Why .bank?

Does the move to “.bank” change my online Banking login?

No. You’ll continue to use the same Username/Access ID and Password.

What is different?

Pinnacle Bank’s new URL and employee email address extensions will be updated to reflect this change.

Former URL: https://www.pinnaclebankonline.com

New URL: https://pinnacle.bank

Former employee email address: Jan.Doe@pinnaclebankonline.com

Employees new email address: Jan.Doe@pinnacle.bank

Will the .COM website still work? Do I need do anything differently as a customer?

Nothing. You will automatically be re-directed to the new Pinnacle Bank URL. If you have saved pinnaclebankonline.com in your “Favorites,” then you may want to update your “Favorites” to pinnacle.bank, but it is not required at this time.

What is .bank?

.bank is a new Internet web domain for the banking community! It is directed by banking and leading security experts, and will allow banks to more securely and effectively communicate with their customers. .bank domains are only sold to verified members of the banking community.

I don’t see many other banks moving to .bank, why did Pinnacle Bank?

We take the security of our clients’ information very seriously and therefore chose to take this extra step to give Pinnacle Bank clients peace of mind when banking with us online. We believe that the .bank domain provides an additional layer of security that the other top level domains such as .com do not.

Why is .bank more secure?

Just about anyone can obtain a “.com” website address. With that criminals can create ‘spoof’ websites and email addresses that can deceive people into giving away personal information.

A coalition of banks, American Bankers Association, the Financial Services Roundtable and other industry members formed to create the “.bank” Domain. Only after completing an extensive verification process can a “.bank” domain be purchased.

Pinnacle Bank was one of more than 2,500 United States banks to complete that process and acquire a “.bank” address in 2015. We are pleased to be one of the first banks in California to migrate to the new domain.

.bank domains signify that a company has been verified as legitimate and is committed to implementing the additional and mandatory security requirements that go beyond existing standards. Only verified banks are allowed to use the .bank domain. Therefore, when you see a domain which ends in .bank, you can be assured that you are dealing with a legitimate, verified financial institution.

Because of the additional security measures taken in the verification process, cybercriminals can be identified and denied the right to obtain a .bank domain name. Therefore, the .bank environment provides an enhanced level of security against imposter sites and peace of mind for our clients and business partners.

What are the enhanced security requirements in .bank?

  • Mandatory verification of charter/licensure for regulated entities ensures the organization requesting the domain is legitimate, the person requesting the domain name is authorized by the company and that the name requested by the company complies with all policies.
  • Domain Name System Security Extensions (DNSSEC) to ensure that Internet users are landing on participants’ actual websites and not being misdirected to malicious ones;
  • Email authentication to mitigate spoofing, phishing and other malicious activities propagated through emails to unsuspecting users;
  • Multi-factor authentication to ensure that any change to registration data is made only by authorized users of the registered entity;
  • Strong encryption to ensure security of communication over the Internet;
  • Prohibition of Proxy/Privacy Registration Services to ensure full disclosure of domain Registration information so bad actors cannot hide.

Who regulates and verifies .bank process?

fTLD and in some cases its Registry Service Provider, Verisign, will be responsible for monitoring compliance with the relevant requirements. Registrars will play a role in enforcement as they have the direct relationship with the registrant. fTLD always retains the right to take action if the registrar fails to do so.