As a verified domain, exclusively for the banking community, .BANK is a more secure space for online banking and communication. A web or email address ending in .BANK quickly and easily confirms for customers and employees that they are communicating and transacting with your bank, and not a phisher or a spoofed site. A .BANK domain is a visual cue anyone can look for and recognize, an online stamp of trust that will give your customers confidence in your online banking platform, and help protect your bank from bad actors collecting data for breaches, financial fraud and identity theft.
Yes, you can redirect traffic and emails from your .com (or other TLDs) to your .BANK domain name, enabling you to retain traffic and communication while you educate your customers about your move to a more secure domain. While there are many ways to redirect visitors to a .BANK domain name, an effective method to do this while maintaining your search engine ranking is by using the http ‘301 Moved Permanently’ response status code. Your .BANK domain name must meet the HTTPS requirement by having a public key certificate (e.g., TLS certificate) installed to secure the domain name. Registrants are reminded that .BANK is an HTTPS-only community and therefore any redirection must be made to the HTTPS version of the .BANK website.
fTLD has compiled a list of publicly available, free resources that can be helpful in understanding whether the implementation of a .BANK domain name addresses the defined requirements and it’s available here. Although these resources are useful, they are not exact checks against the requirements so you may still receive compliance notices even if these resources do not identify any issues. Registrants may email fTLD at compliance@fTLD.com to check the compliance status of a specific domain. fTLD will work with you and your Registrar to address compliance issues.
fTLD has developed an Implementation Hub to provide the necessary information, guides, resources and tools for implementing, testing, requesting assistance with and reporting on each of our Security Requirements. We also have guides for eligibility and planning & communications that many .BANK Registrants have found helpful in making the move to .BANK.
fTLD requires compliance with a set of Registrant Security Requirements that are not mandated by the operators of other commercially available gTLDs. Additionally, the fTLD Operations Pledge accessible here outlines the requirements we and our Registrars must follow to ensure the secure, stable and reliable operations of the .BANK domain.
To ensure that registrations are made only to organizations that meet and maintain the eligibility requirements, fTLD performs verification upon the initial registration of a .BANK domain, annually thereafter and if certain registration information changes (e.g., Registrant Organization, Registrant Name, Registrant Email). fTLD’s Verification Process Overview is accessible here.
To determine if a domain name is available for registration, use the “Select My .BANK Domain” feature here.
This process can usually be completed within a few business days.
Step 1: Review the eligibility information here to confirm you qualify for .BANK.
Step 2: Check the availability of the domain name(s) you want with the “Select My .BANK Domain” feature and complete the verification application here to get verified and approved by fTLD.
Step 3: Upon approval you will be emailed a registration token. You must provide the token to your fTLD-Approved Registrar of choice, so they can complete the registration process. The list of Registrars is available here.
Step 4: Your Registrar will submit the domain registration request.
Step 5: fTLD reviews and approves the registration.
Questions about the verification application should be emailed to verify@fTLD.com.
Only verified members of the global banking community are eligible to register domain names. For banks and savings associations it includes charter and supervision verification with the organization’s regulator. Please see the .BANK eligibility requirements here.
Only verified members of the global banking community are eligible to register domain names. For banks and savings associations it includes charter and supervision verification with the organization’s regulator. Please see the .BANK eligibility requirements here.
Bank holding or parent companies that are supervised by a relevant government authority are considered service providers as they have been pre-approved by fTLD’s Board of Directors. Further details are provided in the Registrant Eligibility Policy’s Implementation Guidelines (page 4).
Credit unions/associations in the United States do not meet the eligibility requirements for .BANK and may be interested in .CREDITUNION. As .BANK serves the global banking community, it is possible credit unions/associations located outside of the United States who are chartered and supervised as a bank by a government regulatory authority are eligible to register a .BANK domain name.
Having the word “Trust” or “Thrift” or “Cooperative” in the Registrant Organization name of a financial institution is not the deciding factor in determining eligibility. It is determined by whether the organization is a bank that is chartered and supervised by a government regulatory authority or other eligibility category as defined in the Registrant Eligibility Policy.
To determine if a domain name is available for registration, use the “Select My .BANK Domain” feature here.
All ICANN-accredited Registrars have the option to offer .BANK domain names. fTLD Registrars must comply with the requirements in the fTLD Operations Pledge accessible here that contribute to .BANK being a trusted, verified and more secure environment for domain name owners and their customers. As such, some Registrars may elect not to support the registration of .BANK domain names. It may also be that your Registrar hasn’t yet determined whether or not they will support .BANK. As new Registrars decide to support .BANK, fTLD will update the list of Approved Registrars. Check with your Registrar to see if they are in the process of adding .BANK registrations.
This process can usually be completed within a few business days.
