Decision for dispute CAC-UDRP-103493

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name.

The Complainant is the owner, among others, of the following registrations for the trademarks “INTESA”:

- International trademark registration n. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in class 36; and

- EU trademark registration n. 12247979 “INTESA”, applied on October 23, 2013 and granted on March 05, 2014, in classes 9, 16, 35, 36, 38, 41 and 42.

FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:

The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.

Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 37,4 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 5,360 branches capillary and well distributed throughout the Country, with market shares of more than 21% in most Italian regions, the Group offers its services to approximately 14.6 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1.000 branches and over 7,2 million customers. Moreover, the international network specialised in supporting corporate customers is present in 26 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.



The Complainant is also the owner, among the others, of the following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”: I<NTESASANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ, INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ and INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME>. All of them are now connected to the official website http://www.intesasanpaolo.com.



On May 26, 2020, the Respondent registered the domain name <INTESA-SECURITY.COM>.

It is more than obvious that the domain name at issue is identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”. As a matter of fact, INTESA-SECURITY.COM exactly reproduces my Client’s well-known trademark “INTESA”, with the mere addition of the English descriptive term “SECURITY”.

As underlined by countless WIPO decisions, “<Phishing> is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user Ids, passwords, etc. A fake website is created that is similar to that of a legitimate organization, typically a financial institution such as a bank or insurance company and this information is used for identity theft and other nefarious activities”. See, in this concern, Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.

Several WIPO decisions also stated that the “Use of a disputed domain name for the purpose of defrauding Internet users by the operation of a “phishing” website is perhaps the clearest evidence of registration and use of a domain name in bad faith” (Case No. D2012-2093, The Royal Bank of Scotland Group plc v. Secret Registration Customer ID 232883 / Lauren Terrado). In particular, the UDRP jurisprudence considered phishing attacks as “proof of both bad faith registration and use in bad faith”. In this sense, it shall also bear in mind WIPO Case No. D2006-0614, Grupo Financiero Inbursa, S.A. de C.V. v. inbuirsa, where the finding was that: “The Respondent registered the domain name because in all probability he knew of the Complainant and the type of services offered by the Complainant and tried to attract Internet users for commercial gain by “spoofing” and “phishing”. The Panel notes that these are practices which have become a serious problem in the financial services industry worldwide. This is a compelling indication both of bad faith registration and of use under paragraph 4(b)(iv)”. See also Finter Bank Zürich v. N/A, Charles Osabor, WIPO Case No. D2005-0871 and Banca Intesa S.p.A. v. Moshe Tal, WIPO Case No. D2006-0228, that directly involves the Complainant.

In conclusion, even excluding any current “phishing” purposes or other illicit use of the domain name in the present case (which, however, has been confirmed by Google Safe Browsing with a warning page), there is no other possible legitimate use of <INTESA-SECURITY.COM>. The sole further aim of the owner of the domain name under consideration might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).

In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.

NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.

In this case, the Provider has employed the required measures to achieve actual notice of the Complaint to the Respondent, and the Respondent was given a fair opportunity to present its case.

By the Rules, paragraph 5(c)(i), it is expected of a respondent to: “[r]espond specifically to the statements and allegations contained in the complaint and include any and all bases for the Respondent (domain name holder) to retain registration and use of the disputed domain name…”

In this proceeding, the Respondent has not used the opportunity provided to it under the Rules and has not submitted a substantive Response addressing the contentions of the Complainant and the evidence submitted by it.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

It is necessary for the Complainant, if he is to succeed in this administrative proceeding, to prove each of the three elements referred to in paragraph 4(a) of the Policy, namely that:

(i) the disputed domain name is identical or confusingly similar to a trade mark in which the Complainant has rights; and
(ii) the Respondent has no rights or legitimate interest in respect of the disputed domain name; and
(iii) the disputed domain name has been registered and is being used in bad faith.

The Panel will proceed to establish whether the Complainant has discharged the burden of proof in respect of the three elements referred to above.

With respect to Complainant’s rights, the alleged registration of the disputed domain name without rights or legitimate interest and bad faith, the Panel holds as follows:

The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.

Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 37,4 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 5,360 branches capillary and well distributed throughout the Country, with market shares of more than 21% in most Italian regions, the Group offers its services to approximately 14,6 million customers. Moreover, the international network specialised in supporting corporate customers is present in 26 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.






On May 26, 2020, the Respondent registered the domain name <INTESA-SECURITY.COM>, considering that the same is connected to a website which has been blocked by Google Safe Browsing through a warning page.

It is more than obvious that the domain name at issue is identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA”. As a matter of fact, the aforesaid domain name exactly reproduce the well-known trademark “INTESA”, with the addition of the English descriptive term “SECURITY” as second word of the disputed domain name.


The Respondent has no rights on the disputed domain name, and any use of the trademarks “INTESA” has to be authorized by the Complainant. Nobody has been authorized or licensed by the above-mentioned banking group to use the domain name at issue.

