the website www.BankofAnytown.com, but someone else could own www.BankAnytown.com. For consumers, it could be confusing which website was actually correct, and for banks, this was a significant security risk. There was nothing stopping a hacker from using the second URL to deceive and defraud the (real) bank's customers.
Only verified banks are allowed to register a .bank website, though. That means when you go to a .bank URL, you can be certain you're on a real bank website instead of a hacker's scam site.
The cybersecurity and technology company Symantec has been contracted to verify and periodically reverify that each registered .bank domain is in fact owned by a real bank, credit union, or other eligible financial institution. The domain will also benefit from increased monitoring, detection, and security protocols. You can view a more detailed list of the enhanced security features included with a .bank domain by scrolling halfway down the FAQ from this registrar.
Why .bank matters to you
Today, hackers and online fraudsters can clone bank websites and put them online with web addresses similar to an actual bank. From there, a fraudster could drive traffic to the fake website via spam emails, fraudulent advertisements, or by making the web address of the fake site similar to the name of the real bank.
Once the customer ends up on the fake site from any of these methods, the risk of fraud is very high. Because the fake website looks identical to the real thing, the customer may enter their username and password, giving the hacker all the information needed to log onto the real site and empty their account or steal their identity.
With .bank, this kind of scam can be avoided. When you go to a bank website on the .bank domain, you can rest assured that this bank is legitimate.
This change is going to be a process, so don't expect your bank to transition to .bank overnight
Banks are not required to switch their .com website to .bank, though many are going through the process at this time. It is a major endeavor for a bank to transfer all of its online infrastructure to a new domain, and as such, banks will approach this change slowly and with caution.
However, as of last month, over 2,400 banks have already applied for their own .bank URL. So, while change may be slow to come, the huge number of applications for .bank domains does indicate that banks are moving in this direction.
In a world where people's finances are increasingly online, this change -- and others like it to improve cybersecurity -- are both welcome and needed. Consumers should look forward to the transition to .bank, and banks should migrate quickly and prudently to this new domain. It is truly a win-win for everyone involved.