Masters of Their Domain

Online banking fraud is rampant because it's easy. Here's a fix that will mean money in the bank.

Computer security is a complex issue, and there is no simple cure-all. But one thing that continues to baffle me is the way we bank online. Think about the Web address of your bank. It probably ends in one of the common top-level domains: ".com" if you're in the United States, or, depending on your home country, in something like ".uk," ".de," ".jp," or ".ru." Which is why Web sites with such names as "bankofamerica-online.com," "lloydstsb-banking.com," "hsbc-login.com," or "paypalaccount.com" are so dangerous. They may look like the real thing, but they're operated by criminals. And these rogue banking sites are popping up every day. Hosted on Web sites with misleading names that read like a real bank's Web address, the domains are registered with fake contact information. These impostors then bombard consumers with "phishing" e-mails, luring them to these sites, where their financial information is stolen.

How does this happen? At the moment, anyone willing to pay the fee of $5 or so can register any domain name they want, as long as the name is not already taken. So creating these look-alike pages is fast, easy, and cheap.

Why do banks and other financial institutions operate under the public top-level domains, like .com? The Internet Corporation for Assigned Names and Numbers, the body that creates new top-level domains, should create a new, secure domain just for this reason -- something like ".bank," for example.

Registering new domains under such a top-level domain could then be restricted to bona fide financial organizations. And the price for the domain wouldn't be just a few dollars: It could be something like $50,000 -- making it prohibitively expensive to most copycats. Banks would love this. They would move their existing online banks under a more secure domain in no time.

The creation of a new domain for a specific industry is not unprecedented: We've already done it for museums, with their restricted ".museum" top-level domain. If we can manage to protect storehouses of precious works of art from the Internet's most shameless thieves, surely we can find a way to protect our money.


A Smarter Superpower

The United States has become all brawn, no brains. It needs to rethink its relationship with the world.

The current struggle against extreme Islamist terrorism is sometimes characterized as a "clash of civilizations." More accurately, it is a civil war within Islamic civilization between a radical minority that uses violence to enforce a simplified and ideological version of its religion and a mainstream that has more diverse and tolerant views. Trade, economic growth, education, development of civil-society institutions, and gradual increases in political participation may help strengthen the mainstream over time. Equally important will be the narrative presented by the West. Defeating Islamist terrorism requires hard intelligence and police work, but we must also attract mainstream Muslims to dry up the sources of new radical recruits. Thus far, intelligence reports indicate that the policies of the United States have created more terrorists than it has killed. America needs to combine hard and soft power into "smart" power, as it did during the Cold War. Many official instruments of soft, or attractive, power -- public diplomacy, broadcasting, exchange programs, development assistance, disaster relief, military-to-military contacts -- are scattered around the government with no overarching strategy or budget that even tries to integrate them. The United States spends about 500 times more on the military than it does on broadcasting and exchanges combined. The United States cut short-wave, English-language broadcasts to save the equivalent of less than half an hour of the defense budget of the United States. How do we make such trade-offs? And how should the government relate to the nonofficial generators of soft power -- everything from Hollywood to Harvard to the Bill and Melinda Gates Foundation -- that emanate from our civil society?

The United States should develop a smart-power strategy by creating a deputy national security advisor charged with developing and implementing a more streamlined outreach plan. The advisor should have the authority to reallocate departmental funds to execute the strategy. In addition, the government should establish a federally funded research and development corporation to support the plan, as well as a nonpartisan, nongovernmental Civil Society Fund. Its independent board would provide a "heat shield" to separate policy advocacy and diplomacy from the development of long-term social interactions around the world.

Until Americans prioritize such a smart-power strategy, we will founder for generations in the struggle against extreme Islamist terrorism.