Financial services firms unhappy with ICANN’s new top-level domains program are to take matters into their own hands by writing security guidelines for TLDs like “.bank”.
BITS, the technology policy arm of the Financial Services Roundtable, said it plans to develop “elevated security standards for financial gTLDs” and wants ICANN to make them mandatory.
The organization, which counts many major world banks as members, is concerned that a “.bank” in the hands of a registry with lax security could increase fraud and reduce confidence in banking online.
BITS said its guidelines would be drafted by a globally diverse working group and submitted to an international standards-setting organization for ratification.
It wants ICANN to include a single sentence in its new TLDs Applicant Guidebook, apparently incorporating the guidelines by reference:
Evaluators will use standards published by the financial services industry to determine if the applicant’s proposed security approach is commensurate with the level of trust necessary for financial services gTLDs.
An ICANN working group is working on the concept of a High Security Zone TLD for precisely this kind of application, but in September the ICANN board abruptly decided that it “will not be certifying or enforcing” the idea, apparently in order to mitigate its own corporate risk.
The BITS project appears to be in direct response to that move.
It certainly seems to be a more productive avenue of engagement than hinting at a lawsuit, which it did in a November letter to ICANN.
I’m attempting to confirm whether the BITS plan, submitted as a response to the Applicant Guidebook public comment period, is being proposed with ICANN’s backing. (UPDATE: it isn’t.)