.fi is the country code extension allocated to Finland, which is operated by the Finnish Communications Regulatory Authority (FICORA).
FICORA, through its accredited registrars, offers the registration of domain names at the second-level i.e. lexsynergy.fi and google.fi.
During 2016, FICORA removed the requirement for registrants to be locally registered companies or Finnish residents, opening its .FI namespace to the world without restriction. The removal of such restrictions resulted in the influx of registrations of domain names such as co.fi, com.fi, org.fi and net.fi. These legitimate registrations pose a risk to the .FI namespace and the internet community in that they could be confused as official registry operated second-level domains such as co.uk (UK) and co.za (South Africa).
A third-level domain is the section of a domain name that is to the left of the dot of a second-level domain that is considered a domain extension. Take the example of americanexpress.com.fi. In this case, the third-level would be “americanexpress” and the second-level would be “com”. “.fi” is the first or Top Level Domain (TLD). The third-level domain is often called a “subdomain”. The most common third level domain is “www”, although mobile websites often use “m”, for instance, m.yahoo.com.
com.fi is an example of how a domain name can be used to create the impression that it is an official extension to potentially perpetrate fraudulent activity, ultimately affecting the credibility of the .FI namespace and FICORA.
In practical terms, the owners of second-level domains license third-level domains such as brand.com.fi to third parties and operate their own Whois (database of information) system, which may be unverified.
The issue described below was identified by Lexsynergy for a client that was targeted by the registrant of the domain name com.fi. The infringements targeting Lexsynergy’s client has since been resolved but the registrant’s activity continues against other business and trade mark holders at the date of posting this news article.
The domain name com.fi was originally registered on 12 September 2016 by the registrant International Financial Domain Name Registry, through the French registrar Gandi SAS, which later updated the registrant to Guangzhou Jincaiyu Technology Co.,Ltd (“Infringer”) after Lexsynergy engaged the various stakeholders.
The Infringer has set up an unauthorised third-level registry at https://www.com.fi/ allowing the registration of domain names such as jpmorgan.com.fi and americanexpress.com.fi. Below is a screenshot of the fraudulent com.fi and the official .fi Whois records. The domain name jpmorgan.com.fi forwards to the legitimate website https://www.jpmorgan.com/country/GB/en/jpmorgan, which may be used to support a larger fraudulent operation.
Significantly, the UDRP (domain dispute resolution procedure) or local equivalent does not apply to subdomains or third-level domains, in the absence of an independent contract between the vendor of such domains and a dispute resolution service provider.
In the case of jpmorgan.com.fi, brand owners might think that the entity who licenses the third-level domain com.fi should be the party to bear the risks for the infringement or fraudulent uses of third level domains. However, in practice, the general terms and conditions of the seller of top-level domains, do not always contain clauses that relate to third level domains.
In practice, it means that JP Morgan may find it difficult to enforce their rights in relation to jpmorgan.com.fi, if the second level domain (com.fi) is legitimately registered with genuine registrant name, address and contact information.
Lexsynergy is actively pursuing the relevant stakeholders to address the ongoing infringements originating from com.fi. If your company has been targeted please email [email protected] to arrange a discussion on a possible resolution.
A list of some of the targeted companies can be found at http://www.nic.com.fi/comfi_Bank_2.html,
© 2018 Lexsynergy Ltd. All rights reserved