So what’s the deal with .BANK instead of .COM?

Since our website redesign, you may have asked yourself why First National Bank of Huntsville’s website now uses the .BANK extension as opposed to the traditional .COM extension. While on the surface this may not seem to carry much impact for you, there are some security enhancements behind the scenes.

Generic Top-Level Domains

.com, .net, .org and other website suffixes are known as “top-level domains” (TLDs). While we normally see only a few of these, there are hundreds of them – and there may be thousands more soon. Top-level domains are managed by the Internet Assigned Numbers Authority (IANA), which is run by the Internet Corporation for Assigned Names and Numbers (ICANN).

Perhaps the most common top-level domains are .com, .net, and .org. Originally, each had a unique purpose:

  • .com: Commercial (for-profit) websites
  • .net: Network-related domains
  • .org: Non-profit organizations

However, these top-level domains all offer open registration – anyone can register a .com, .net, or .org domain for a website (for a fee). The distinction between the domains has largely been lost, although there are still non-profit organizations that prefer .org.

There are a variety of other domains that were added later to take some of the stress off of the original generic top-level domains (gTLDs), including .biz and .info. However, fewer websites use these top-level domains – there are more brand recognition's associated with a .com domain. Currently, .com is by far the most popular top-level domain – nearly 50 percent of the websites Google visits use the .com top-level domain.

Open vs. Closed TLDs

In contrast to the above top-level domains, which are “open” in that they allow anyone to register a domain without meeting any qualifications, many TLDs are “closed.” For example, if you want to register a .museum, .aero, or .travel domain, you must verify that you’re a legitimate museum, air-travel, or tourism-related entity.

Enhanced Security

Security is perhaps the most important factor a community bank will consider when deciding whether to adopt a .BANK extension. As online security breaches continue to make headlines, concerns about website security are weighing heavily on banks and their customers. Customers want peace of mind that they can conduct financial transactions safely on a bank’s website, while banks want to prevent financial losses and damage to their reputations as a result of fraud. There is not a single solution that exists to protect against all threats, however website security typically uses a multi-layered approach. If one defense fails, other defense mechanisms can still detect and prevent an attack.

The information below will help you understand what .BANK is, why it’s more secure, and what it means for online interactions with the bank.

The main takeaway: For security purposes, our email addresses and website URL will soon end in ‘.BANK’ instead of ‘.COM’ and when we migrate to ‘.BANK’ you will want to look for the ‘.BANK’ before interacting with any email or website of ours. First National Bank of Huntsville makes security a top priority, which is why we will make the switch to .BANK.


What is .BANK?

.BANK is a gated domain, like .gov or .edu, but for verified banks. Replacing .com, which can be purchased by anyone, .BANK quickly verifies that the website or email is authentically from our bank, so you can interact with confidence when you see the ‘.BANK’ at the end of our email address and website URL.

How is .BANK more secure?

All banks are verified and authenticated by fTLD, the .BANK administrator, prior to registering their .BANK domain, and re-verified annually thereafter. This ensures everyone using a .BANK domain is an eligible organization. Threat actors cannot get a .BANK domain to create lookalike domains for phishing and spoofing, as they can in ‘.com’ and other publicly available domains.

With the ‘.BANK’ visual authentication cue in place you can quickly confirm emails and websites of ours are real, and avoid interactions that could lead to identity theft and financial fraud. This authentication is also an additional layer of protection for our internal and vendor communications, helping us to further secure against potential breaches.