Submission to the

Office of the Domain Name Commissioner

on the

REGISTRATION, MANAGING AND CANCELLING
DOMAIN NAMES POLICY

14 September 2006

SUBMISSION OF THE NEW ZEALAND BANKERS’ ASSOCIATION TO THE OFFICE OF THE DOMAIN NAME COMMISSIONER ON THE POLICY GOVERNING REGISTRATION, MANAGEMENT AND CANCELLING DOMAIN NAMES

1. Introduction

1.1 This submission is made on behalf of the nine members of the Association, namely:-

ANZ National Bank Limited

ASB Bank Limited

Bank of New Zealand

Citibank NA

The Hongkong and Shanghai Banking Corporation Limited

Kiwibank Limited

St. George Bank New Zealand Limited (Superbank)

TSB Bank Limited

Westpac Banking Corporation (New Zealand division)

1.2 The New Zealand Bankers’ Association (the “Association”) welcomes the opportunity to submit on the review of the policy governing the registering, managing and cancelling domain names (the “policy”). The Association believes that such a review is timely in relation to the issues affecting the banking industry particularly in relation to the regular occurrence of “phishing” attacks which impact on consumer confidence in Internet banking services. Whilst, the Association acknowledges that the majority of the “phishing” attacks emanate from outside New Zealand, it is important to send a message internationally that New Zealand will not tolerate its Internet infrastructure being subject to potential misuse.

1.3 The Association submits that an objective of this policy should be to put in place processes to prevent fraudulent applications for domain names and also provide for co-operation with industry participants including state bodies where potential fraudulent applications are suspected.

1.4 The Association also submits that a further objective of the policy should be to ensure that the domain names have integrity. For example, registration of domain names that are likely to mislead Internet users such as derivatives of corporate names (i.e. “Wespac”, “Natonal Bank”) should be prevented.

1.5 The Association also strongly supports a requirement that the Office of the Domain Name Commissioner is required to check applications for domain names against criteria similar to those applied for registration of company names.

1.6 The Association supports the immediate and effective cancellation of a domain name in the event of a fraud. Where a fraud or potential fraud is being perpetuated by a domain name user registered overseas the Association would support procedures that are followed by the Office of the Domain Name Commissioner in ensuring that its overseas counterpart takes adequate measures to bring about the immediate and effective cancellation of such a domain name. Such adequate measures may include the overseas counterpart of the Office of the Domain Name Commissioner bringing pressure on the relevant registrar as the case might be, particularly as the domain name user would have breached its terms and conditions of use with the registrar.

2. Principles – Registering, Cancelling, Managing

2.1 Paragraph 4.2 states that “any new name must conform to relevant internet standards..” Paragraph 4.2 then goes on to list a number of applications that may be automatically declined.

Submission

2.2 The Association submits that a new sub paragraph 4.25 should be inserted that states that the domain name must not consist of a word that is not permitted by law or the applicant itself is not permitted to use in accordance with any law operating in New Zealand.

2.3 The Association refers to section 64 of the Reserve Bank of New Zealand 1989 Act, which places limits on the use of restricted words such as “bank”, “banker” and “banking” in a name or title. In this regard if an application seeks to use such restricted words then the relevant registrar will be required to carry out checks that the applicant is permitted to use these words in its domain name.

2.4 The Association submits that this would be an important provision to prevent any potential misuse of a domain name for any purposes other than banking, including possible fraudulent purposes. In New Zealand, only registered banks are entitled to use the words “bank”, “banker”, “banking” in its title and this operates as an important consumer protection.

2.5 The Association submits that a list of restricted words should be drawn up by the Office of the Domain Name Commissioner, similar to the New Zealand Companies’ Office, as a guide for registrars carrying out their functions.

3. Second Level Names

3.1 Paragraph 5.1 refers to second level domain names that are moderated.

Submission

3.2 The Association submits that the same restriction would apply to the words “bank”, “banker” and “banking” in relation to second level names as would apply to domain names as outlined above in paragraph 2 of this submission.

4. Payment Details

4.1 The Association notes that there is anecdotal evidence of payment for domain name registrations that have turned out to be bogus and have been acquired through fraudulent means such as stolen credit card details.

Submission

4.2 The Association submits that payment therefore be received from an applicant before the domain name is provided, unless there are exceptional circumstances. A period of five days should be sufficient in order for most methods of payment to be accepted. In this regard, the Association submits that a new sub-paragraph is inserted between sub-paragraphs 7.7 and 7.8 that states that payment must be received from an applicant before a domain name is provided (not less than five days after receipt of such payment), unless there are exceptional circumstances.

4.3 The Association submits that “exceptional circumstances” might include where the applicant can demonstrate that due to a pressing commercial requirement that use of the domain name is required immediately.

5. The Billing Process

5.1 The Association believes that the billing process may be an important factor in determining the bona fides of an applicant for a domain name.

Submission

5.2 The Association submits that an applicant should provide verifiable details such as names, physical addresses and contact details. The Office of the Domain Name Commissioner, as a minimum, should carry out checks on a random basis as part of its risk management processes.

5.3 The Association submits that to achieve consistency with paragraph 4 of the Association’s submission that payment must be received before a domain name is provided would require wording changes to sub-paragraphs 9.5, 9.6 and 9.7 in order to ensure (at least in the case of a first time registration) that payment is received before a domain name is provided.

5.4 The Association is happy to consult with the Office of the Domain Name Commissioner further on any wording changes that would be required to paragraph 9 or any other aspect of the policy in the circumstances.

14 September 2006