.BANK Frequently Asked Questions

In 2008, ICANN approved the program to open up the Internet to thousands of new gTLDs in addition to existing ones such as .COM and .ORG. In response to the expansion and in recognition of what this could mean to financial institutions, their customers and Internet users, a coalition of banks, insurance companies and financial services trade associations partnered to establish fTLD Registry Services (fTLD) in order to apply for and operate the .BANK and .INSURANCE gTLDs on behalf of the global banking and insurance communities. fTLD was granted the right to operate .BANK on Sept. 25, 2014, and its application for .insurance is in the contracting phase with ICANN.

The following information is for organizations seeking to register domain names in .BANK. fTLD will post information about .INSURANCE when it is available.

In the domain name industry organizations and individuals that register domains are called registrants.

Why .BANK?

.BANK will be a protected, trusted, more secure and easily identifiable space on the Internet for the global banking communities and the customers it serves. The .BANK gTLD will have enhanced Security Requirements that exceed that of most existing and new gTLDs. In addition, it opens up much needed real estate on the Internet, providing new marketing and branding opportunities.

Who is eligible for a .BANK domain?

Only verified members of the global banking community are eligible to register domains. For banks it will include charter verification by the registrant’s regulator.

    1. State, regional and provincial banks that are chartered and supervised by a government regulatory authority;
    2. Savings associations that are charted and supervised by a government regulatory authority;
    3. National banks that are chartered and supervised by a government regulatory authority;
    4. Associations whose members are primarily comprised of entities identified above;
    5. Groups of associations whose members are primarily comprised of associations identified above;
    6. Service providers that are principally owned by or predominantly supporting regulated entities identified above. (if approved by the Registry Operator Board); and
    7. Government regulators of chartered and supervised banks or savings associations or organizations whose members are primarily comprised of such government regulators (if approved by the Registry Operator Board).

Please see the .BANK Registrant Eligibility Policy for complete eligibility requirements.

Can I buy any domain I want if I am an eligible registrant?

You can only purchase domains that correspond to your company’s trademarks, trade names or service marks. For guidance on selecting domains, please see the .BANK Name Selection Policy for more information.

Why is .BANK more expensive than my current domain name?

fTLD’s commitment to operating .BANK in a protected, trusted and more secure manner means its operational costs are significantly greater than traditional domains. For example, the verification and re-verification processes that will be conducted by Symantec to ensure registrations are only made to qualified entities is an expensive, multi-step process. Additionally, some of the enhanced security requirements that Verisign will support result in greater costs to fTLD. Finally, as compliance with all requirements is critical to ensuring the security, stability and resiliency of .BANK, monitoring and detection systems will be employed and they too result in increased operational expenses for fTLD.

Since we already have a .COM address, are we automatically entitled to register the same name in .BANK?

No. Domain names will be awarded on a first-come, first-served basis. If you own the trademark on the name to the left of your .COM address, you may register the trademark with ICANN’s Trademark Clearinghouse and apply for the .BANK version of that domain name during the Sunrise period.

What information is required to register a .BANK domain?

Registrants must provide the following information:

  • Legal Name of the Eligible Registrant (the organization name)
  • Registrant Contact Name
  • Registrant Contact Address (Street, City, State/Province/Region, Postal Code)
  • Registrant Contact Email Address
  • Registrant Contact Telephone Number
  • Government Regulatory Authority (if applicable)
  • Regulatory ID Number (if applicable)

Note: the Registrant Contact must be a full-time employee of the Registrant and cannot be a contract employee.

Registrars may request additional information such as a human resources contact name and telephone number who can verify the employment information of the Registrant Contact and the name and contact information for someone who can verify that the Registrant Contact is authorized to register the domains requested. The additional contact information is not required, but will expedite the verification process for your domains as will providing the Government Regulatory Authority and Regulatory ID Number.

How does the .BANK verification process work?

fTLD has contracted with Symantec to ensure that registrations are made only with organizations that meet the eligibility requirements and verification is performed at the time of initial registration and at each renewal or every two years, whichever comes first.

Who is Symantec and why are they involved in the verification process? I thought verification was being handled by fTLD?

fTLD is responsible for approving requests for domains in .BANK. fTLD has contracted with Symantec to serve as its Registry Verification Agent. Symantec is responsible for reviewing the information provided by the registrar/registrant and providing a recommendation to fTLD to approve or deny a request. fTLD makes the final decision.

