Complainant is Intesa Sanpaolo S.p.A. of Torino, Italy, represented by Perani Pozzi Associati - Studio Legale, Italy.
Respondent is Name Redacted.1
The disputed domain name <intesasecure.com> is registered with Register.IT SPA. The disputed domain name <secureintesa.com> is registered with Internet Domain Service BS Corp. (collectively referred to as the "Registrars").
The Complaint was filed with the WIPO Arbitration and Mediation Center (the "Center") on June 24, 2016. On June 24, 2016, the Center transmitted by email to the Registrars a request for registrar verification in connection with the disputed domain names. On June 27, 2016, Register.IT SPA transmitted by email to the Center its verification response confirming that the Respondent is listed as the registrant and providing the contact details. On June 28, 2016, Internet Domain Service BS Corp. transmitted by email to the Center its verification response confirming that Respondent is listed as the registrant and providing the contact details.
The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the "Policy" or "UDRP"), the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules"), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the "Supplemental Rules").
In accordance with the Rules, paragraphs 2 and 4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on June 30, 2016. In accordance with the Rules, paragraph 5, the due date for Response was July 20, 2016. The Center received an email communication from the named Respondent on July 5, 2016. Respondent did not submit any substantive response. Accordingly, the Center advised the Parties of the commencement of the panel appointment process on July 22, 2016. The Center received a further email communication from the named Respondent on July 23, 2016.
The Center appointed Roberto Bianchi as the sole panelist in this matter on July 27, 2016. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
On August 9, 2016, [Name Redacted] sent an email communication informing all the parties in the procedure that it had filed a report with the Police with respect to the alleged identity theft.
Complainant Intesa Sanpaolo S.p.A. is among the leading banking groups in Europe. It resulted from the merger between Banca Intesa S.p.A. and Sanpaolo IMI S.p.a. Complainant has a market capitalization of over EUR 38.6 billion. Complainant has about 4,100 branches in Italy and 1,200 branches in Central-Eastern Europe. Complainant is present in 29 countries, in particular in the Mediterranean area, as well as in the United States of America, Russian Federation, China and India.
Complainant owns, inter alia, the following marks:
- International trademark INTESA, Reg. No. 793,367, registered on September 4, 2002, and renewed until September 4, 2022, covering services in International Class 36;
- International trademark BANCA INTESA, Reg. No. 831,572, registered on June 24, 2004, renewed until June 24, 2024, covering services in International Class 36;
- European Union trademark INTESA, Reg. No. 2,803,773, filed on August 7, 2002, registered on November 17, 2003, and renewed until August 7, 2022, covering services in International Class 36
Complainant also owns the domain names <intesa.com>, <intesa.org>, <intesa.info>, and <intesa.biz>.
The disputed domain names were registered on June 10, 2016. In accordance with the annexes to the Complaint, the disputed domain name <secureintesa.com> resolved to a website sponsoring the banking and financial services of Intesa Sanpaolo; the disputed domain name <intesasecure.com> was inactive.
Complainant contends as follows:
The disputed domain names are identical or confusingly similar to a trademark or service mark in which Complainant has rights. The disputed domain names exactly reproduce Complainant's trademark INTESA, with the mere addition of the descriptive term "secure". Such difference is clearly a minor and merely descriptive variation of the cited mark, used by Complainant to identify its online banking service for enterprises.
Respondent has no rights or legitimate interests in respect of the disputed domain names. Respondent has nothing to do with Intesa Sanpaolo S.p.A. In fact, any use of the trademark INTESA has to be authorized by Complainant. Nobody has been authorized or licensed by the above-mentioned banking group to use the disputed domain names. The disputed domain names do not correspond to the name of Respondent. To the best of Complainant's knowledge, Respondent is not commonly known as "secureintesa" or "Intesasecure". Complainant does not find any fair or noncommercial use of the disputed domain names.
The disputed domain names were registered and are being used in bad faith. Complainant's trademark INTESA is distinctive and well known all around the world. The fact that Respondent has registered two domain names that are confusingly similar to it indicates that Respondent had knowledge of Complainant's trademark at the time of registration of the disputed domain names.
In addition, if Respondent had carried even a basic Google search in respect of the wordings "intesa" and/or "intesa secure", the same would have yielded obvious references to Complainant. Complainant submits, as, Annex G to the Complaint, an extract of a Google search in support of its allegation. This raises a clear inference of knowledge of Complainant's trademark on the part of Respondent.
Therefore, it is more than likely that the disputed domain names would not have been registered if it were not for Complainant's trademark INTESA. This is a clear evidence of registration of the disputed domain names in bad faith. In addition, the disputed domain names are not used for any bona fide offerings. More particularly, there are present circumstances indicating that, by using the disputed domain names, Respondent has intentionally attempted to attract, for commercial gain, Internet users to its website, by creating a likelihood of confusion with Complainant's mark as to the source, sponsorship, affiliation, or endorsement of his website (paragraph 4(b)(iv) of the Policy).
In fact, one of the disputed domain names is currently connected to a website sponsoring the banking and financial services of Intesa Sanpaolo, although such website has no relationship with Complainant or any of its affiliates (see, in this regard, Complainant's official website "www.intesasanpaolo.com", as Annex H to the Complaint). Therefore, while Internet users connect to the website "www.secureintesa.com", they are confusingly led to presume that Respondent and Complainant are the same entity, which is not true. The content of this website is highly confusing and misleading, as it requests users to log in using the codes and the passwords provided by Complainant in order to get into an undetermined "Internet banking" (see Annex F to the Complaint). Therefore, it is also highly probable that Complainant's clients will erroneously believe that the website "www.secureintesa.com" is one of the official websites of Complainant Intesa Sanpaolo S.p.A and they may accidentally provide Respondent with their personal bank information and sensitive data.
