[CPWG] Transfer Policy Review Team: Question about the 60-days lock
Theo Geurts
atlarge at dcx.nl
Mon Nov 22 17:01:11 UTC 2021
Thanks for the feedback John.
All the best,
Theo
On Thu, Nov 18, 2021, at 9:11 PM, John McCormac wrote:
> On 18/11/2021 12:20, Theo Geurts via CPWG wrote:
> > John,
> >
> > Can you explain the relationship between domain locks for 60 days and
> > attacks using stolen payment details?
>
> I was thinking of it in term of attack types, Theo,
> Basically there are opportunistic attacks with a single credit card and
> then there are spikes in attacks due to credit card data being
> compromised in a breach. With the first type, the attack may be limited
> but the second often involves multiple attackers. The fraud and risk
> detection systems have improved but they are not perfect. There is still
> an element of lag between card details being stolen and the theft being
> notified to the credit card company. It is that window that both types
> of attacker exploits. The registrar or reseller should not be on the
> hook for fraudulent charges.
>
> > A lot of the EU ccTLD registries and other ccTLDs do not have such a
> > 60-day lock and I never saw any issues in relation to stolen payment
> > details. And to be clear, we process a lot of incoming and outgoing a
> > ccTLD transfers.
>
> That may have to do with the different types of markets. They are
> primarily catering to a highly localised market whereas the gTLD are,
> mainly, catering for a global market. A ccTLD registration may not be
> quite as "convertible" as a .COM registration.
>
> > In addition, to drastically reduce domain theft, you have to have a big
> > issue of domain theft first. The current amount of unauthorized
> > transfers complaints is very low as provided by compliance. I suspect
> > domain theft (which is a different bucket) is even lower, though we do
> > not have real statistics. With the exception of IRTP-D, from what I
> > recall dispute providers had a total of 2 cases since 2016.
>
> The main targets for domain theft are valuable domain names (short,
> short numerical or generic keyword). Some of the registrants have had to
> take UDRP actions to recover them because the thief used registrar
> hopping to intentionally make it more difficult to recover the domain
> name. The targeted domain names could be valued in thousands or tens of
> thousands of Euro/Dollars. It is a qualitative issue rather than a
> quantitative issue. That allows domain theft to be presented as a being
> a small problem in terms of ICANN compliance.
>
> > I do not mind the 60 day lock in the sense that it bothers me. However,
> > as a registrar, I would not mind the option to be able to remove the
> > lock in certain scenarios.
>
> That's different from the registrant being allowed to opt out of the 60
> day lock and there may be an argument for registrars being able to
> exercise discretion in some cases.
>
> Regards...jmcc
> --
> **********************************************************
> John McCormac * e-mail: jmcc at hosterstats.com
> MC2 * web: http://www.hosterstats.com/
> 22 Viewmount * Domain Registrations Statistics
> Waterford * Domnomics - the business of domain names
> Ireland * https://amzn.to/2OPtEIO
> IE * Skype: hosterstats.com
> **********************************************************
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/mailman/private/cpwg/attachments/20211122/780fb186/attachment.html>
More information about the CPWG
mailing list