FAQ
fTLD on Twitter

Top 10 QuestionsExpand Top 10

Why .BANK?

As a verified domain, exclusively for the banking community, .BANK is a more secure space for online banking and communication. A web or email address ending in .BANK quickly and easily confirms for customers and employees that they are communicating and transacting with your bank, and not a phisher or a spoofed site.  A .BANK domain is a visual cue anyone can look for and recognize, an online stamp of trust that will give your customers confidence in your online banking platform, and help protect your bank from bad actors collecting data for breaches, financial fraud and identity theft.

Can I redirect my current domain name to my .BANK domain name?

Yes, you can redirect traffic and emails from your .com (or other TLDs) to your .BANK domain name, enabling you to retain traffic and communication while you educate your customers about your move to a more secure domain. While there are many ways to redirect visitors to a .BANK domain name, an effective method to do this while maintaining your search engine ranking is by using the http ‘301 Moved Permanently’ response status code. Your .BANK domain name must meet the HTTPS requirement by having a public key certificate (e.g., TLS certificate) installed to secure the domain name. Registrants are reminded that .BANK is an HTTPS-only community and therefore any redirection must be made to the HTTPS version of the .BANK website.

Is there a way I can check to see if my .BANK domain name is in compliance with the Security Requirements?

fTLD has compiled a list of publicly available, free resources that can be helpful in understanding whether the implementation of a .BANK domain name addresses the defined requirements and it’s available here. Although these resources are useful, they are not exact checks against the requirements so you may still receive compliance notices even if these resources do not identify any issues. Registrants may email fTLD at compliance@fTLD.com to check the compliance status of a specific domain. fTLD will work with you and your Registrar to address compliance issues.

How do I implement the .BANK Security Requirements to move to my .BANK domain?

fTLD has developed an Implementation Hub to provide the necessary information, guides, resources and tools for implementing, testing, requesting assistance with and reporting on each of our Security Requirements. We also have guides for eligibility and planning & communications that many .BANK Registrants have found helpful in making the move to .BANK.

What are the Security Requirement in .BANK that make domain names more secure?

fTLD requires compliance with a set of Registrant Security Requirements that are not mandated by the operators of other commercially available gTLDs. Additionally, the fTLD Operations Pledge accessible here outlines the requirements we and our Registrars must follow to ensure the secure, stable and reliable operations of the .BANK domain.

How does the .BANK verification process work?

To ensure that registrations are made only to organizations that meet and maintain the eligibility requirements, fTLD performs verification upon the initial registration of a .BANK domain, annually thereafter and if certain registration information changes (e.g., Registrant Organization, Registrant Name, Registrant Email). fTLD’s Verification Process Overview is accessible here.

Where can I register my .BANK domain name?

Domain names must be registered with an fTLD-Approved Registrar for .BANK and the list is available here. Prospective Registrants must submit a verification application and be approved by fTLD to register a domain name.

How do I check on the availability of a domain name?

To determine if a domain name is available for registration, use the “Select My .BANK Domain” feature here.

I’ve never registered a .BANK domain name, what should I do?

This process can usually be completed within a few business days.

Step 1: Review the eligibility information here to confirm you qualify for .BANK.

Step 2: Check the availability of the domain name(s) you want with the “Select My .BANK Domain” feature and complete the verification application here to get verified and approved by fTLD.

Step 3: Upon approval you will be emailed a registration token. You must provide the token to your fTLD-Approved Registrar of choice, so they can complete the registration process. The list of Registrars is available here.

Step 4: Your Registrar will submit the domain registration request.

Step 5: fTLD reviews and approves the registration.

Questions about the verification application should be emailed to verify@fTLD.com.

Who is eligible for a .BANK domain name?

Only verified members of the global banking community are eligible to register domain names. For banks and savings associations it includes charter and supervision verification with the organization’s regulator. Please see the .BANK eligibility requirements here.

Eligibility

Who is eligible for a .BANK domain name?

Only verified members of the global banking community are eligible to register domain names. For banks and savings associations it includes charter and supervision verification with the organization’s regulator. Please see the .BANK eligibility requirements here.

Are bank holding or parent companies eligible to register a .BANK domain name?

Bank holding or parent companies that are supervised by a relevant government authority are considered service providers as they have been pre-approved by fTLD’s Board of Directors. Further details are provided in the Registrant Eligibility Policy’s Implementation Guidelines (page 4).

Are credit unions/associations eligible to register for a .BANK domain name?

Credit unions/associations in the United States do not meet the eligibility requirements for .BANK and may be interested in .CREDITUNION, which is operated by the Credit Union National Association (CUNA). As .BANK serves the global banking community, it is possible credit unions/associations located outside of the United States who are chartered and supervised as a bank by a government regulatory authority are eligible to register a .BANK domain name.

