Mitigation Resources

Risk mitigation is a key component in every aspect of bank operations – the same holds true in the protection of customer data. There are many resources available for identifying and mitigating specific threats to the financial services sector. Industry-led initiatives such as Sheltered Harbor and .BANK can enhance a bank’s overall security and resiliency.

Sheltered Harbor

Sheltered Harbor is a voluntary initiative created by the financial services industry that provides financial institutions and their customers with an extra layer of protection in the event of a disaster or damaging cyberattack directed at an institution. From the smallest to the largest financial institutions, Sheltered Harbor members collectively represent a majority of the retail banking and brokerage accounts in the United States.

In many cases your core processor may provide a Sheltered Harbor solution: read our Core Processor Guide.

How Does Sheltered Harbor Achieve Greater Protection for Community Bank Customers?

Industry Response — Resiliency standards established by the financial services industry ensure that consumers receive timely access to their accounts in the event that their bank or brokerage firm becomes inoperable due to a major cyber event.

Standard Data — All participating institutions make a daily copy of the consumer’s account data in a standard format, which enables the restoration of account by another institution or processor in the event of a major loss of operations.

Monitored Regularly — All participating institutions update their adherence reviews to ensure that the Sheltered Harbor standards are exercised consistently and in accordance with Sheltered Harbor specifications.

Secure Vault — Your customers’ account data is archived in a secure data vault that is protected from alteration or deletion. The data will stay intact and accessible if needed-exactly as when it was archived. Think of this as a fall-out shelter for customer data, with each institution providing its own data vault.

Does Your Bank Have a .Bank Domain?

.BANK is an evolution in relationship management, offering a trusted, verified, more secure, and easily identifiable location on the internet for your customers and your bank, regardless of size. .BANK provides a trustworthy stamp of approval for your online offerings.  

Manage your .Bank domain or register one:

  • EnCirca Website:

    Formed in 2001, EnCirca is an ICANN-Accredited registrar and registry validation provider based in Boston.  EnCirca is the leading domain name registrar for .BANK domain names. EnCirca specializes in complex and custom registrar solutions for the domain name industry. Contact to request a consultation.

  • fTLD Website


What Makes .BANK Safer?

Through verification and mandatory security requirements the .BANK domain creates a safer space and acts as a visual security cue for bank employees or customers. The .BANK at the end of an email address or website URL confirms that the email communication is authentic and that the website is owned by a bank and is a safe place to manage his or her finances. This simple visual cue enables security that employees and customers can recognize and participate in, ensuring the space remains safe for everyone.

.BANK domains have 6 critical security requirements beyond a standard .COM domain creating additional layers of protection to the consumer, plus verification, which when combined with email authentication, creates security that cannot be replicated in the .COM space. Consider the following difference between .COM and .BANK requirements:

Vulnerabilities & Mitigation

Cybersecurity and data security vulnerabilities come in many forms. Use the following links to know what you are dealing with.

ATM Attacks

Business Continuity




Grizzly Steppe


Tabletop Exercises

Tabletop exercises provide a useful tool for banks to evaluate their overall risk, mitigation strategies, preparedness, incident response and business continuity/disaster planning. Check back regularly for updates on exercise opportunities.

Wire Transfers

Regulatory Resources

FDIC's Community Banking Initiative: The agency is adding two new vignettes for the Cyber Challenge, which consists of exercises that are intended to encourage discussions of operational risk issues and the potential impact of information technology disruptions on common banking functions.