It’s not the move you’d think about at first, but in recent years, banks have been changing their web whereabouts.
Instead of staying at well-known dot-com addresses, a few hundred financial institutions have been relocating to dot-bank top-level domains. What sounds insignificant is meant to show you the bank is really a bank at a time when online scams continue to soar.
But there’s a reasonable chance you are about as familiar with a dot-bank as you are Latin. For starters, your bank may not have rolled out the dot-bank extension — yet. The top-level domain became widely available in mid-2015, but plenty of banks have yet to make the switch. Or, perhaps you haven’t noticed the change in the URL because you’re clicking on a bookmarked website that redirects you to the new location.
Whatever the case, institutions like Lead Bank, City Bank Texas and North Shore Bank have already made the move and more are expected to follow suit. It’s good to get to know what dot-bank is because the extension is more effective at combating online scams when you notice the suffix.
What is dot-bank?
The fTLD Registry Services, the coalition operating the dot-bank extension, bills the domain as an “online stamp of trust.”
That is because the dot-bank extension is exclusive. Unlike a dot-com, only banks and others like select bank tech vendors can get the extension for their URLs and their emails. Not only is there a vetting process for applicants, but banks with dot-bank extensions must also comply with registry policies on an ongoing basis, like implementing email authentication.
Drew Schiff, director of engagement services of fTLD Registry Services, describes dot-bank as a “quick visual cue” to trust that the source is a bank. Think of it as akin to a blue badge on Twitter that lets you know the account is verified or like a dot-gov extension that represents a government entity.
The possibilities of dot-bank
The big idea behind dot-bank is to help prevent cybercriminal attacks.
One persistent scam involves criminals sending you emails with links that catapult you into a fake bank website that looks a lot like the real one, especially when you’re in a hurry. So, you give criminals your personal bank data without even realizing you’ve been conned.
“It’s so lucrative for the bad guys that they are not going to stop,” says Shirley Inscoe, a senior analyst at Aite Group, a research and advisory firm.
Dot-bank — which financial institutions also deploy in their companies’ email addresses — is designed to get in front of such attacks; the criminals shouldn’t be operating dot-bank addresses. Of course, you could still fall victim to attacks if you’re not looking for the dot-bank in the address.
As Inscoe puts it: “There is nothing 100 percent foolproof.”
Why isn’t my bank on a dot-bank?
There are many reasons your bank might not yet use dot-bank. What requires just a quick glance from you, requires banks to spend time and money on the switch, including investing in marketing and branding initiatives, and potentially fine-tuning their internal systems. In other cases, some banks might just be waiting for the right moment, like North Shore Bank did.
Derek Rowan, IT manager at North Shore Bank, says the bank saw the investment in NorthShore.Bank as a way to layer in additional security measures. So, while the bank had secured the dot-bank for months, the institution waited to roll out the extension until January, when it was launching other online updates.
Since then, customer reactions have been positive to the changes, but he says it’s hard to know if that’s specific to dot-bank, or an overhauled website. “We were doing a lot of things at the same time,” Rowan says.
Nothing prevents everything
Until dot-bank becomes more commonplace, some observers worry whether dot-bank will do the opposite of its intention.
“There’s a concern that consumers will think it’s a hoax,” said Jim Trautwein, senior director at Cornerstone Advisors, a banking consultancy firm.
The rebranding could also perplex customers who, say, have accounts with five different banks — only two of which use dot-bank extensions. Another consideration is whether the bank’s core technology vendor is using the extension. If not, the customer could see a dot-bank before he logs in to his account and a dot-com address after he logs in.
For all of these reasons, Trautwein thinks it will take time to realize the benefits.
“It has a lot of potential to ease consumers’ minds,” Trautwein says, “but only once it’s a standard — and it will take years to become a standard.”