Domainnews

Congressmen. CPA domain could be exploited by fraudsters pretending to be CPAs

A group of four lawmakers has sent a letter to an internet governing body expressing concern about how the proposed .cpa domain extension might be exploited by fraudsters pretending to be CPAs.

.CPA is sponsored by the American Institute of CPAs, in partnership with the Australian accounting body CPA Australia, since 2014. The two groups have pending bids for what is technically known as a “generic Top-Level Domain string,” or gLTDs, before the Internet Corporation for Assigned Names and Numbers, also known as ICANN, the global nonprofit that oversees internet namespaces.

Rep. Steve Pearce, R-N.M., Michael Conaway, R-Texas, Steve King, R-Ind., and Ruben Kihuen, D-Nev., are asking ICANN to develop and promulgate verification regulations for gTLDs that are at the most risk of fraud and abuse, including “.cpa.” Conaway is a CPA who is a member of Congress’s CPA Caucus.

In a letter last month, the lawmakers pointed out that a 2013 communique by ICANN’s Governmental Advisory Committee identified several domain extensions connected to regulated or professional sectors, including the accounting profession. “The GAC recognized that ‘these [gTLDs] are likely to invoke a level of implied trust from consumers, and carry higher levels of risk associated with consumer harm,’” they wrote. “Further, the communique highlighted that gTLDs such as ‘.cpa’ could be used to deceive consumers of CPA services in the United States and around the world if granted to those outside the global CPA community.”

“Ultimately,” the lawmakers added, “the communique recommended ICAAN ‘[e]stablish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities,’ and specifically cited ‘.cpa’ as requiring “Category 1” safeguards.”

“Unfortunately, to date, ICANN has not fully implemented this recommendation,” they noted. “While it has taken steps in the right direction, gTLDs, such as ‘.cpa,’ are still not regulated in a way to prevent fraud and abuse. For a gTLD that has a strong connection to a regulated industry, such as ‘.cpa,’ the protection of the public against fraud or other illegal activities should be of paramount concern to ICANN. Strong, reliable verification procedures are essential to protect the public interest. The importance of the public trust to the CPA profession around the world cannot be overstated, and the potential harm to the public of fraudulent or illegal use of a “.cpa” domain is immense.”

The lawmakers are encouraging ICANN to come up with verification procedures for websites that try to claim .cpa domain names. “ICANN cannot combat fraud by simply requiring applicants to make a representation, without any verification,” they wrote. “We recognize that although such verification is not a simple task, but it is an essential one.”

Read more