Moving From Dot-Com to Not-Com

There’s a downside to the relative freedom and lack of gatekeepers on the Internet, including that most anyone can buy a Web address that ends in “.com.” Online, scammers can pay $10 for an address that looks like that of your bank, your favorite clothier, or your auto dealer and create a site that looks enough like the original to trick you into buying phony merchandise or revealing your login and password. Every day, almost 1,000 Americans file some kind of identity-theft complaint with the US Federal Trade Commission, and about 750 report being scammed by an impostor, as in a phishing scheme. That’s part of the reason hundreds of businesses, from Google to Wal-Mart, have paid $185,000 a pop to apply for the rights to Web domains that read, say, .google or .walmart.

Companies are betting that operating their own domains will be more secure because they’re directly in control of the security and maintenance. The catch, says Ken Westin, an analyst with cybersecurity company Tripwire, is that they’ll have to take more responsibility for oversight of their private domains than they did in Verisign’s dot-com world.