Masters of Their Domain

Online banking fraud is rampant because it's easy. Here's a fix that will mean money in the bank.

Computer security is a complex issue, and there is no simple cure-all. But one thing that continues to baffle me is the way we bank online. Think about the Web address of your bank. It probably ends in one of the common top-level domains: ".com" if you're in the United States, or, depending on your home country, in something like ".uk," ".de," ".jp," or ".ru." Which is why Web sites with such names as "bankofamerica-online.com," "lloydstsb-banking.com," "hsbc-login.com," or "paypalaccount.com" are so dangerous. They may look like the real thing, but they're operated by criminals. And these rogue banking sites are popping up every day. Hosted on Web sites with misleading names that read like a real bank's Web address, the domains are registered with fake contact information. These impostors then bombard consumers with "phishing" e-mails, luring them to these sites, where their financial information is stolen.

How does this happen? At the moment, anyone willing to pay the fee of $5 or so can register any domain name they want, as long as the name is not already taken. So creating these look-alike pages is fast, easy, and cheap.

Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason -- something like ".bank," for example.

Computer security is a complex issue, and there is no simple cure-all. But one thing that continues to baffle me is the way we bank online. Think about the Web address of your bank. It probably ends in one of the common top-level domains: ".com" if you’re in the United States, or, depending on your home country, in something like ".uk," ".de," ".jp," or ".ru." Which is why Web sites with such names as "bankofamerica-online.com," "lloydstsb-banking.com," "hsbc-login.com," or "paypalaccount.com" are so dangerous. They may look like the real thing, but they’re operated by criminals. And these rogue banking sites are popping up every day. Hosted on Web sites with misleading names that read like a real bank’s Web address, the domains are registered with fake contact information. These impostors then bombard consumers with "phishing" e-mails, luring them to these sites, where their financial information is stolen.

How does this happen? At the moment, anyone willing to pay the fee of $5 or so can register any domain name they want, as long as the name is not already taken. So creating these look-alike pages is fast, easy, and cheap.

Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason — something like ".bank," for example.

Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn’t be just a few dollars: It could be something like $50,000 — making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.

The creation of a new domain for a specific industry is not unprecedented: We’ve already done it for museums, with their restricted ".museum" top-level domain. If we can manage to protect storehouses of precious works of art from the Internet’s most shameless thieves, surely we can find a way to protect our money.

See Also: Is It Time for the U.S. to Issue a Digital Dollar?

Mikko Hypponen is chief research officer at the Helsinki-based F-Secure Corp.

More from Foreign Policy

Oleg Salyukov salutes to soldiers during Russia’s Victory Day parade.
Oleg Salyukov salutes to soldiers during Russia’s Victory Day parade.

Stop Falling for Russia’s Delusions of Perpetual Victory

The best sources on the war are the Ukrainians on the ground.

A fire rages at the Central Research Institute of the Aerospace Defense Forces in Tver, Russia
A fire rages at the Central Research Institute of the Aerospace Defense Forces in Tver, Russia

Could Sabotage Stop Putin From Using the Nuclear Option?

If the West is behind mysterious fires in Russia, the ongoing—but deniable—threat could deter Putin from escalating.

China's Foreign Minister Wang Yi is received by his Kenyan counterpart, Raychelle Omamo, in Mombasa, Kenya.
China's Foreign Minister Wang Yi is received by his Kenyan counterpart, Raychelle Omamo, in Mombasa, Kenya.

While America Slept, China Became Indispensable

Washington has long ignored much of the world. Beijing hasn’t.

A bulldozer demolishes an illegal structure during a joint anti-encroachment drive conducted by North Delhi Municipal Corporation
A bulldozer demolishes an illegal structure during a joint anti-encroachment drive conducted by North Delhi Municipal Corporation

The World Ignored Russia’s Delusions. It Shouldn’t Make the Same Mistake With India.

Hindu nationalist ideologues in New Delhi are flirting with a dangerous revisionist history of South Asia.