Are banks with “Trust” or “Thrift” or “Cooperative” in their name eligible for a .BANK domain name?

Having the word “Trust” or “Thrift” or “Cooperative” in the Registrant Organization name of a financial institution is not the deciding factor in determining eligibility. It is determined by whether the organization is a bank that is chartered and supervised by a government regulatory authority or other eligibility category as defined in the Registrant Eligibility Policy.

Registering A Domain Name

How do I check on the availability of a domain name?

To determine if a domain name is available for registration, use the “Select My .BANK Domain” feature here.

Where can I register my .BANK domain name?

Domain names must be registered with an fTLD-Approved Registrar for .BANK and the list is available here. Prospective Registrants must submit a verification application and be approved by fTLD to register a domain name.

Why isn’t my current Registrar on the list of fTLD-Approved Registrars?

All ICANN-accredited Registrars have the option to offer .BANK domain names. fTLD Registrars must comply with the requirements in the fTLD Operations Pledge accessible here that contribute to .BANK being a trusted, verified and more secure environment for domain name owners and their customers. As such, some Registrars may elect not to support the registration of .BANK domain names. It may also be that your Registrar hasn’t yet determined whether or not they will support .BANK. As new Registrars decide to support .BANK, fTLD will update the list of Approved Registrars. Check with your Registrar to see if they are in the process of adding .BANK registrations.

I’ve never registered a .BANK domain name, what should I do?

This process can usually be completed within a few business days.

Step 1: Review the eligibility information here to confirm you qualify for .BANK.

Step 2: Check the availability of the domain name(s) you want with the “Select My .BANK Domain” feature and complete the verification application here to get verified and approved by fTLD.

Step 3: Upon approval you will be emailed a registration token. You must provide the token to your fTLD-Approved Registrar of choice, so they can complete the registration process. The list of Registrars is available here.

Step 4: Your Registrar will submit the domain registration request.

Step 5: fTLD reviews and approves the registration.

Questions about the verification application should be emailed to verify@fTLD.com.

I already have a .BANK domain name and would like to register more, what should I do?

Existing Registrants must first complete a new verification application available here each time additional names are registered. Upon approval you will be emailed a registration token. You must provide the token to your Registrar so they can complete the registration process for you.

Since we already have a .COM address, are we automatically entitled to register the same domain name in .BANK?

No, domain names are initially awarded on a first-come, first-served basis; there is no preference given to those that currently have a specific name in another TLD. Given .BANK is available to eligible members of the global banking community, there could be an organization with a domain name similar to yours that currently uses another TLD such as .NET, .CO, .UK, .FR, or .JP.

Is having a registered trademark a requirement to register a .BANK domain name?

No, this is not necessary. Your organization may, for example, have a common law right arising from the actual use of a trademark and this is sufficient for registering a domain name. If fTLD is unable to verify your right to register a specific .BANK domain name we will contact you and request additional materials to confirm eligibility for the domain such as proof of use of the mark.

Is there any limit on the number of domain names I can register?

No, you may register as many domain names as you like.

Can I register any domain name I want if I am an eligible Registrant?

You can register any domain name that corresponds to your company’s trademarks, trade names or service marks, provided it is not an fTLD or ICANN reserved name. For guidance on selecting domain names, please see the .BANK Name Selection Policy accessible here and/or contact fTLD@fTLD.com.

What if I want to register a domain name in .BANK associated with the geographic community (e.g., city, county, region, state) or area (e.g., New England, southern, midwest) my organization serves?

The domain name must correspond to your trademark, trade name or service mark as described in the Name Selection Policy. If the legal name of your organization does not include the geographic identifying domain name being sought, fTLD may require documentation to verify your organization’s right(s) to the generic geographic domain name to protect the interests of the global banking community who may have one or more members with a legitimate right(s) to the domain name being sought.

What if I want to register a name fTLD has reserved in .BANK?

fTLD reserved names are comprised of Common Community, Generic names and State Names of the United States, which are identified on the associated Reserved Names lists accessible here. If you believe your organization is eligible to register a name on one of these lists (i.e., you believe a name on fTLD’s Reserved Names list corresponds to your trademark, trade name or service mark), please see fTLD’s Reserved Names Challenge Policy accessible here, and review the Reserved Names Challenge information accessible here.

