Security researchers may have to go another round over whether a .bank domain would cut down on the number of successful phishing attempts targeting financial organizations and their customers.

Mikko Hypponen, F-Secure’s research chief, sparked the debate earlier this month when he posted on the F-Secure blog that a .bank domain would greatly benefit the financial industry, partially because, he contended, cybercrooks wouldn’t be able to afford the large fees to register a site on it.

A number of other security bloggers took the other side of the argument, naming myriad ways fraudsters would get around the new domain name.

Mikko shot back this week. And we’ll bring you more when the debate is joined…again.

On the argument that home users would not catch on to the new domain name:

The main point of such a new TLD would not be that users would suddenly get a clue and would learn to read the web addresses correctly (although for those who do read the URLs, this would obviously be an improvement). The main point is that it would allow the users’ software to work better. Security software and browser toolbars would essentially have a “white list” to work with.

That cybercriminals could afford the high prices for a domain name:

Only if they can prove that they are a real bank. And they would not be able to register misleading domain names. And in the worst case, a rogue domain would be shit down quickly. The possibility of losing their investment in registering such a domain wouldn’t be worth the risk for criminals.

You can read all of Hypponnen’s arguments at the F-Secure weblog.