It is clear that the main purpose of Respondent is to use the above website for "phishing" financial information in an attempt to defraud Complainant's customers. Prior UDRP decisions stated that the use of a disputed domain name for defrauding Internet users by the operation of a "phishing" website is perhaps the clearest evidence of registration and use of a domain name in bad faith. See The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado, WIPO Case No. D2012-2093.
Respondent did not submit any substantive reply to Complainant's contentions. However, on July 5, 2016 the Center received an email from the named Respondent (although from an email account different from the one shown by the WhoIs and the Registrars' verification responses), stating the following in English and Italian:
"[…] Dear Case Manager,
This is to inform you that the undersign [sic] [Name Redacted] IS NOT the owner of the disputed domain names.
The real owner of INTESASECURE.COM and SECUREINTESA.COM clearly stole my personal information in order to register them and, indeed, I did not know the email address used for registering the above domains.
Please transfer INTESASECURE.COM and SECUREINTESA.COM to the Complainant, in the meanwhile I will take all the required initiative for protecting myself from such identity thief.
Best regards,
[Name Redacted]".
Preliminary Issue: Lack of Capacity to Consent to Transfer.
As just seen, in its email dated July 5, 2016 [Name Redacted] asks the Center to transfer the disputed domain names to Complainant, in what at first glance appears to be an unconditional and unilateral consent to the remedy of transfer of the disputed domain names requested by Complainant. The Panel notes that, generally speaking, the fact that a respondent agrees to the remedy of transfer while at the same time it denies that any or all of the three elements of the Policy are present, does not deprive this respondent's unconditional and unilateral consent to transfer of its efficacy. Most UDRP panels take this consent as a sound basis to make an order of transfer.
In this case, however, [Name Redacted] denies being the person who registered the disputed domain names, and asserts that that the real registrant had stolen his personal information to register them, thus committing identity theft. As informed in its email of July 9, 2016 to the Center, on July 7, 2016 [Name Redacted] denounced having been the victim of an identity theft in a formal deposition before the police authorities in Firenze (Italy). The Panel believes that these facts are sufficient basis for the Panel to conclude that [Name Redacted] most likely is neither Respondent, nor a representative of Respondent, but a third party lacking capacity to consent to transfer. Consequently, this Panel's decision on the merits is based not on [Name Redacted]'s consent, but rather on an analysis of the elements of the Policy.
The Panel notes that the disputed domain names fully incorporate Complainant's INTESA mark, just adding the common and generic term "secure" as a suffix in <intesasecure.com> and as a prefix in <secureintesa.com>. It is well established that the addition in a domain name of a generic term to a mark generally is inapt to distinguish the domain name from the mark. Accordingly, the Panel finds that the disputed domain names are confusingly similar to Complainant's INTESA mark.
Complainant contends that Respondent has no rights or legitimate interests in the disputed domain names. In the first place, Respondent has nothing to do with Intesa Sanpaolo S.p.A., and has not been authorized or licensed by Complainant to use the disputed domain names. Secondly, the disputed domain names do not correspond to the name of Respondent, and Respondent is not commonly known as "secureintesa" or "intesasecure". Lastly, Complainant cannot find any fair or legitimate noncommercial use of the disputed domain names by Respondent.
The Panel notes that at least one of the disputed domain names resolved to a website sponsoring Complainant's banking and financial services and requesting users to log in using the codes and passwords provided by Complainant in order to get into an undetermined "Internet banking". In the opinion of the Panel, this appears to be a phishing attempt, which is neither a bona fide offering pursuant to Policy, paragraph 4(c)(i), nor a fair or legitimate noncommercial use of the disputed domain name under Policy paragraph 4(c)(iii).
In view of these facts, noting the silence of Respondent, and without any element in its favor, the Panel finds that Respondent lacks any rights or legitimate interests in the disputed domain names.
The Panel believes that whoever registered the disputed domain names, did so in bad faith and with knowledge of Complainant's rights. First, Complainant obtained its first trademark registration almost fourteen years before the disputed domain names were registered. Second, Respondent's use of at least one of the disputed domain names to resolve to a website sponsoring Complainant's banking and financial services, and requesting users to log in using the codes and passwords provided by Complainant in order to get into an undetermined "Internet banking", demonstrates knowledge and targeting of Complainant and its mark, i.e.,registration in bad faith. Clearly, this behavior also appears to be an attempt of phishing, which is also use in bad faith according to paragraph 4(b)(iv) of the Policy.
The Panel concludes that the disputed domain names were registered and are being used in bad faith.
For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain names <intesasecure.com> and <secureintesa.com> be transferred to Complainant.
Roberto Bianchi
Sole Panelist
Date: August 13, 2016
1 The Panel decided to redact the name of the named Respondent, adopting the criterion of the panel in Banco Bradesco S.A. v. FAST-12785241 Attn. Bradescourgente.net / Name Redacted, WIPO Case No. D2009-1788 ("The Panel has decided that no purpose is to be served by including the named Respondent in this decision, and has therefore redacted its name from the caption and body of this decision. The Panel has, however, attached as Annex 1 to this Decision an instruction to the Registrars regarding transfer of the disputed domain names that includes the named Respondent, and has authorized the Center to transmit Annex 1 to the Registrars as part of the order in this proceeding. However, the Panel has further directed the Center, pursuant to paragraph 4(j) of the Policy and paragraph 16(b) of the Rules, that Annex 1 to this Decision shall not be published based on exceptional circumstances").