The outcome of a successful challenge to a name on fTLD’s Reserved Names list is the removal of the name from the respective Reserved Names list. A successful challenge does not result in the requestor being awarded the name, but rather gives them an opportunity to compete to receive it. fTLD will allocate the name via one or more of the allocation mechanisms listed in the Name Allocation Policy. A Reserved Name allocation will not take place until all fTLD-Approved Registrars have been provided notification of the change to the respective Reserved Names list.

Are there any premium domain names in .BANK?

Yes, all single-character names (e.g., 1.BANK), most two-letter names (e.g., AB.BANK), and names fTLD has reserved for its potential use, indicated in bold on the list of Generic names, are identified as premium and subject to premium pricing. To determine if a domain name is available for registration as a premium name, use the “Select My .BANK Domain” feature here.

Verification

How does the .BANK verification process work?

To ensure that registrations are made only to organizations that meet and maintain the eligibility requirements, fTLD performs verification upon the initial registration of a .BANK domain, annually thereafter and if certain registration information changes (e.g., Registrant Organization, Registrant Name, Registrant Email). fTLD’s Verification Process Overview is accessible here.

Is the .BANK verification by fTLD the same as the annual Whois verification required by ICANN?

No, the verification process is mandated for all .BANK registrations.

In contrast, the Whois verification process is required by ICANN to be conducted annually by Registrars to confirm accurate contact information. Registrars are required to contact their Registrants to conduct this verification.

Registrants may risk having their domain name suspended or cancelled for failure to respond to either type of verification request. If you want to confirm whether the request is legitimate, please contact fTLD at verify@fTLD.com.

How long does the domain name verification and/or registration take?

For new Registrants, the verification process is usually completed in a few business days, and upon its completion, the registration process is a matter of a couple of business days from submission by your Registrar to fTLD’s approval. For existing Registrants, the verification is usually completed more quickly. However, because the verification process requires email and/or telephone contact with the Registrant’s organization to verify certain information (i.e., the requestor is a full-time employee of the company and is authorized to make registrations on their behalf), it may take longer to complete. Registrants can expedite verification by ensuring that all individuals that may be contacted are aware of the need to respond to these requests as quickly as possible.

My country does not have a specific license or charter document that is provided to us as a separate document. If this is requested by fTLD, what should we send?

fTLD recognizes that different countries may have differing regulations regarding bank licensure/certification and will accept other materials applicable to a bank’s specific country of charter and supervision by a government regulatory authority.

What information is checked during the verification process?
  1. Security Check: fTLD will verify the Registrant Contact and Registrant Organization against government and restricted lists/blacklists.
  2. Registrant Organization Eligibility: fTLD will verify the Registrant Organization is eligible as defined in the Registrant Eligibility Policy. New Registrants should be prepared to provide applicable copies of confirming documentation such as Charters, Articles of Incorporation or Certifications of Formation, if requested.
  3. Registrant Organization Address: fTLD will verify the address is valid for the Registrant Organization. This is performed using government/regulatory authority resources or other qualified third-party references (e.g., Dun and Bradstreet).
  4. Name Selection: fTLD will verify the domain name(s) complies with the Name Selection Policy.
  5. Registrant Contact Employment and Authority: fTLD will verify the Registrant Contact is a full-time, non-contracting employee of the Registrant Organization and is authorized to request domain name(s) on its behalf. This confirmation via email and/or telephone must be made by one of the following: the direct manager of the Registrant Contact, the department manager/director/lead of the Registrant Contact, an officer or executive of the Registrant Organization, or an HR representative of the Registrant Organization.
I have been notified that my domain name is pending verification. What should I do?

fTLD uses information provided by you to confirm your eligibility for a domain name. fTLD will contact you via email or telephone if specific additional information is needed. It is important that you respond to fTLD’s request(s) promptly as your domain name cannot be registered until the verification process is completed and you have been provided a registration token. Registrants should respond promptly to all verification requests from fTLD, and failing to respond could result in rejection of your application or inactivation of your domain name. Any questions you have about the verification process should be sent to verify@fTLD.com.

Is the Registrant Contact in WHOIS allowed to be a role-based designation instead of a natural person?

In line with ICANN policy, fTLD allows role-based designations for the Registrant Contact Name and role email accounts for the Registrant Email. However, a specific individual’s name must be provided to fTLD for the verification process. This individual must be a full-time employee and authorized to register domains for the Registrant Organization. The verification application permits you to provide both the individual’s name and the role-based name.

When does fTLD re-verify eligibility for a .BANK domain name?

To ensure Registrants maintain eligibility for their domain name(s), fTLD conducts annual verifications or when certain registration information changes (e.g., Registrant Organization, Registrant Name, Registrant Email).

