Main Street Matters Blog

Using Your Web Address to Fight Phishing and Cyberattacks

Oct 18, 2019
Jeremy Dalpiaz

By Jeremy Dalpiaz

What’s in a website name? It depends. Does your website extension end with .NET, .COM or .BANK? If your bank has not yet adopted the .BANK domain, allow me to spend a little bit of time explaining the benefits.

It can establish and maintain trust, and as community bankers are well aware, upholding trust is key to retaining and growing a loyal customer base. Seventy-nine percent of independent businesses that used community banks report they were satisfied with their overall experience, compared with 67 percent for large banks and just 49 percent for online lenders, according to a survey from the 12 Federal Banks.

The .BANK top level domain (TLD) is an online stamp of trust and a simpler, quicker and more thorough way to educate employees and customers, and to protect them against cyberattacks. It is available exclusively to banks, savings associations and related organizations. This domain is very similar to .GOV, which is only available to government entities, or .EDU, which is only available for educational institutions.

Not only is it restricted to the financial services sector, but it adheres to higher security requirements than other commercially available TLDs, such as .COM or .NET.

For instance, community banks with a .BANK extension must use domain name system security extensions (DNSSEC), which  ensures that website visitors are directed to the correct website. Additionally, email authentication must be used with .BANK extensions to protect against phishing attacks and email spoofing.



To assist with implementation of a bank’s .BANK domain, fTLD has published a Planning and Communications Guide.

According to published reports, the rate of breaches, or theft of sensitive data, in the financial services sector has tripled over the past five years at a cost to banks of $16.8 billion in 2017 alone. These incidents are not only damaging the bottom line, they’re threatening the all-important customer relationship, with one study reporting a 28 percent customer attrition rate following unauthorized activity on their accounts.

As community banks leverage technology (including chip-based payment cards, tokenization, mobile alert programs, and pattern-anomaly detection, among other techniques) a .BANK domain provides another avenue to address cybersecurity risks.  

In an ICBA webinar exploring the benefits of the .BANK domain, State Bank of Cross Plains (www.sbcp.bank) Chief Operating Officer Kevin Piette said the need to enhance the bank's existing mitigation efforts was a driving force behind its transition. "Cybersecurity was one of the largest components of managing our day to day," he said. "So that was probably our biggest consideration [when considering the move to .BANK].”

Just a year later, Piette already sees the benefits of making the switch. “The number of quarantine emails and attacks that we’ve seen on the .BANK name is virtually non-existent,” he said. “The .BANK domain and that move was actually a prudent measure to making us less vulnerable.”

In recognition of Cybersecurity Month in October, now is a good time to consider the .BANK domain as an added protection against a cyberattack. Yes, it is a change in your website address, but it is so much more – it may be an enhancement of your overall security posture.

To offer deeper insights, ICBA has developed a number of resources for community banks considering the .BANK domain. Learn more by visiting our Mitigation Resources page. For more about ICBA’s complete suite of cybersecurity offerings, including our advocacy initiatives, data and cybersecurity training, and breach communication resources, visit www.icba.org/cyber.

Consider the .BANK domain as another tool in your cybersecurity toolbox. Combined with other risk- and fraud-mitigation efforts, using the .BANK domain can help shore up your community bank’s security measures and help safeguard the integrity of your name and the implicit trust it carries with your customers.

Jeremy Dalpiaz is ICBA vice president of operational risk policy.