Registrar Obligations to Collect, Securely Maintain and Validate Data

February 9, 2012
By

LEA:
Registrars and all associated third-party beneficiaries to Registrars are required to collect and securely maintain the following data:
(i) Source IP address;
(ii) HTTP Request Headers
(a) From
(b) Accept
(c) Accept‐Encoding
(d) Accept‐Language
(e) User‐Agent
(f) Referrer
(g) Authorization
(h) Charge‐To
(i) If‐Modified‐Since
(iii) Collect and store the following data from registrants:
(a) First Name:
(b) Last Name:
(c) E‐mail Address:
(d) Alternate E‐mail address
(e) Company Name:
(f) Position:
(g) Address 1:
(h) Address 2:
(i) City:
(j) Country:
(k) State:
(l) Enter State:
(m) Zip:
(n) Phone Number:
(o) Additional Phone:
(p) Fax:
(q) Alternative Contact First Name:
(r) Alternative Contact Last Name:
(s) Alternative Contact E‐mail:
(t) Alternative Contact Phone:
(iv) Collect data on all additional add‐on services purchased during the registration process.
(v) All financial transactions, including, but not limited to credit card, payment information.
Each registrar is required to validate the following data upon receipt from a registrant:
(1) Technical Data
(a) IP addresses used to register domain names.
(b) E‐mail Address
(i) Verify that registration e‐mail address(es) are valid.
(2) Billing Data
(a) Validate billing data based on the payment card industry (PCI standards), at a minimum, the latest version of the PCI Data Security Standard (DSS).
(3) Contact Data
(a) Validate data is being provided by a human by using some anti‐automatic form submission technology (such as dynamic imaging) to ensure registrations are done by humans.
(b) Validate current address WHOIS data and correlate with in‐house fraudulent data for domain contact information and registrant’s IP address.
(4) Phone Numbers
(i) Confirm that point of contact phone numbers are valid using an automated system.
(ii) Cross validate the phone number area code with the provided address and credit card billing

 

ICANN to seek clarification regarding the request, e.g., definition of “all associated third party beneficiaries” and other questions. Will defer discussion until ICANN receives further input from LEA.

Discussion of LE clarification (request pertains to reseller related info); discussion of reseller actions; discussion of PCI standard applicability; discussion regarding availability and relevance of listed data.

Discussion of ICANN’s request for Registrar Verification of WHOIS Information.

Tags: , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

RSS ICANN Daily News

  • Donuts and Efficiency: Ways to Recover Time and Money Lost to TAS - CircleID
    Donuts and Efficiency: Ways to Recover Time and Money Lost to TASCircleIDBy Richard J Tindal On April 12, ICANN closed the TLD Application System (TAS) to ensure security of applicant data. For more than a month, the system outage has cost applicants and others millions of dollars. Here's how to make up for lost time and ... […]
  • Cybersquatting hits Coca-Cola as new suffixes come online - Chicago Daily Herald
    Cybersquatting hits Coca-Cola as new suffixes come onlineChicago Daily HeraldThe Association of National Advertisers, a Washington-based trade group, assembled an industry group last year including Coca-Cola, Johnson & Johnson and General Electric Co. to oppose Icann's expansion of suffixes, known as top-level domains, ... […]
  • ICANN and the dot anything: do we care about domain names? - Pocket-lint.com
    Pocket-lint.comICANN and the dot anything: do we care about domain names?Pocket-lint.comWell thanks to ICANN, a body in charge of licensing new top-level domain names, the way we search for a website might be about to change. Most people who type Google into an address bar are going to be looking for one thing: Google.ICANN's gTLD Expansion: The Applica […]
  • Meet the Man Who Invented the Instructions for the Internet - Wired News
    Meet the Man Who Invented the Instructions for the InternetWired NewsImage: ICANN Steve Crocker was there when the internet was born. The date was Oct. 29, 1969, and the place was the University of California, Los Angeles. Crocker was among a small group of UCLA researchers who sent the first message between the first ...and more » […]
  • ICANN can't; OpenNIC has new domains and will let you be a .pirate - ITworld.com
    ICANN can't; OpenNIC has new domains and will let you be a .pirateITworld.comICANN has been promising choose-your-own top-level domains for four years. Result so far: .NYET By Kevin Fogarty 1 comment May 17, 2012, 10:45 AM — The Internet Corporation for Assigned Names and Numbers (ICANN), the august body that keeps straight ...Governments make a grab fo […]
  • ICANN Gets New Independent Objector - WebProNews
    ICANN Gets New Independent ObjectorWebProNewsBy Mike Fossum · 12 hours ago · Leave a Comment For a bit of backstory, the ICANN application platform, called TLD application system (TAS), was taken down after a glitch was reported which allowed applicants to see each other's user names and file ...ICANN names 'Independent Objector" to new gTLDsi […]
  • ICANN targets reopening generic top-level domain system - Computerworld
    The Express TribuneICANN targets reopening generic top-level domain systemComputerworldBy John Ribeiro IDG News Service - Internet Corporation for Assigned Names and Numbers (ICANN) hopes to reopen on May 22 its system that will allow people to apply for a variety of new generic top-level domains (gTLDs). The TAS (TLD application system) ...ICANN to reopen a […]
  • ICANN Targets May 22 for Reopening GTLD Application System - PCWorld
    HostwayICANN Targets May 22 for Reopening GTLD Application SystemPCWorldBy John Ribeiro, IDG News Internet Corporation for Assigned Names and Numbers (ICANN) hopes to reopen on May 22 its system that will allow people to apply for a variety of new generic top-level domains (gTLDs). The TAS (TLD application system) was ...ICANN to Re-Open Domain Application S […]
  • ICANN extends Net domain application date -- again - CNET
    ICANN extends Net domain application date -- againCNETMeantime, some big players, including Go Daddy and Demand Media, are revealing their bets on a world beyond dot-com. by Paul Sloan May 9, 2012 12:40 PM PDT Follow @paulsloan The Internet's primary governing body -- ICANN -- is struggling to get its act ...Bungling ICANN will now reveal “.vegas”, othe […]
  • ICANN to notify domain applicants of data breaches - Chicago Tribune
    Globe and MailICANN to notify domain applicants of data breachesChicago TribuneThe US non-profit Internet Corporation for Assigned Names and Numbers (ICANN), which operates the Internet's naming system, has been inviting Organizations to apply to own and run their own domains, for example .apple, .nyc or .gay, ...ICANN to inform domain name applicants o […]