Security

What are the Security Requirement in .BANK that make domain names more secure?

fTLD requires compliance with a set of Registrant Security Requirements that are not mandated by the operators of other commercially available gTLDs. Additionally, the fTLD Operations Pledge accessible here outlines the requirements we and our Registrars must follow to ensure the secure, stable and reliable operations of the .BANK domain.

Can Security Requirements change? If so, how are these changes made and how will Registrars and Registrars know about them?

Yes, Security Requirements can change. The Security Requirements specify that fTLD will periodically review and amend the requirements to respond to changing needs in security or the community. The amendment process includes a review by fTLD’s Security Requirements Working Group (SRWG) and consideration and approval of its recommendations by fTLD’s Board of Directors. Any approved changes to the requirements will be communicated directly to Registrars and broadly announced to stakeholders via information posted to fTLD’s websites as well as other means for sharing such details. Adequate notification to stakeholders and time for implementation is provided when changes are required to processes and technical infrastructure by new or modified requirements. Please contact fTLD at fTLD@fTLD.com if you would like to participate in future efforts of the Security Requirements Working Group.

Who is responsible for enforcing the Security Requirements and Policies in .BANK?

fTLD is ultimately responsible for enforcing all of the requirements and policies in .BANK. Registrars will also play a role in enforcement as they have the direct relationship with the Registrant. fTLD always retains the right to take action if the Registrar fails to do so.

Is there a way I can check to see if my .BANK domain name is in compliance with the Security Requirements?

fTLD has compiled a list of publicly available, free resources that can be helpful in understanding whether the implementation of a .BANK domain name addresses the defined requirements and it’s available here. Although these resources are useful, they are not exact checks against the requirements so you may still receive compliance notices even if these resources do not identify any issues. Registrants may email fTLD at compliance@fTLD.com to check the compliance status of a specific domain. fTLD will work with you and your Registrar to address compliance issues.

Can my organization host a .BANK website without encryption?

No, .BANK is an HTTPS-only community to support privacy and integrity of web and other services by default. As .BANK is on the HSTS preload list, websites that are not HTTPS compliant will not be accessible via browsers (like Chrome). As a global HSTS security policy becomes increasingly common, additional browsers are expected to block sites that are not HTTPS compliant.

What is a Proxy/Privacy Registration Service and why is it prohibited?

Proxy/Privacy Registration Services are used to conceal the true identity of the domain name owner and their contact information. fTLD prohibits this practice as it makes it difficult to identify and contact a Registrant that is alleged to be using their domain name for practices that are in violation of fTLD’s Acceptable Use / Anti-Abuse Policy accessible here.

What happens if my activated .BANK domain name is not in compliance with fTLD’s Policies or Requirements?

fTLD is monitoring all domain names for compliance with the Policies and Requirements. fTLD will notify Registrars/Registrants of domain names that are not in compliance and failure of the Registrar/Registrant to provide a timely response and a remediation plan to fTLD can result in the domain name being removed from the .BANK zone or more significant actions.

Implementation

How do I implement the .BANK Security Requirements to move to my .BANK domain?

fTLD has developed an Implementation Hub to provide the necessary information, guides, resources and tools for implementing, testing, requesting assistance with and reporting on each of our Security Requirements. We also have guides for eligibility and planning & communications that many .BANK Registrants have found helpful in making the move to .BANK.

Once I move to our .BANK domain name, what do I do with my existing domain?

You can continue using your current domain name (e.g., .com), and once you have your .BANK domain in place you can redirect your traffic and emails to your new .BANK site and email address. Maintaining your original domain and redirecting to your .BANK domain will allow you to retain all customer traffic and communication while educating them about your move to a more secure domain. You can redirect your old domain indefinitely, though some banks deactivate the old domain when traffic to them becomes minimal.

Can I redirect my current domain name to my .BANK domain name?

Yes, you can redirect traffic and emails from your .com (or other TLDs) to your .BANK domain name, enabling you to retain traffic and communication while you educate your customers about your move to a more secure domain. While there are many ways to redirect visitors to a .BANK domain name, an effective method to do this while maintaining your search engine ranking is by using the http ‘301 Moved Permanently’ response status code. Your .BANK domain name must meet the HTTPS requirement by having a public key certificate (e.g., TLS certificate) installed to secure the domain name. Registrants are reminded that .BANK is an HTTPS-only community and therefore any redirection must be made to the HTTPS version of the .BANK website.

Can I redirect my .BANK domain name to my current domain name (e.g., .com)?

Yes, provided your .BANK domain name meets the HTTPS requirement you may redirect to your current domain. Organizations that redirect from .BANK to non-.BANK domain names are strongly encouraged to inform visitors of this action via an explicit message to avoid confusion and to assure that visitors understand they are leaving a .BANK domain name. Registrants are reminded that .BANK is an HTTPS-only community and therefore any redirection must be made from the HTTPS version of the .BANK website.

