The emergence of cryptocurrency and decentralized finance is raising the stakes for secure online finance. For payments professionals and the ecommerce world, it’s vital to understand the emergence of blockchain-based domains, issues around security, and how this impacts financial payment processes.
Financial institutions and processes have always had the largest targets on their backs when it comes to cybercrime. Cybercriminals target bank employees, their customers, and even their suppliers, as well as intermediaries through which funds are regularly processed back and forth.
This is why when the opportunity presented itself back in 2012 for firms to get their own domain extension, financial firms lined up. There are now domain extensions for HSBC, CITI, JP Morgan, Barclays, AMEX, VISA, and several dozen other large financial firms. We’re talking about top-level domain extensions that contain just the trademark with no .COM.
These corporate extensions promised enhanced security to combat fraud. In practice though, very little progress has been made in the last decade in adoption of these new extensions, as the pain to migrate to a new extension appears larger than the gain to stay with the legacy one.
Now, with the innovation of blockchain, financial firms and related enterprises need to determine what their brand’s presence will look like on the decentralized web. The decentralized web will be a collection of metaverses where consumers will live out their virtual lives. The compelling rationale that drove largest financial firms back in 2012 to get their own top-level domain extension still applies. But now, these domain extensions need to be compatible with the decentralized web.
Fortunately, a Web3 (aka, the decentralized web) solution exists, aiming to accommodate financial firms.
There are now blockchains that exist for the sole purpose of enabling Web3 domain top-level extensions. The leader by far is the Handshake blockchain, which has already enabled over 4 million Web3 domain extensions. In contrast, the traditional web regulated by ICANN has just 1,500 extensions.
There are some major differences between corporate extensions on Web3 versus Web2. It’s important to understand these subtle, but key differences, as security can be compromised. For payments professionals, understanding these security issues is vital for digital payments in the Web3 world.
Web2 subdomains are optimised for businesses who want to do ecommerce. Most of their customers are individuals. On Web3, this paradigm is flipped. Web3 subdomains, such as .UST, .ETH, etc. will be mainly owned by individuals. To interact with these consumers, corporates will want to distinguish themselves by securing their own dotbrand Web3 extension.
Web2 is regulated by ICANN, which has established policies for operators of new extensions. And, of course, ICANN has reliable policies to combat cybersquatters registering trademarks at the second level, such as HSBSbanking.COM. However, ICANN has not accepted any new top-level applications since 2012. And when they do resume accepting applications in four or five years, the application fee will be USD 185,000.
Web3 is not yet regulated. And, without regulation, the path for fighting cybersquatters is not clear yet. Court cases for trademark infringement are still rare. So, trademark owners need to be proactive in claiming their trademarks in Web3 domains.
Fortunately, some of the blockchains enabling Web3 domains have recognised this. Three of the known blockchains enabling Web3 corporate extensions, Handshake, NexBloc, and Decentraweb, have reserved the top 100,000 websites, which cover most of the world’s well-known trademarks. Claiming these trademarks cost less than a three-martini lunch.
For firms without a reserved trademark, registering Web3 extensions is still very affordable. Handshake conducts a Vickrey-style auction process where extensions often sell for less than USD 100. Compared to ICANN’s USD 185,000 fee, this means many more businesses can afford their own top-level domain extension. But beware trying to grab a Handshake name on the cheap. Last-minute sniping is common for auctions with low bids. Once a business has secured their own domain extension, they can determine how to best activate their Web3 presence and even offer Web3 subdomains to their customers.
For corporates not ready to leap to their own top-level extension, there are already millions of options for Web3 subdomains. .ETH and .CRYPTO have over 3 million subdomains between them. There are also other blockchain-branded domain extensions, such as .UST for Terra, .TEZ for Tezos, and .SOL for Solana.
Generally though, we recommend avoiding registering your trademarks in these blockchain-specific extensions, unless you’ve already decided to be married to one of these blockchains. First, there are simply too many of them and most have not taken any steps to protect trademark owners from cybersquatting. Secondly, it is not clear which ones will be left standing in the inevitable shake-out and consolidation that will occur.
While it is tempting for a business to register a Web3 subdomain using an extension like .ETH or .DOT, it is far better for a corporation to establish their own Web3 top-level domain extension than to piggy-back on someone else’s. The clarity of branding and portability make it the superior choice for a Web3 address.
About Tom Barrett
Tom Barrett is President and Founder of EnCirca.Tom serves as Chair of the Blockchain Subcommittee for the International Trademark Association and is a frequent speaker for brand protection strategies on the blockchain. Tom is also the current Chair of the ICANN Nominating Committee Review Working Group. He is also engaged in blockchain governance projects, including Ethereum Naming Service’ DAO, Handshake, and NexBloc.
About the EnCirca
EnCirca is an ICANN-accredited domain name registrar founded in 2001 north of Boston, Massachusetts. EnCirca specialises in partnering with top-level domain registry operators and providing custom engineering, registration, and security services. EnCirca developed verification and registration workflow platforms for .BANK and .CPA.EnCirca also provides brand protection services for blockchain-based domain name projects, including Handshake, Ethereum, Unstoppable Domains, Decentraweb, and NexBloc.