Step 1: Review the eligibility information here to confirm you qualify for .BANK.
Step 2: Check the availability of the domain name(s) you want with the “Select My .BANK Domain” feature and complete the verification application here to get verified and approved by fTLD.
Step 3: Upon approval you will be emailed a registration token. You must provide the token to your fTLD-Approved Registrar of choice, so they can complete the registration process. The list of Registrars is available here.
Step 4: Your Registrar will submit the domain registration request.
Step 5: fTLD reviews and approves the registration.
Questions about the verification application should be emailed to verify@fTLD.com.
Existing Registrants must first complete a new verification application available here each time additional names are registered. Upon approval you will be emailed a registration token. You must provide the token to your Registrar so they can complete the registration process for you.
No, domain names are initially awarded on a first-come, first-served basis; there is no preference given to those that currently have a specific name in another TLD. Given .BANK is available to eligible members of the global banking community, there could be an organization with a domain name similar to yours that currently uses another TLD such as .NET, .CO, .UK, .FR, or .JP.
No, this is not necessary. Your organization may, for example, have a common law right arising from the actual use of a trademark and this is sufficient for registering a domain name. If fTLD is unable to verify your right to register a specific .BANK domain name we will contact you and request additional materials to confirm eligibility for the domain such as proof of use of the mark.
No, you may register as many domain names as you like.
You can register any domain name that corresponds to your company’s legal name or branding (e.g. trademarks, trade names or service marks), provided it is not an fTLD or ICANN reserved name. For guidance on selecting domain names, please see the .BANK Name Selection Policy accessible here and/or contact fTLD@fTLD.com.
The domain name must correspond to your trademark, trade name or service mark as described in the Name Selection Policy. If the legal name of your organization does not include the geographic identifying domain name being sought, fTLD may require documentation to verify your organization’s right(s) to the generic geographic domain name to protect the interests of the global banking community who may have one or more members with a legitimate right(s) to the domain name being sought.
fTLD reserved names are comprised of Common Community, Generic names and State Names of the United States, which are identified on the associated Reserved Names lists accessible here. If you believe your organization is eligible to register a name on one of these lists (i.e., you believe a name on fTLD’s Reserved Names list corresponds to your trademark, trade name or service mark), please see fTLD’s Reserved Names Challenge Policy accessible here, and review the Reserved Names Challenge information accessible here.
The outcome of a successful challenge to a name on fTLD’s Reserved Names list is the removal of the name from the respective Reserved Names list. A successful challenge does not result in the requestor being awarded the name, but rather gives them an opportunity to compete to receive it. fTLD will allocate the name via one or more of the allocation mechanisms listed in the Name Allocation Policy. A Reserved Name allocation will not take place until all fTLD-Approved Registrars have been provided notification of the change to the respective Reserved Names list.
Yes, all single-character names (e.g., 1.BANK), most two-letter names (e.g., AB.BANK), and names fTLD has reserved for its potential use, indicated in bold on the list of Generic names (available at: https://www.register.bank/reserved-names/ ), are identified as premium and subject to premium pricing.
To ensure that registrations are made only to organizations that meet and maintain the eligibility requirements, fTLD performs verification upon the initial registration of a .BANK domain, annually thereafter and if certain registration information changes (e.g., Registrant Organization, Registrant Name, Registrant Email). fTLD’s Verification Process Overview is accessible here.
No, the verification process is mandated for all .BANK registrations.
In contrast, the Whois verification process is required by ICANN to be conducted annually by Registrars to confirm accurate contact information. Registrars are required to contact their Registrants to conduct this verification.
Registrants may risk having their domain name suspended or cancelled for failure to respond to either type of verification request. If you want to confirm whether the request is legitimate, please contact fTLD at verify@fTLD.com.
For new Registrants, the verification process is usually completed in 1-3 business days, and upon its completion, the registration process is a matter of a couple of business days from submission by your Registrar to fTLD’s approval. For existing Registrants, the verification is usually completed more quickly. However, because the verification process requires email and/or telephone contact with the Registrant’s organization to verify certain information (i.e., the requestor is a full-time employee of the company and is authorized to make registrations on their behalf), it may take longer to complete. Registrants can expedite verification by ensuring that all individuals that may be contacted are aware of the need to respond to these requests as quickly as possible.
fTLD recognizes that different countries may have differing regulations regarding bank licensure/certification and will accept other materials applicable to a bank’s specific country of charter and supervision by a government regulatory authority.
fTLD uses information provided by you to confirm your eligibility for a domain name. fTLD will contact you via email or telephone if specific additional information is needed. It is important that you respond to fTLD’s request(s) promptly as your domain name cannot be registered until the verification process is completed and you have been provided a registration token. Registrants should respond promptly to all verification requests from fTLD, and failing to respond could result in rejection of your application or inactivation of your domain name. Any questions you have about the verification process should be sent to verify@fTLD.com.
