Defunct Bank Domains Need Protection, Researchers Argue

bankclosed

A transatlantic study has found that around a third of web domains that used to belong to now-defunct banks are now being used by other people. Thankfully only a handful are being used for outright malicious purposes, but the researchers say steps must be taken to minimize such abuse.

Tyler Moore of Southern Methodist University in Dallas and Richard Clayton of the University of Cambridge looked at the fallout of the closure of 3,181 US banks over the past 10 years. Between them those banks controlled 2,302 domains.

Altogether 46 percent of the domains are still owned by banks, usually because one bank took over another’s assets when it closed. Of these about two-thirds are being used (for example, pointing towards the bank that took over the assets) while one-third are not active.

Another 20 percent of so have been taken over by people outside of banking but aren’t being used, while just under 10 percent of the domain names have lapsed and not been reregistered so are still up for grabs.

Of those that are being used, just under 20 percent are being used to host domain parking ads to capitalise on people who try to visit the now-defunct bank or find it in an outdated search result. Around five percent had more dubious uses such as spam blogs or other content designed to game search engines. A small handful of sites were being used legitimately for a business that happened to coincide with the domain name.

That left only half a percent (11 sites) which were hosting malware. Though the researchers said they saw some evidence of phishing scams, they didn’t name any specific examples or give hard numbers.

The researchers conclude by proposing that as part of the regulatory process which oversees a bank closure (US banks can’t simply close shop overnight), the Federal Deposit Insurance Corporation should take some of the bank’s money to hold in escrow and pay to renew the domain “for many years into the future” to stop it falling into rogue hands.

Whether that’s appropriate may depend on your views on regulation. Using a former bank’s name to attract people to an ad-filled website is pretty shady, but not illegal. It’s also questionable whether banking domain names are at any more risk, or in need of greater protection, than those of other businesses that no longer exist.

(Image credit: Library of Congress)