.bank proposal gets lukewarm reception
- 12 July, 2007 08:42
Australian banks are lukewarm about a domain name proposal which aims to cut down on data phishing.
Finnish company F-Secure believes introducing a .bank Web domain would help strengthen Australia's banking industry against fraudsters.
The idea is that banks would register their name to a .bank address for a lot more money than is entailed by a regular .com domain address. F-Secure has suggested a number over $50,000, compared to the sub $100 required to register a .com.
Immediately this would deter a number of fraudsters whose customary tactic is to buy a cheap domain address similar to the bank's one and then go about masquerading as that bank to lure customers.
Raising the price threshold to become a .bank addressee would go some way to stamping out that tactic, claims Patrik Runald, senior security specialist at F-Secure.
In addition, F-Secure proposes that a top level organization be created to scrutinize the screening process. Banks would need to prove they are who they say they are, which would provide yet another level of security to ward off fraudsters.
"I think it is an excellent suggestion. I am not sure it will solve all the problems but will help us go a long way in making us confident in the domain name system", said Graham Ingram, GM of AusCERT.
"It is not the magic bullet, but it will scare the bad guys away," said Runald.
Runald said he knows of at least one country that is taking its own initiative. NIC.br, the Brazilian company that manages the .br top level domain (TLD) has created a "b.br" domain which is only for banks and that will be protected by DNSSEC."
"However, even if ICANN wouldn't do anything globally it would be interesting to see if countries would do something locally, just like Brazil. For example, create a ".bank.au" domain for local banks in Australia and ".bank.sg" for Singapore etc."
Word from Australian banks, however, is less than enthusiastic.
"NAB isn't convinced that this proposal would be effective for two main reasons: Studies suggest that consumers don't necessarily differentiate between a legitimate dot com and one that isn't legitimate; and the proposal also doesn't address the question of Trojans as opposed to fake URLs," said a National Australia Bank spokeswoman.
She went on to cite the NAB's strategies for helping to protect their customers from online fraud.
"More than 270,000 NAB customers now use our SMS Payment Security service, which is a form of second factor authentication. We also provide our customers with access to discounted security software through two suppliers (a link to the media release is included) and employ a number of measures behind the scenes including having an employee seconded to the Australia High Tech Crime Centre."
Other banks, including Westpac, BankWest, St George and the ANZ were contacted for this story but provided no comment.
(Additional reporting by Howard Dahdah)