WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

BKS Bank AG v. WhoisGuard Protected, WhoisGuard, Inc. / Mack John, Wikina

Case No. D2020-2811

1. The Parties

The Complainant is BKS Bank AG, Austria, represented by Schonherr Rechtsanwalte GmbH, Austria.

The Respondent is WhoisGuard Protected, WhoisGuard, Inc., Panama / Mack John, Wikina, Nigeria.

2. The Domain Name and Registrar

The disputed domain name <bkz3group.com> (the “Domain Name”) is registered with NameCheap, Inc. (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on October 24, 2020. On October 26, 2020, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Name. On October 27, 2020, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the Domain Name which differed from the named Respondent and contact information in the Complaint. The Center sent an email communication to the Complainant on November 6, 2020 providing the registrant and contact information disclosed by the Registrar and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on November 9, 2020.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on November 10, 2020. In accordance with the Rules, paragraph 5, the due date for Response was November 30, 2020. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on December 3, 2020.

The Center appointed W. Scott Blackmer as the sole panelist in this matter on December 17, 2020. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant is a stock company organized under Austrian law and listed on the Vienna Stock Exchange since 1986. Headquartered in Klagenfurt, Austria, the Complainant employs some 1,200 people and operates banking and leasing operations in Austria, Slovenia, Croatia, and Slovakia, with representative offices in Hungary and Italy and balance sheet assets of EUR 8.9 billion as of December 31, 2019. According to the Complainant’s website at “www.bks.at”, the Complainant was founded in 1922 but began using the initials “BKS” as its denomination in 1983. As advertised on the Complainant’s website, the Complainant is part of the “3 Banken Gruppe” of three Austrian regional banks that cooperate to provide certain nationwide services. The other participants (BTV and Oberbank) similarly publicize the benefits of the “3 Banken Gruppe” on their respective websites.

In addition to using “www.bks.at” for its corporate website, the Complainant offers online banking services using the domain name <bksbank-online.at> and operates websites using other domain names containing the element “BKS”, including <bksbank.si>, <bks.hr>, <bksbank.sk>, <bksbank.it>, <bks.hu>, <bks.co.at>, <bks.online>, <bksbank.at>, and <bksbank.com>.

The Complainant holds trademark registrations for BKS as a word mark, including the following:

MARK

JURISDICTION

REGISTRATION NUMBER

REGISTRATION DATE

BKS

Austria

215993

March 8, 2004

BKS

International Trademark

821772

March 8, 2004

BKS

Austria

278266

May 28, 2014

BKS

International Trademark

1229364

September 9, 2014

BKS

International Trademark

1352849

February 8, 2017

The Registrar reports that the Domain Name was created on July 26, 2020 in the name of a domain privacy service. The Domain Name does not resolve to an active website. The web page states that the account has been suspended. After receiving notice of this dispute, the Registrar identified the registrant as the Respondent “mack john” of the organization “Wikina” in Warri, Nigeria. The Respondent has not replied to communications from the Complainant or the Center, and the contact information includes a Gmail address rather than an email address in a company domain, so nothing further is known about the Respondent’s identity.

The Complaint attaches screenshots from October 2020 showing that two subdomains of the Domain Name resolved at that time to a website in the English language (the “Respondent’s former website”) displaying the Complainant’s “BKS Bank” and “BKS BANK 3 Banken Gruppe” logos but with content including text and photos copied from the website of Civista Bank, “www.civista.bank”, a bank headquartered in Sandusky, Ohio, United States of America (which apparently does not operate in Europe and certainly does not market to the Complainant’s core German-speaking clientele). The Complaint demonstrates that traces in the website’s source code indicate that the Respondent used HTTrack, a free website-copier tool (see “www.httrack.com”), to copy portions of the Civista Bank website. The Respondent’s former website included a chat feature to communicate with users and listed a support email address using the Domain Name. It also presented a page inviting users to login to their “BKS Bank” account by entering their username and password. Thus, the Respondent’s former website clearly reveals indications of a fraudulent (if amateurish) scheme to collect authentication data from the Complainant’s account holders and potentially defraud other consumers interested in banking services.

The Complainant points out that this is essentially the same pattern of conduct as found in two other WIPO UDRP proceedings brought by the Complainant against other Nigerian individuals earlier this year, who may or may not be the same or related persons using the same tools and techniques. See BKS Bank AG v. WhoisGuard Protected, WhoisGuard, Inc. / david Earl, linkorion, WIPO Case No. D2020-1922; BKS Bank AG v. WhoisGuard Protected, WhoisGuard, Inc. / Mikell Karo, WIPO Case No. D2020-0575.