In line with ICANN policy, fTLD allows role-based designations for the Registrant Contact Name and role email accounts for the Registrant Email. However, a specific individual’s name must be provided to fTLD for the verification process. This individual must be a full-time employee and authorized to register domains for the Registrant Organization. The verification application permits you to provide both the individual’s name and the role-based name.
To ensure Registrants maintain eligibility for their domain name(s), fTLD conducts annual verifications and verifications when certain registration information changes (e.g., Registrant Organization, Registrant Name, Registrant Email).
Once fTLD learns of a consolidation or acquisition (e.g., from a banking regulatory authority), we will communicate with the Registrant about what are and are not permissible activities for the domain registration to ensure compliance with fTLD’s Policies and Requirements. In the event of questions about this, please write to compliance@fTLD.com.
fTLD requires compliance with a set of Registrant Security Requirements that are not mandated by the operators of other commercially available gTLDs. Additionally, the fTLD Operations Pledge accessible here outlines the requirements we and our Registrars must follow to ensure the secure, stable and reliable operations of the .BANK domain.
Yes, Security Requirements can change. The Security Requirements specify that fTLD will periodically review and amend the requirements to respond to changing needs in security or the community. The amendment process includes a review by fTLD’s Security Requirements Working Group (SRWG) and consideration and approval of its recommendations by fTLD’s Board of Directors. Any approved changes to the requirements will be communicated directly to Registrars and broadly announced to stakeholders via information posted to fTLD’s websites as well as other means for sharing such details. Adequate notification to stakeholders and time for implementation is provided when changes are required to processes and technical infrastructure by new or modified requirements. Please contact fTLD at fTLD@fTLD.com if you would like to participate in future efforts of the Security Requirements Working Group.
fTLD is ultimately responsible for enforcing the Security Requirements and policies in .BANK. Registrars will also play a role in enforcement of Registrant Security Requirements as they have a direct relationship with the Registrant. fTLD retains the right to take action if the Registrar or Registrant fails to do so.
fTLD has compiled a list of publicly available, free resources that can be helpful in understanding whether the implementation of a .BANK domain name addresses the defined requirements and it’s available here. Although these resources are useful, they are not exact checks against the requirements so you may still receive compliance notices even if these resources do not identify any issues. Registrants may email fTLD at compliance@fTLD.com to check the compliance status of a specific domain. fTLD will work with you and your Registrar to address compliance issues.
No, .BANK is an HTTPS-only community to support privacy and integrity of web and other services by default. The Security Requirements mandate encryption via a digital identity certificate (e.g., TLS certificate) and specifies Encryption/TLS requirements for .BANK websites. Also, as .BANK is on the HSTS preload list, websites that are not HTTPS compliant will not be accessible via major browsers (like Chrome). As a global HSTS security policy becomes increasingly common, additional browsers will block sites that are not HTTPS compliant.
Proxy/Privacy Registration Services are used to conceal the identity of the domain name owner and their contact information in the public WHOIS record. fTLD prohibits this practice as it makes it difficult to identify and contact a Registrant that is alleged to be using their domain name for practices that are in violation of fTLD’s Acceptable Use / Anti-Abuse Policy accessible here.
Registrants are permitted to use role names (e.g., Domain Admin) and role email addresses (e.g., domainadmin@bankname.TLD). Role names and role emails serves to mask the underlying true identity of the Registrant (i.e., their name and business email address) in the public WHOIS record; however, fTLD must always maintain this information in its systems (e.g., matters related to the verification process, security monitoring, compliance).
fTLD is monitoring all domain names for compliance with the Policies and Requirements. fTLD will notify Registrars/Registrants of domain names that are not in compliance and failure of the Registrar/Registrant to provide a timely response and a remediation plan to fTLD can result in the domain name being removed from the .BANK zone or more significant actions.
fTLD has developed an Implementation Hub to provide the necessary information, guides, resources and tools for implementing, testing, requesting assistance with and reporting on each of our Security Requirements. We also have guides for eligibility and planning & communications that many .BANK Registrants have found helpful in making the move to .BANK.
You can continue using your current domain name (e.g., .com), and once you have your .BANK domain in place you can redirect your traffic and emails to your new .BANK site and email address. Maintaining your original domain and redirecting to your .BANK domain will allow you to retain all customer traffic and communication while educating them about your move to a more secure domain. You can redirect your old domain indefinitely, though many banks deactivate the old domain when traffic to them becomes minimal (usually up to one year).