The domain name at stake does not correspond to the name of the Respondent and, to the best of the Panel´s knowledge, the Respondent is not commonly known as “INTESA-SECURITY”. Had the Respondent wanted to present a bona fide criticism site then it would have been well advised to have included some negative modifier in its domain name and to have restricted itself to objective and reasoned criticism on its website. Reference is made also to: CAC case N° 101036, Boehringer Ingelheim Pharma GmbH & Co. KG vs. SKYRXSHOP - dulcolax.xyz and WIPO Case no. D2014-0306 Boehringer Ingelheim Pharma GmbH & Co. KG v. Klinik Sari Padma, BAKTI HUSADA.


The domain name <INTESA-SECURITY.COM> was registered and was used in bad faith.

The Complainant’s trademarks “INTESA” are distinctive and well known all around the world. The fact that the Respondent has registered a domain name that is identical with its distinctive part to the trademarks of the Complainant indicates that the Respondent had knowledge of the Complainant’s trademarks at the time of registration of the disputed domain name. In addition, if the Respondent had carried even a basic Google search in respect of the wordings “INTESA SANPAOLO” and “INTESA”, the same would have yielded obvious references to the Complainant. The Complainant submits an extract of a Google search in support of its allegation. This raises a clear inference of knowledge of the Complainant’s trademark on the part of the Respondent. Therefore, it is more than likely that the domain names at issue would not have been registered if it were not for Complainant’s trademark. This is a clear evidence of registration of the domain names in bad faith, see in this concern, Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.

In addition, the contested domain name is not used for any bona fide offerings. More particularly, there are present circumstances indicating that, by using the domain name, the Respondent has registered or acquired the domain name primarily for the purpose of fraud, spying, selling or otherwise transferring the domain name registration to the Complainant who is the owner of the trademark or service mark for valuable consideration in excess of the Respondent’s documented out-of-pocket costs directly related to the domain name (par. 4(b)(i) of the Policy).

The contested domain name is not used for any bona fide offerings, even if it is connected to a Registrar’s web page without particular active contents, by now. In fact, countless UDRP decisions confirmed that the passive holding of a domain name with knowledge that the domain name infringes another party’s trademark rights is evidence of bad faith registration and use (see, in this regard, Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003, and also the panels’ consensus view on this point, as reflected in the “WIPO Overview of WIPO Views on Selected UDRP Questions” at paragraph 3.2.).

In particular, the consensus view of WIPO UDRP panellists is that passive holding of a disputed domain name may, in appropriate circumstances, be consistent with a finding of bad faith. However, panels have tended to make such findings in circumstances in which, for example, a complainant’s mark is well-known, and there is no conceivable use that could be made of the domain name that would not amount to an infringement of the complainant’s trade mark rights.

As regards to the first aspect, the Complainant has already extensively proved the renowned of its trademarks. For what concern the second circumstance, it must be underlined that it is objectively not possible to understand what kind of use the Respondent could make with a domain name which do exactly correspond to the Complainant’s trademarks and that result so similar to the Complainant’s domain names currently used by the latter to provide online banking services for enterprises.

In the light of the above, the present case completely matches to the above requirements and the passive holding of the contested domain names has to be considered a use in bad faith: «The very act of having acquired [the domain name] raises the probability of Respondent using [it] in a manner that is contrary to Complainant’s legal rights and legitimate interests. [...] To argue that Complainant should have to wait for some future use of the disputed domain names to occur in order to demonstrate Respondent’s bad faith use is to render intellectual property law into an instrument of abuse by the Respondent. The result would be the likelihood of the accumulation and use of disputed domain names for the implicit, if not explicit, purpose of misappropriating or otherwise unlawfully undermining Complainant’s goodwill and business. The fact that this misappropriation may occur in any as yet undetermined manner at an uncertain future date does not negate Respondent’s bad faith. On the contrary, it raises the specter of continuing bad faith abuse by Respondent of Complainant’s Mark, name and related rights and legitimate business interests» (Decision No. D2004-0615, Comerica Inc. v. Horoshiy, Inc., concerning just the case of a bank).

The risk of a wrongful use of the domain name at issue is even higher in the present case, since the Complainant has already been targeted by some cases of phishing in the past few years. Such a practice consists of attracting the customers of a bank to a web page which imitates the real page of the bank, with a view to having customers disclose confidential information like a credit card or bank account number, for the purpose of unlawfully charging such bank accounts or withdrawing money out of them (see Decisions CAC UDRP No. 103177 INTESASANPAOLO-ALERT.COM and No. 103209 INTESASANPAOLO-SECURE.COM). It happened that some clients of the Complainant have received e-mail messages asking, by the means of web pages which were very similar to the Complainant’s ones, the sensitive data of the Clients, like user ID, password etc. Then, some of the Clients have been cheated of their savings.

Also, in the present case, the Complainant believes that the current owner registered the disputed domain name with the “phishing” purpose, in order to induce and divert the Complainant’s legitimate customers to its website and steal their money.

Even excluding any “phishing” purposes or other illicit use of the domain name in the present case, anyway we could find no other possible legitimate use of <INTESA-SECURITY.com>. The sole further aim of the owner of the domain name under consideration might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).

In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.