A prominent security researcher has called for a sweeping solution to the growing problem of online banking fraud: the creation of a top-level domain reserved for banks.
In the current issue of Foreign Policy magazine, Mikko Hypponen, chief research officer of F-Secure, said there's no reason why banks should continue to operate under standard top-level domains such as .com and .co.uk.
"Websites with such names as 'bankofamerica-online.com', 'lloydstsb-banking.com', 'hsbc-login.com', or 'paypalaccount.com'... look like the real thing, but they’re operated by criminals," Hypponen said.
"And these rogue banking sites are popping up every day. At the moment, anyone willing to pay the fee of $5 or so can register any domain name they want, as long as the name is not already taken."
Hypponen argued a simple solution would be to create a specialised top-level domain for banks, such as museums already have, in the form of .museum, and which the porn industry has been trying to create for itself with the .xxx suffix.
"The Internet Corporation for Assigned Names and Numbers (ICANN).... should create a new, secure domain just for this reason - something like '.bank', for example," Hypponen said.
Besides restricting who can sign up for the top-level domain, ICANN could attach a high price tag to the process, Hypponen said.
"The price for the domain wouldn’t be just a few dollars: It could be something like $50,000 - making it prohibitively expensive to most copycats," he said. "Banks would love this. They would move their existing online banks under a more secure domain in no time."
With other industries such as museums getting their own specialised domains, it's time for the financial industry to follow suit, Hypponen argued.
"If we can manage to protect storehouses of precious works of art from the internet's most shameless thieves, surely we can find a way to protect our money," he said.