It seams like a pretty good idea to me. Sounds as if you simply need to prove you have a legit reason for wanting such a domain. Only people this will cause real. issues for are people intending to phish.

Mack.

It would seem that all Swedish banks already own their domain names so any new domain registrations with the word bank in them would probably be registered for nefarious reasons.

What sort of logic is that?

Let's assume that there will never be a new bank opening up or a new bank division or a new local bank location wanting a domain. If I want to launch a website for a local blood bank or milk bank I would now need to beg for government permission to register a domain. What about Banksy, the artist in the UK?

I do not think that this would even slow the scammers down one bit. Many big banks don't use the word "bank" in their domain. Washinton Mutal, Wachovia, Chase, Wells Fargo, HSBC, Barclays even the US Federal Reserve Bank do not use the word "bank" in their domain. If I wanted to register a phishing site for any of these companies I wouldnt need to use the word "bank".

If I wanted to register a phishing site for any of these companies I wouldnt need to use the word "bank".

Or register the domain in Sweden for that matter.

It seams like a pretty good idea to me. Sounds as if you simply need to prove you have a legit reason for wanting such a domain. Only people this will cause real. issues for are people intending to phish.

Or people trying to make a website of widgetbanksucks, since powerful banking lobyists can add 'sucks' sites to the list of restricted reasons to not give out a bank domain.

There are already laws against fishing, we don't need new ones we just need enforcement. Ofcourse enforcement would mean spending more money on enforcing laws, and less on making them. I don't know why, but I have a slight suspecion that those who proposed this law (those who make laws) might not be doing this as much for the benefit of society, as of themselves.

I don't know why, but I have a slight suspecion that those who proposed this law (those who make laws) might not be doing this as much for the benefit of society, as of themselves.

Always a safe guess :-)

Hong Kong has this restriction already when they launched .hk's domains. You have to prove that you are representing a bank before you can register any domain with a "bank" keyword.

Madness. Apart from the fact that major banks are not likely to change their URLs to something WITH "bank" in the domain name (causing confusion because not all banks would cooperate), you would have to be consistent with other businesses with phishing opportunities.

If people cannot remember to look at the addressbar and see [bankname.cctld...] and get suspicious when it says bankname.somethingscary.com, how are people going to cope with this?

Thats really very good idea , similar restrictions should also be followed by other domain tlds. Inclusion of some other keywords related to credit cards can also be safe.

Most of the fraud takes place when people click links present in emails saying that it is from bank.

I feel some kind of protection at DNS level can also be included checking the correct intended domain when it is related to banking website keyword.Most of the ISPs can do quick check it website contain BANK keyword and inform user that is this really what he want to do or visit this website?

This is definetly a very good idea, only harm will be caused to phishing SCAM attackers.

All domains with the word bank in it?

The word "bank" like it appears in: hsbc, citigroup, UniCredit, Sumitomo Mitsui, Morgan Stanley, BNP Paribas, Intesa San Paolo, Wells Fargo, Paypal, VISA, Sparkasse?

Sounds like a great idea to me and will make any future phishing attempts impossible. Because phishers always use the work "bank" in their domain names. It's in the secret code of conduct of the phishers, and if they don't their heads explode.

Bad luck though for the river bank and the riverbank-motel.

This seems like fixing one hole in a screen that has a hundred others. The flies will just crawl in through another hole.

Why not add (yet) another ccTLD that's exclusive to banks? .bank - I'll bet the major banks would be more likely to switch over the BankName.bank than to change to a .com with the word "bank' in it. Plus it would be a lot more effective in stopping the phishers.

Ridiculous. Won't slow phishers down at all, but is problematic if you wanted to use "bank" in a legitimate context, e.g., a product called PasswordBank, third party content sites like BankRatings, BankRates, and so on.

The true idiocy here is that the bulk of phishers don't register domain names in the first place.

Phishers hack into servers and install their scripts in other people's domains and the minute one hacker server gets fixed they start spamming to a new location and so forth.

I'm sure the misguided Swede's will feel good that at least they did something even if it was a useless placebo.

The word "bank" like it appears in: hsbc, citigroup, UniCredit, Sumitomo Mitsui, Morgan Stanley, BNP Paribas, Intesa San Paolo, Wells Fargo, Paypal, VISA, Sparkasse?

Well, it does not for sure.
But any other scammer will definetely target the KEYWORD BANK before, within or after all the above names you have suggested, hence its the best idea to enforce this rule.

However, I am again influenced with a crticism here

If I want to launch a website for a local blood bank or milk bank I would now need to beg for government permission to register a domain. What about Banksy, the artist in the UK?

some rules are laid down to protect millions or billions which definetly are destructive to 100s or 1000s (this is what history shows) :)

Phishers hack into servers and install their scripts in other people's domains and the minute one hacker server gets fixed they start spamming to a new location and so forth.

This can be termed as smart phishers. But maximum script kiddies follow the keyword law, as per reports from email scams and other organisations.

In that case no one should be allowed to register and speculate any common generic words because some one or the other orgnization would certainly would have advantage like banks to warn not to use that name. As eBay was sending warning for legal action if any name attached with ebay(sufix or prefix), then why not google is taking legal action aginst owners with all names with google. that is more trade law violation than using generic name "bank". What will happen then with people already having million names with that kw? Is is cyber squatting?

It is an interesting idea and one that many ccTLDs would probably consider introducting to give them an edge over the gTLDs.

Regards...jmcc

This is, to put it short, very bad.

The people making these decisions in Sweden are the PTS (Post och Telestyrelsen)or Post and Telecommunications Board. The organization has been around for many years and has a very old staff pool and they are not always the most Internet-savvy.

The reason this has been pushed so hard, is that one of the major banks (Handelsbanken) started to lobby for this in 2002. The lobby for banning the word "bank" in domain registrations is being pushed under the pretense of avoiding scam/spam sites. However, the internal incentive from the bank to increase pressure on the issue has not been headed by the online-security department, but by many other departments (such as marketing) who would benefit from said regulation.

I won't go into the details of how this won't slow spammers down (they won't even break pace) because we are all familiar with the obvious secondary tactics. The point I wish to illustrate and emphasize is that this is a very real threat to the openness and freedom the Internet provides.