What is the reason there are use restrictions imposed on my .BANK domain name?

As noted in fTLD’s Acceptable Use / Anti-Abuse Policy accessible here and the Implementation Guidelines annexed to the .BANK Registrant Eligibility Policy accessible here, fTLD may impose additional use restrictions, at any time, on a Registrant’s use of a domain name to protect the integrity of the .BANK gTLD and the community that it serves. fTLD will communicate any use restrictions on a .BANK domain name to the Registrant before approving the initial registration request or at any time during the term of the registration of the .BANK domain name, which must be accepted and complied with in order to maintain the registration.

Can I provide access to third-party content on my .BANK domain name?

Yes, this activity is permitted.

Costs

What does a .BANK domain name cost to register and why is it more expensive than my current domain name?

fTLD charges the same base price to Registrars for all .BANK domains, which cover operating expenses such as the verification process, and monitoring of Security Requirements for .BANK. Premium domains have a different base price. In addition, Registrars may include services and/or have their own operational expenses included in the final retail price of your .BANK domain name.

Is there a difference in the cost between standard and premium domain names?

Yes, there is a difference in cost and Registrants should consult with their Registrar for this information.

Are there other costs associated with using my .BANK domain name?

There will be other costs to your organization associated with the implementation of the Security Requirements. For example, complying with the DNSSEC, TLS, and name server requirements may require additional support and/or services from your Registrar, core processor, hosting provider, DNS provider, etc. As you consider which Registrar to use, you should ask about their ability to support the Security Requirements and the associated costs. See fTLD’s Third-Party Provider Program for who can  assist you with meeting the requirements.

General Information

Why .BANK?

As a verified domain, exclusively for the banking community, .BANK is a more secure space for online banking and communication. A web or email address ending in .BANK quickly and easily confirms for customers and employees that they are communicating and transacting with your bank, and not a phisher or a spoofed site.  A .BANK domain is a visual cue anyone can look for and recognize, an online stamp of trust that will give your customers confidence in your online banking platform, and help protect your bank from bad actors collecting data for breaches, financial fraud and identity theft.

Where can I find all the .BANK Policies mentioned in this FAQ?

All fTLD Policies for .BANK are located here.

What is gTLD?

gTLD – or generic Top-Level Domain – refers to the letters to the right of the dot at the end of an internet web address. Examples of gTLDs are .BANK, .COM, .ORG and .NET.

What is fTLD?

fTLD Registry Services, LLC was formed in 2011 by a coalition of banks, insurance companies and financial services trade associations from around the world. In 2012, fTLD submitted community-based applications to the Internet Corporation for Assigned Names and Numbers (ICANN) for the .BANK and .INSURANCE gTLDs. fTLD launched .BANK in May 2015 and .INSURANCE in May 2016.

What is ICANN?

The Internet Corporation for Assigned Names and Numbers, or ICANN, is an oversight body responsible for the stability and unification of the internet. Its key responsibilities include policy development for existing and new generic Top-Level Domains (gTLDs). In June 2011, ICANN’s board of directors authorized the launch of the New gTLD Program. The program’s goals include enhancing competition and consumer choice, and enabling the benefits of innovation via the introduction of new gTLDs.

Trademarks

What is the Trademark Clearinghouse (TMCH)?

ICANN’s TMCH is a global repository for trademark data. Designed to meet global needs for the domain name system, the TMCH verifies trademark data worldwide and maintains a database with the verified trademark records. The TMCH is not a trademark office; it is a centralized database of verified trademarks.

There is a cost to use the TMCH. Learn more at the Trademark Clearinghouse website.

Why would I want to register our trademarks in the Trademark Clearinghouse (TMCH)?

The Trademark Claims period initially ran for the first 365 days of General Availability and has been extended several times. To check the date the period will close, search for .BANK here. During the Trademark Claims period, anyone attempting to register a domain name matching a mark that is recorded in the TMCH will receive a notification displaying the relevant mark information.

If the notified party registers the domain name, the TMCH will send a notice to those trademark holders with matching records in the TMCH, informing them that someone has registered the domain name.

What trademarks does the Trademark Clearinghouse (TMCH) accept?

The TMCH will accept and verify registered trademarks, marks protected by statute or treaty or court validated marks as well as any other marks that constitute Intellectual Property (IP) rights that meet the eligibility requirements of the TMCH. Learn more about accepted marks at the Trademark Clearinghouse website.

(rev. 2018.04.02)
TOP