[CPWG] Transfer Policy Review Team: Question about the 60-days lock

John McCormac jmcc at hosterstats.com
Thu Nov 18 21:11:58 UTC 2021 

On 18/11/2021 12:20, Theo Geurts via CPWG wrote:
> John,
> 
> Can you explain the relationship between domain locks for 60 days and 
> attacks using stolen payment details?

I was thinking of it in term of attack types, Theo,
Basically there are opportunistic attacks with a single credit card and 
then there are spikes in attacks due to credit card data being 
compromised in a breach. With the first type, the attack may be limited 
but the second often involves multiple attackers. The fraud and risk 
detection systems have improved but they are not perfect. There is still 
an element of lag between card details being stolen and the theft being 
notified to the credit card company. It is that window that both types 
of attacker exploits. The registrar or reseller should not be on the 
hook for fraudulent charges.

> A lot of the EU ccTLD registries and other ccTLDs do not have such a 
> 60-day lock and I never saw any issues in relation to stolen payment 
> details. And to be clear, we process a lot of incoming and outgoing a
> ccTLD transfers.

That may have to do with the different types of markets. They are 
primarily catering to a highly localised market whereas the gTLD are, 
mainly, catering for a global market. A ccTLD registration may not be 
quite as "convertible" as a .COM registration.

> In addition, to drastically reduce domain theft, you have to have a big 
> issue of domain theft first. The current amount of unauthorized 
> transfers complaints is very low as provided by compliance. I suspect 
> domain theft (which is a different bucket) is even lower, though we do 
> not have real statistics. With the exception of IRTP-D, from what I 
> recall dispute providers had a total of 2 cases since 2016.

The main targets for domain theft are valuable domain names (short, 
short numerical or generic keyword). Some of the registrants have had to 
take UDRP actions to recover them because the thief used registrar 
hopping to intentionally make it more difficult to recover the domain 
name. The targeted domain names could be valued in thousands or tens of 
thousands of Euro/Dollars. It is a qualitative issue rather than a 
quantitative issue. That allows domain theft to be presented as a being 
a small problem in terms of ICANN compliance.

> I do not mind the 60 day lock in the sense that it bothers me. However, 
> as a registrar, I would not mind the option to be able to remove the 
> lock in certain scenarios.

That's different from the registrant being allowed to opt out of the 60 
day lock and there may be an argument for registrars being able to 
exercise discretion in some cases.

Regards...jmcc
-- 
**********************************************************
John McCormac  *  e-mail: jmcc at hosterstats.com
MC2            *  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *  https://amzn.to/2OPtEIO
IE             *  Skype: hosterstats.com
**********************************************************

-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the CPWG mailing list