At the time of this Decision, the Respondent’s hosting account has been suspended, and the Domain Name does not resolve to an active website.

5. Parties’ Contentions

A. Complainant

The Complainant asserts that the Domain Name is confusingly similar to its registered BKS trademark. Compared to the earlier cases, the “Respondent this time uses a slightly altered misspelled form of Complainant’s mark BKS by substituting merely the letter s with the visually and phonetically similar letter z making it merely an orthographical alteration of Complainant’s marks or their most distinctive elements”, while “3group” is “a reference to the BKS Bank being a member of the “3 Banks Group’“.

The Complainant contends that the use of the Domain Name cannot be legitimate: the Respondent has no permission from the Complainant and is clearly trying to create a false impression of an official BKS website to defraud users.

This conduct must be considered bad faith, according to the Complainant, in an attempt to mislead Internet users for commercial gain and as a likely pattern of such misconduct.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

Paragraph 4(a) of the Policy provides that in order to divest a respondent of a domain name, a complainant must demonstrate each of the following:

(i) the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights;

(ii) the respondent has no rights or legitimate interests in respect of the domain name; and

(iii) the domain name has been registered and is being used in bad faith.

Under paragraph 15(a) of the Rules, “[a] Panel shall decide a complaint on the basis of the statements and documents submitted and in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable”.

A. Identical or Confusingly Similar

The first element of a UDRP complaint “functions primarily as a standing requirement” and entails “a straightforward comparison between the complainant’s trademark and the domain name”. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 1.7.

The Complainant holds registered BKS trademarks. The Panel finds that the misspelling “BKZ” is confusingly similar, visually and phonetically, and was moreover intended to be so, as the Respondent’s former website copied the Complainant’s logos. See id. section 1.9 (typosquatting), 1.15 (assessing associated content as targeting a mark). The addition of the common terms “3group” to the Domain Name string does not avoid confusion (see id. section 1.8); to the contrary, it mimics the Complainant’s “3 Banken Gruppe” logo, which also appears on the Respondent’s former website. As usual, the generic Top-Level Domain (“gTLD”) “.com” is disregarded as a standard registration requirement. See id. section 1.11.2.

The Panel concludes that the first Policy element is established on these facts.

B. Rights or Legitimate Interests

Paragraph 4(c) of the Policy gives non-exclusive examples of instances in which the respondent may establish rights or legitimate interests in the domain name, by demonstrating any of the following:

(i) before any notice to it of the dispute, the respondent’s use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or

(ii) that the respondent has been commonly known by the domain name, even if it has acquired no trademark or service mark rights; or

(iii) the respondent is making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.

Because a respondent in a UDRP proceeding is in the best position to assert rights or legitimate interests in a domain name, it is well established that after a complainant makes a prima facie case, the burden of production on this element shifts to the respondent to come forward with relevant evidence of its rights or legitimate interests in the domain name. See WIPO Overview 3.0, section 2.1. The Complainant in this proceeding has demonstrated trademark rights, the lack of permission to use its mark, and the Respondent’s use of the Domain Name for a website fraudulently copying the Complainant’s mark, another bank’s website content, and soliciting authentication credentials from the Complainant’s customers. This shifts the burden to the Respondent to produce evidence of rights or legitimate interests.

The Respondent has failed to do so, and the Panel finds that the Complainant prevails on the second element of the Policy.

C. Registered and Used in Bad Faith

The Policy, paragraph 4(b), furnishes a non-exhaustive list of circumstances that “shall be evidence of the registration and use of a domain name in bad faith”, including the following (in which “you” refers to the registrant of the domain name):

“(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location.”

The Respondent was clearly aware of the Complainant’s BKS mark, as the Respondent copied the mark on the Respondent’s former website and used it to falsely suggest an association with the Complainant and solicit business, in accord with the example of paragraph 4(b)(iv) of the Policy. Moreover, the Respondent appears to have been actively seeking to defraud the Complainant’s customers and perhaps other consumers seeking banking services, which must be considered bad faith even if not listed as an illustrative example in paragraph 4(b) of the Policy. The evident pattern of concealment and technique also reinforces the inference of bad faith. It is unlikely to be a coincidence that three unrelated individuals in Nigeria, using the same registrar and employing the same web tools and techniques, targeted the Complainant over a period of a few months in an effort to obtain its customer account details.

The Panel concludes that the Complainant has established the third element of the Policy concerning bad faith.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name, <bkz3group.com>, be transferred to the Complainant.

W. Scott Blackmer
Sole Panelist
Date: Decision 31, 2020