Yes, you can redirect traffic and emails from your .com (or other TLDs) to your .BANK domain name, enabling you to retain traffic and communication while you educate your customers about your move to a more secure domain. While there are many ways to redirect visitors to a .BANK domain name, an effective method to do this while maintaining your search engine ranking is by using the http ‘301 Moved Permanently’ response status code. Your .BANK domain name must meet the HTTPS requirement by having a public key certificate (e.g., TLS certificate) installed to secure the domain name. Registrants are reminded that .BANK is an HTTPS-only community and therefore any redirection must be made to the HTTPS version of the .BANK website.
Yes, provided your .BANK domain name meets the HTTPS requirement you may redirect to your current domain. Organizations that redirect from .BANK to non-.BANK domain names are strongly encouraged to inform visitors of this action via an explicit message to avoid confusion and to assure that visitors understand they are leaving a .BANK domain name. Registrants are reminded that .BANK is an HTTPS-only community and therefore any redirection must be made from the HTTPS version of the .BANK website.
As noted in fTLD’s Acceptable Use / Anti-Abuse Policy accessible here and the Implementation Guidelines annexed to the .BANK Registrant Eligibility Policy accessible here, fTLD may impose additional use restrictions, at any time, on a Registrant’s use of a domain name to protect the integrity of the .BANK gTLD and the community that it serves. fTLD will communicate any use restrictions on a .BANK domain name to the Registrant before approving the initial registration request or at any time during the term of the registration of the .BANK domain name, which must be accepted and complied with in order to maintain the registration.
Yes, this activity is permitted.
fTLD charges the same base price to Registrars for all .BANK domains, which cover operating expenses such as the verification process, and monitoring of Security Requirements for .BANK. Premium domains have a different base price. In addition, Registrars may include services and/or have their own operational expenses included in the final retail price of your .BANK domain name.
Yes, there is a difference in cost and Registrants should consult with their Registrar for this information.
There will be other costs to your organization associated with the implementation of the Security Requirements. For example, complying with the DNSSEC, TLS, and name server requirements may require additional support and/or services from your Registrar, core processor, hosting provider, DNS provider, etc. As you consider which Registrar to use, you should ask about their ability to support the Security Requirements and the associated costs. See fTLD’s Third-Party Provider Program for who can assist you with meeting the requirements.
Yes, all single-character names (e.g., 1.BANK), most two-letter names (e.g., AB.BANK), and names fTLD has reserved for its potential use, indicated in bold on the list of Generic names (available at: https://www.register.bank/reserved-names/), are identified as premium and subject to premium pricing.
As a verified domain, exclusively for the banking community, .BANK is a more secure space for online banking and communication. A web or email address ending in .BANK quickly and easily confirms for customers and employees that they are communicating and transacting with your bank, and not a phisher or a spoofed site. A .BANK domain is a visual cue anyone can look for and recognize, an online stamp of trust that will give your customers confidence in your online banking platform, and help protect your bank from bad actors collecting data for breaches, financial fraud and identity theft.
All fTLD Policies for .BANK are located here.
gTLD – or generic Top-Level Domain – refers to the letters to the right of the dot at the end of an internet web address. Examples of gTLDs are .BANK, .INSURANCE, .COM, .ORG and .NET.
fTLD Registry Services, LLC was formed in 2011 by a coalition of banks, insurance companies and financial services trade associations from around the world. In 2012, fTLD submitted community-based applications to the Internet Corporation for Assigned Names and Numbers (ICANN) for the .BANK and .INSURANCE gTLDs. fTLD launched .BANK in May 2015 and .INSURANCE in May 2016.
The Internet Corporation for Assigned Names and Numbers, or ICANN, is an oversight body responsible for the stability and unification of the internet. Its key responsibilities include policy development for existing and new generic Top-Level Domains (gTLDs). In June 2011, ICANN’s board of directors authorized the launch of the New gTLD Program. The program’s goals include enhancing competition and consumer choice, and enabling the benefits of innovation via the introduction of new gTLDs.
ICANN’s TMCH is a global repository for trademark data. Designed to meet global needs for the domain name system, the TMCH verifies trademark data worldwide and maintains a database with the verified trademark records. The TMCH is not a trademark office.
There is a cost to use the TMCH. Learn more at the Trademark Clearinghouse website.
The Trademark Claims period initially ran for the first 365 days of General Availability and has been extended several times. To check the date the period will close, search for .BANK here. During the Trademark Claims period, anyone attempting to register a domain name matching a mark that is recorded in the TMCH will receive a notification displaying the relevant mark information.
If the notified party registers the domain name, the TMCH will send a notice to those trademark holders with matching records in the TMCH, informing them that someone has registered the domain name.
The TMCH will accept and verify registered trademarks, marks protected by statute or treaty or court validated marks as well as any other marks that constitute Intellectual Property (IP) rights that meet the eligibility requirements of the TMCH. Learn more about accepted marks at the Trademark Clearinghouse website.