WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

The Royal Bank of Scotland Group plc v. Immortal Ken

Case No. D2013-1564

1. The Parties

The Complainant is The Royal Bank of Scotland Group plc of Edinburgh, United Kingdom represented by Melbourne IT DBS Inc., Sweden.

The Respondent is Immortal Ken of Kuala Lumpur, Malaysia.

2. The Domain Name and Registrar

The disputed domain name <rbs-berhad.com> is registered with Cloud Group Limited (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on September 5, 2013. On September 6, 2013, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On the same day, the Registrar transmitted by email to the Center its verification response confirming the Respondent as the registrant and provided contact details.

The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2(a) and 4(a), the Center formally notified the Respondent of the Complaint, and the proceedings commenced on September 13, 2013. In accordance with the Rules, paragraph 5(a), the due date for Response was October 3, 2013. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on October 4, 2013.

The Center appointed Reynaldo Urtiaga Escobar as the sole panelist in this matter on October 10, 2013. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

The proceedings are conducted in English as this is the language of the registration agreement for the disputed domain name.

4. Factual Background

The Complainant is a banking company incorporated in Scotland. The Complainant was founded in Edinburgh by Royal Charter in 1727 and is one of the oldest banks in the United Kingdom. It was incorporated as a public limited company in the United Kingdom in 1968. The Complainant offers retail banking services throughout Scotland and offers its financial services worldwide under the RBS mark.

The Complainant has registered its RBS acronym as a service mark in multiple countries around the world, including Malaysia, where the Respondent is located.

On June 3, 2013, the Respondent registered the disputed domain name, which is currently shown to be “suspended” but originally resolved to a website that mimicked the layout and content of the Complainant’s website in an attempt to phish for sensitive financial information from the Complainant’s customers.

Having received no response to its cease and desist letter dated May 29, 2013, the Complainant initiated the present UDRP proceedings against the Respondent.

5. Parties’ Contentions

A. Complainant

The Complainant’s factual and legal contentions can be summarized as follows:

i. The Complainant’s RBS mark is famous worldwide, as confirmed in numerous UDRP decisions;

ii. The disputed domain name is confusingly similar to the Complainant’s famous mark as it incorporates the core component of the Complainant’s mark, namely RBS;

iii. Considering that the term “berhad” is Malay for “limited”, i.e. “ltd”, the addition of said suffix to the disputed domain name strengthens the impression of association with the Complainant;

iv. By using the Complainant’s mark as the dominant part of the disputed domain name, the Respondent is exploiting the goodwill of the RBS mark, which may result in dilution to the Complainant’s trademark;

v. The Respondent cannot claim to have been using RBS, without being aware of the Complainant’s trademark rights in such sign;

vi. The Respondent is not an authorized dealer of the Complainant’s products and has never had a business relationship with the Complainant, nor is there a disclaimer on the Respondent’s website negating any relationship with the Complainant;

vii. The Respondent has used the disputed domain name to pass itself off as the Complainant in order to phish for financial information in an attempt to defraud the Complainant’s customers, which activity does not give rise to rights or legitimate interests as per the Policy;

viii. By using the disputed domain name for fraudulent purposes, the Respondent is committing a criminal offence, and at the same time is misleadingly diverting consumers for its own commercial gain;

ix. Even if the Respondent’s website is currently inactive, such passive holding could still constitute bad faith use of the disputed domain name;

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

According to paragraph 4(a) of the Policy, in order to succeed in this administrative proceeding, the Complainant must prove that:

i. the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and

ii. the Respondent has no rights or legitimate interests in respect of the disputed domain name; and

iii. the disputed domain name was registered and is being used in bad faith.

These elements are discussed in turn below. In considering these elements, paragraph 15(a) of the Rules provides that the Panel shall decide the Complaint on the basis of statements and documents submitted and in accordance with the Policy, the Rules and any other rules or principles of law that the Panel deems applicable.

A. Identical or Confusingly Similar

As digested in paragraph 1.2 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition (“WIPO Overview 2.0”), the test for confusing similarity under the Policy involves a straightforward visual or aural comparison between the trademark and the domain name itself to determine likelihood of Internet user confusion and that, in order to satisfy this test, the relevant trademark would generally need to be recognizable as such within the domain name, with the addition of common, dictionary, descriptive, or negative terms typically being regarded as insufficient to prevent Internet user confusion.

In subscribing to the consensus view, the Panel finds that the acronym RBS is immediately recognizable within the disputed domain name as the Complainant’s mark.

Now, in comparing the mark RBS to “rbs-berhad” the Panel finds that the disputed domain name is confusingly similar to the RBS mark as the latter is embodied in its entirety in the disputed domain name. See Verizon Trademark Services LLC v. The Helard Group, WIPO Case No. D2012-0277 (several UDRP panels have held that incorporating a trademark in its entirety is generally sufficient to establish that a domain name is identical or confusingly similar to complainant’s mark).

A finding of confusing similarity is all the more warranted where, as here, the Complainant’s mark incorporated in the disputed domain name is well known. See Ansell Healthcare Products Inc. v. Australian Therapeutics Supplies Ply, Ltd., WIPO Case No. D2001-0110 (the incorporation of a complainant’s well-known trademark in the registered domain name is considered sufficient to find the domain name confusingly similar to the complainant's trademark).

The inclusion of “berhad”, the Malay term for “limited”, only reinforces the connection between the disputed domain name and the Complainant’s mark since the Internet users are misled into thinking that the Respondent’s website is operated by the Complainant, who in turn is registered in Malaysia as “The Royal Bank of Scotland Berhad” (301932-A)1.