Symantec is a global leader in security, backup and availability solutions. The use of a third-party in the verification process ensures an impartial and expert entity for the initial examination of eligibility for registration of each registrant and provides registrants with global support in this important process.

My country does not have a specific license or charter document that is provided to us as a separate document. If this is requested by Symantec, what should we send?

Symantec understands that different countries have different regulations regarding bank certification and will accept other materials applicable to your specific locale.

What information is checked during the verification process?

  1. Security Check – To support compliance with applicable local and international laws, every application will undergo a security check to ensure that Symantec does not approve any organizations or persons found on any government and/or Symantec-maintained restricted lists/black lists or lists provided by fTLD.
  2. Organization, Jurisdiction, and Banking Credentials Verification – Symantec will verify that the registrant is a registered and active organization in a jurisdiction appropriate to its business location and has valid credentials proving that it meets the requirements of the .BANK Registrant Eligibility Policy.
  3. Verification of Domain Name Selection – Symantec will verify that the applied-for domain names meet the requirements of the .BANK Name Selection Policy.
  4. Verification of Physical Address – Symantec will verify the address listed in the application as a valid address for the registrant organization using Symantec approved databases.
  5. Verification of Telephone Number – Symantec will verify the registrant organization’s telephone number using Symantec approved databases.
  6. Registrant Contact Employment – Symantec will initiate telephony contact to verify with registrant organization’s human resources (or appropriate department) that the registrant organization’s contact person is a full-time/non-contracting employee of the organization.
  7. Registrant Contact Authority – Symantec will initiate telephony contact to identify the Registrant Contacts manager within the registrant organization with Human Resources (or appropriate department) and contact this person to confirm that the registrant contact is authorized to request domains on behalf of the organization.

How long does the domain registration and verification take?

Verification is initiated as soon as your registration is processed by your registrar and approval is generally expected to conclude within days or less of the request. However, because the verification process requires telephone contact with the registrant’s organization to verify certain information (i.e., the requestor is a full-time employee of the company and it authorized to make registrations on their behalf), the verification make take longer to complete. Registrants can expedite verification by ensuring that all individuals that may be contacted are aware of the need to respond to these requests as quickly as possible.

I have been notified that my domain is pending verification from Symantec. What should I do?

Symantec is the verification service provider for the .BANK domain. Symantec uses information provided by you to your registrar during registration to confirm your eligibility for a domain. Symantec will contact you via email or telephone if specific additional information is needed. It is important that you respond to their request(s) promptly as your domain is not registered until the verification process is complete. Information about how to contact Symantec is provided on emails that you receive from them or can be located at www.symantec.com/support. If you have questions about the status of your registration, please contact your registrar.

I am renewing my .BANK domain and I have been notified that my name is being re-verified. I haven’t changed anything so why is my information being checked again?

Part of the security requirements for .BANK is to periodically reconfirm that each registration continues to have accurate registration information. fTLD checks each time a domain is renewed that all of the information is still accurate and that the registrant is still eligible for that .BANK domain. A complete re-verification will be done, including contacting the registrant organization to confirm the contact’s eligibility as a contact and their authority to register domain names.

I registered my domain for five years and haven’t changed any information. It is now two years into the registration and I got a notification that my domain is being re-verified. What triggered this review?

Part of the security requirements for .BANK is to periodically reconfirm that each registration continues to have accurate registration information. It is possible that registration data and/or eligibility may change over time. In the case of registration terms beyond two years, it’s important that fTLD ensures the registration continues to comply with .BANK eligibility requirements. A complete re-verification will be done, including contacting the registrant organization to confirm the contact’s eligibility as a contact and their authority to register domain names.

Is the .BANK verification by Symantec the same as the annual Whois verification required by ICANN?

No. The verification process facilitated by Symantec is the process that fTLD has mandated for all .BANK registrations.

In contrast, the Whois verification process is required by ICANN to be conducted annually by registrars and the purpose is to confirm accurate contact information. Registrars are required to contact their registrants to conduct this verification and a positive confirmation of details is required. Registrants may risk having their domain suspended or cancelled for failure to respond to this verification request.

Registrants should respond promptly to all requests related to verification from fTLD, Symantec and their registrar, and failing to respond could result in rejection of your registration or inactivation of your domain. If you want to confirm whether the request is legitimate, contact the requesting verification entity directly with the identifying information provided.

