.bank

.bank is a sponsored top-level domain used in the Domain Name System of the internet. The TLD was officially delegated to fTLD Registry Services on behalf of the Financial Services Roundtable and American Bankers Association on January 5, 2015.

The top-level domain was approved by ICANN in September 2014 but only became available to qualifying institutions the following year in May 2015. The .bank TLD has been included in the HSTS preload-list; as a result, popular web browsers will only connect to a .bank webpage using HTTPS.

Proposals
When proposed back in 2011, it was hoped that the release and adoption of a .bank domain name by authorized institutions would help prevent phishing and identity theft. The project's general manager, Craig Schwartz, anticipated less than 10,000 .bank domains being registered due to the exclusive eligibility criteria.

Usage
Usage of the .bank domain is reserved for those in the banking industry, including retail banks, savings associations, and related holding companies and associated organizations composed primarily of those entities. If approved by the fTLD board, government regulators of eligible companies and organizations, or organizations whose members are composed primarily of such government regulators, can register as well.

Any entity in Canada found using a .bank gTLD in violation of the Bank Act must relinquish the domain.

As of March 2017, around 2,400 banks in the United States had registered nearly 5,000 .bank domains, with 300 in active use at that time.

By August 2018, it was reported that several hundred banking institutions had acquired a .bank domain. Association with the domain is exclusive and subject to a vetting process, suggesting visitors can trust the website as being a legitimate bank.

Security
As of 2017, institutions operating with a .bank domain were subject to enhanced security requirements, including:
 * Vetting process verified by Symantec and renewed biennially
 * .bank TLD must be hosted on .bank name servers
 * Registrations limited to approved registrars
 * Usage of email authentication and two-factor authentication