Accordingly, the Panel finds that the disputed domain name is confusingly similar to the Complainant’s RBS mark.

The Complainant has thus passed the first threshold of paragraph 4(a) of the Policy.

B. Rights or Legitimate Interests

The second element of a claim of abusive domain name registration and use is that the Respondent has no rights or legitimate interests in respect of the disputed domain name (Policy, paragraph 4(a)(ii)). Paragraph 4(c) of the Policy provides that “any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, shall demonstrate the Respondent’s rights or legitimate interests to the domain name for purposes of paragraph 4(a)(ii):

i. before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or

ii. you (as an individual, business, or other organization) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or

iii. you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.”

As noted in paragraph 2.1 of the WIPO Overview 2.0, the burden is on the Complainant to establish the absence of the Respondent’s rights or legitimate interests in the disputed domain name. However, because of the inherent difficulties in proving a negative, the consensus view is that the Complainant needs only to put forward a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain name. The burden of production then shifts to the Respondent to rebut that prima facie case (see also, e.g. World Wrestling Federation Entertainment, Inc. v. Ringside Collectibles, WIPO Case No. D2000-1306.)

The Complainant alleges that the Respondent’s registration of the disputed domain name was motivated by the fame of the Complainant’s RBS mark.

The Complainant also claims that the Respondent has used the disputed domain name to “phish” for financial information in an attempt to defraud Complainant’s customers through a website resembling that of the Complainant, which behavior is neither a bona fide offering of goods or services, nor a legitimate noncommercial or fair use under the Policy.

In consideration of the screenshots produced by the Complainant showing that the website at the disputed domain name once resolved to a website passing off as the Complainant’s official portal in Malaysia by displaying the RBS mark prominently, together with the Complainant’s logo and company name, the Panel finds that the Respondent’s scam on the Complainant’s customers negates any right or legitimate interest from the Respondent in the disputed domain name within the meaning of the Policy. See EFG Bank European Financial Group SA v. Domain Consults, WIPO Case No. D2011-1907 (the use of the disputed domain is a clear example of phishing, and as such the respondent cannot be described as having any legitimate interest in the disputed domain name).

The Respondent’s default in this proceeding is also telling of its lack of rights or legitimate interests in the disputed domain name.

As a result, the Complainant has demonstrated the second limb of paragraph 4(a) of the Policy.

C. Registered and Used in Bad Faith

Paragraph 4(a)(iii) of the Policy requires a complainant to prove that the disputed domain name has been registered and is being used in bad faith in order to be successful in its complaint. Paragraph 4(b) of the Policy sets forth a number of non-exclusive grounds of bad faith registration and use:

“(i) circumstances indicating that you [the respondent] have registered or acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your [the respondent’s] documented out-of-pocket costs directly related to the domain name; or

(ii) you [the respondent] have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you [the respondent] have engaged in a pattern of such conduct; or

(iii) you [the respondent] have registered the domain name primarily for the purpose of disrupting the business of a competitor; or

(iv) by using the domain name, you [the respondent] have intentionally attempted to attract, for commercial gain, Internet users to your [the respondent’s] website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your [the respondent’s] website or location or of a product or service on your [the respondent’s] website or location.”

The Complainant posits that its RBS mark is famous worldwide. Given this, the possibility that the disputed domain name was registered and used in good faith is inconceivable according to the Complainant.

In view of the longstanding use of the RBS mark in the global financial services industry, there is no doubt in the Panel’s mind that the Complainant’s mark is well known internationally. See The Royal Bank of Scotland Group plc v. Sara Richmond, WIPO Case No. D2012-1720 (The panel finds that RBS is a well-known mark that has received worldwide recognition).

In this case, the Panel finds that this circumstance alone is sufficient to prove bad faith registration of the disputed domain name. See Singapore Airlines Limited v. European Travel Network, WIPO Case No. D2000-0641 (where the selection of the disputed domain name is so obviously connected to the complainant’s well known trademark, their very use by someone with no connection with the complainant suggests opportunistic bad faith.)

Similarly, the Panel takes notice that the Respondent’s deceptive and fraudulent use of the disputed domain name fits well within a large-scale phishing attack on the Complainant, as reported in numerous UDRP cases filed by the Complainant under the UDRP during 2013 and 2012. See The Royal Bank of Scotland Group Plc v. PrivacyProtect.org Domain Admin / lois duncan (mmg lois), WIPO Case No. D2013-0273 (the respondent’s website has been used as part of a broader phishing campaign, to deceive the complainant’s customers and manipulate them into divulging sensitive financial information); also The Royal Bank of Scotland Group Plc v. STEV INT, WIPO Case No. D2013-1233 (the use of the disputed domain names were used as part of a scam designed to persuade web browsers to give to the respondent confidential information and, in some cases, money, was considered evidence of use in bad faith.)

On the facts, the Panel concludes that the Respondent has used the disputed domain name for unlawful means and therefore in bad faith.

In sum, the Panel holds that the disputed domain name was both registered and has been used in bad faith within the purview of the Policy.

The Complainant has therefore discharged its burden in connection with paragraph 4(a)(iii) of the Policy.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <rbs-berhad.com> be transferred to the Complainant.

Reynaldo Urtiaga Escobar
Sole Panelist
Date: October 24, 2013


1 See Complainant’s website for its Malaysian customers at “https://www.rbs.my/”