SOCRadar® Cyber Intelligence Inc. | The .bank TLD: Benefits and Downsides


May 04, 2023
6 Mins Read

The .bank TLD: Benefits and Downsides

The world has changed rapidly since the invention of the Internet. One of the most important aspects it affected is using the Internet for banking. According to Forbes, as of 2022, 78% of adults in the U.S. prefer to bank via a mobile app or website. Only 29% of Americans prefer to bank in person.

Banks and financial institutions have prioritized the security of online transactions over anything else. In their support, .bank TLD (Top-Level Domain) is one of the tools available to strengthen security. This blog post will examine what .bank TLD brings and its potential downsides.

What is the .bank TLD?

The .bank TLD is a top-level domain name extension only available to verified banking and financial services community members. In September 2014, ICANN (Internet Corporation for Assigned Names and Numbers), the governing body for Internet domain names, approved the application of fTLD Registry Services LLC for a new TLD exclusively for banks and savings associations, and related organizations. fTLD is a financial services industry consortium. Their aim for the new TLD application was to provide a secure domain for banking-related transactions.

On May 2015, the .bank TLD became available to apply. Applicants need to pass a screening process to qualify for the domain. As of April 2023, according to the official site, “768” banks are being protected by the .bank TLD. The eligibility criteria for the .bank TLD are comprehensive. The applicant organizations must implement multiple security services, such as DNSSEC, and be re-verified by Symantec every two years to confirm an institution’s continuing eligibility. You can find full details of the eligibility here.

.bank TLD usage
.bank TLD usage

What are the Benefits of the .bank TLD?

One of the most important benefits of using .bank TLD is the security it brings against phishing and brand protection. According to the report from Proofpoint, 84% of organizations experienced at least one successful phishing attack in 2022. In another report by APWG (Anti-Phishing Working Group), as seen in the graphic below, in the first quarter of 2022, the financial industry was the most targeted by phishing attacks.

Phishing by industry statistics (Source: APWG)

As the implementation of the .bank TLD is highly regulated and only available to verified banking and financial services community members, it makes it much more difficult for cybersquatters and domain hijackers to register .bank domain names for fraudulent purposes.

Another security benefit of the .bank TLD is that it requires organizations to use services such as DNSSEC and WHOIS privacy protection. These features can help banks and financial institutions to better protect their online assets and customer data.

Another significant benefit of using .bank TLD is the brand recognition and trust it provides. It has been eligible since 2015. With eight years of running and over 750 financial organizations utilizing, it can be said that it has enough credibility.

The .bank TLD can also provide better visibility in search engine results. It has been approved by major search engines and is recognized as a trusted domain name extension. As a result, banks and financial institutions that use the .bank TLD can benefit from better visibility in search engine results.

What are the Potential Downsides?

The .bank TLD aims to provide enhanced security and benefits such as brand recognition. However, there are also potential downsides to consider before implementing the service. There are three main concerns regarding the domain. They are higher costs, potential gatekeeping, and user confusion.

The .bank TLD is more expensive than domain names such as .com. The .bank TLD is a highly regulated domain name extension, and the application and verification process can be time-consuming and expensive. Registering for a .bank domain may cost upwards of $2,000, which is not a huge amount for a financial institution. The most considerable portion of the costs is the application and verification process. It can be time-consuming. Financial institutions must spend time and money on the switch, including transitional costs, investing in marketing and branding initiatives, and potentially fine-tuning their internal systems. It is estimated that it would take almost six months to complete the transition.

Another aspect is that higher requirements gatekeep smaller financial services firms or startups from benefitting the service. This is to limit the accessibility of the service to a selective group.

The last thing is that even with the introduction of new TLDs over the past few years, domains such as .com are still the most familiar domains for users. If a user uses more than one bank, some of them use .com, and others use the .bank domain, the user can get confused and have second thoughts about their actions.


The .bank TLD offers several benefits for banks and financial institutions. It ranges from security against cybersquatting and domain hijacking to brand recognition. Yet, there are also potential downsides to the domain. It can be costly to transition and create confusion for the user. Banks and financial institutions should consider every aspect of the service before deciding because .bank TLD is not the final answer for every concern. It can benefit the overall security and credibility of online banking and financial services.

Awareness for the .bank TLD will not rise quickly. Awareness of end users is also low in this sense and will continue to be so. Although not the .bank TLD, phishing attacks related to different TLDs cybersquatting the banks will continue. Therefore, phishing attacks will continue to pose risks in the long run. For protection, other security implementations should be considered.

SOCRadar Brand Protection

SOCRadar can help you protect your brand even if you have already transitioned into .bank TLD. With SOCRadar’s Brand Protection module, you can track impersonating domains and rogue mobile applications. SOCRadar can help you initiate the takedown process if one of these is detected.