What are the registration periods in .BANK?

General Availability: For eligible members of the global banking community to register domains.

Once I register our .BANK domain, do I immediately need to stop using my current domain name?

No. You can continue using your current domain.

If you plan to activate your .BANK domain, you can use the .BANK Transition Guide (Guide) to help you plan the use of your .BANK domain. You may also want to consider initiating a plan for your transition to your .BANK domain as soon as you know what new .BANK domain you will be using. The Guide is currently under development and will be available soon. Once the Guide is available, you should have the information you need to plan the details for using your .BANK domain.

How does my organization transition our website and other services to our .BANK domain?

Although there are additional steps to using your .BANK domain for your website, email and other services, there are specific steps that need to be taken to complete the process for each service. fTLD is developing a .BANK Transition Guide (Guide) that will provide information about these steps that are needed to take advantage of the protected, trusted, more secure and easily identifiable environment provided with a .BANK domain.

Your registrar or core service provider may already be working with you to develop a transition plan addressing the tasks identified in the Guide. If not, contact them to see how they can assist your transition or contact fTLD@fTLD.com if you have additional questions.

What are the enhanced Security Requirements in .BANK?

fTLD requires compliance with a set of requirements that are not currently mandated by the operators of other commercially available gTLDs, including:

  • Mandatory Verification of Charter/Licensure for Regulated Entities ensures that only legitimate members of the global banking community are awarded domain names.
  • Mandatory Re-verification of Registration Data every two years or at domain renewal, whichever comes first, ensures ongoing eligibility for domain names.
  • Domain Name System Security Extensions (DNSSEC) ensures that Internet users are landing on participants’ actual websites and not being misdirected to malicious ones. fTLD will require that all domain levels, from fTLD as the top-level registry operator to your entity as the registrant, utilize DNSSEC for domains that resolve on the Internet.
  • Email Authentication to mitigate spoofing, phishing and other malicious activities propagated through emails to unsuspecting users.
  • Multi-Factor Authentication to ensure that any change to registration data is made only by authorized users of the registered entity.
  • Enhanced Encryption to ensure security of communication over the Internet to prevent eavesdropping, data tampering, etc.
  • Prohibition of Proxy/Privacy Registration Services to ensure full disclosure of domain registration information so bad actors cannot hide.

What is a Proxy/Privacy Registration Service and why is it prohibited?

Proxy/Privacy Registration Services are used to conceal the true identity of the domain name owner and their contact information. fTLD does not support this practice as it makes it difficult to identify and contact a registrant that is alleged to be using their domain for practices that are in violation of fTLD’s Acceptable Use / Anti-Abuse Policy.

Do any of the fTLD enhanced Security Requirements apply to registrants?

Yes, there are some additional requirements for registrants that are included in your registration agreement with your .BANK registrar. The following enhanced Security Requirements should be reviewed: 13, 15, 23, 24, 25, 26, 27, 28, and 29.

Who is responsible for enforcing the enhanced Security Requirements and Policies in .BANK?

fTLD and in some cases its Registry Service Provider, Verisign, will be responsible for monitoring compliance with the relevant requirements. Registrars will play a role in enforcement as they have the direct relationship with the registrant. fTLD always retains the right to take action if the registrar fails to do so.

Where can I find all the Policies mentioned in this FAQ?

All fTLD Policies are located here.

What is gTLD?

gTLD – or generic top-level domain – refers to the letters to the right of the dot at the end of a web address. Common gTLDs are .COM, .ORG, .NET

What is fTLD?

fTLD Registry Services, LLC was formed in 2011 by a coalition of banks, insurance companies and financial services trade associations from around the world. In 2012, fTLD submitted community-based applications to the Internet Corporation for Assigned Names and Numbers (ICANN) for the .BANK and .INSURANCE gTLDs. fTLD was granted the right to operate .BANK on September 25, 2014, and its application for .INSURANCE is in the contracting phase with ICANN.

What is ICANN?

The Internet Corporation for Assigned Names and Numbers, or ICANN, is an oversight body responsible for the stability and unification of the Internet. Its key responsibilities include policy development for existing and new generic Top-Level Domains (gTLDs). In June 2011, ICANN’s board of directors authorized the launch of the New gTLD Program. The program’s goals include enhancing competition and consumer choice, and enabling the benefits of innovation via the introduction of new gTLDs.