It is necessary for the Complainant, if he is to succeed in this administrative proceeding, to prove each of the three elements referred to in paragraph 4(a) of the Policy, namely that:
(i) the disputed domain name is identical or confusingly similar to a trade mark in which the Complainant has rights; and
(ii) the Respondent has no rights or legitimate interest in respect of the disputed domain name; and
(iii) the disputed domain name has been registered and is being used in bad faith.
The Panel will proceed to establish whether the Complainant has discharged the burden of proof in respect of the three elements referred to above.
With respect to Complainant’s rights, the alleged registration of the disputed domain name without rights or legitimate interest and bad faith, the Panel holds as follows:
The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.
Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 37,4 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 5,360 branches capillary and well distributed throughout the Country, with market shares of more than 21% in most Italian regions, the Group offers its services to approximately 14,6 million customers. Moreover, the international network specialised in supporting corporate customers is present in 26 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.
On May 26, 2020, the Respondent registered the domain name <INTESA-SECURITY.COM>, considering that the same is connected to a website which has been blocked by Google Safe Browsing through a warning page.
It is more than obvious that the domain name at issue is identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA”. As a matter of fact, the aforesaid domain name exactly reproduce the well-known trademark “INTESA”, with the addition of the English descriptive term “SECURITY” as second word of the disputed domain name.
The Respondent has no rights on the disputed domain name, and any use of the trademarks “INTESA” has to be authorized by the Complainant. Nobody has been authorized or licensed by the above-mentioned banking group to use the domain name at issue.
The domain name at stake does not correspond to the name of the Respondent and, to the best of the Panel´s knowledge, the Respondent is not commonly known as “INTESA-SECURITY”. Had the Respondent wanted to present a bona fide criticism site then it would have been well advised to have included some negative modifier in its domain name and to have restricted itself to objective and reasoned criticism on its website. Reference is made also to: CAC case N° 101036, Boehringer Ingelheim Pharma GmbH & Co. KG vs. SKYRXSHOP - dulcolax.xyz and WIPO Case no. D2014-0306 Boehringer Ingelheim Pharma GmbH & Co. KG v. Klinik Sari Padma, BAKTI HUSADA.
The domain name <INTESA-SECURITY.COM> was registered and was used in bad faith.
The Complainant’s trademarks “INTESA” are distinctive and well known all around the world. The fact that the Respondent has registered a domain name that is identical with its distinctive part to the trademarks of the Complainant indicates that the Respondent had knowledge of the Complainant’s trademarks at the time of registration of the disputed domain name. In addition, if the Respondent had carried even a basic Google search in respect of the wordings “INTESA SANPAOLO” and “INTESA”, the same would have yielded obvious references to the Complainant. The Complainant submits an extract of a Google search in support of its allegation. This raises a clear inference of knowledge of the Complainant’s trademark on the part of the Respondent. Therefore, it is more than likely that the domain names at issue would not have been registered if it were not for Complainant’s trademark. This is a clear evidence of registration of the domain names in bad faith, see in this concern, Halifax Plc. v. Sontaja Sanduci, WIPO Case No. D2004-0237 and also CarrerBuilder LLC v. Stephen Baker, WIPO Case No. D2005-0251.
In addition, the contested domain name is not used for any bona fide offerings. More particularly, there are present circumstances indicating that, by using the domain name, the Respondent has registered or acquired the domain name primarily for the purpose of fraud, spying, selling or otherwise transferring the domain name registration to the Complainant who is the owner of the trademark or service mark for valuable consideration in excess of the Respondent’s documented out-of-pocket costs directly related to the domain name (par. 4(b)(i) of the Policy).
The contested domain name is not used for any bona fide offerings, even if it is connected to a Registrar’s web page without particular active contents, by now. In fact, countless UDRP decisions confirmed that the passive holding of a domain name with knowledge that the domain name infringes another party’s trademark rights is evidence of bad faith registration and use (see, in this regard, Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003, and also the panels’ consensus view on this point, as reflected in the “WIPO Overview of WIPO Views on Selected UDRP Questions” at paragraph 3.2.).
In particular, the consensus view of WIPO UDRP panellists is that passive holding of a disputed domain name may, in appropriate circumstances, be consistent with a finding of bad faith. However, panels have tended to make such findings in circumstances in which, for example, a complainant’s mark is well-known, and there is no conceivable use that could be made of the domain name that would not amount to an infringement of the complainant’s trade mark rights.
As regards to the first aspect, the Complainant has already extensively proved the renowned of its trademarks. For what concern the second circumstance, it must be underlined that it is objectively not possible to understand what kind of use the Respondent could make with a domain name which do exactly correspond to the Complainant’s trademarks and that result so similar to the Complainant’s domain names currently used by the latter to provide online banking services for enterprises.
In the light of the above, the present case completely matches to the above requirements and the passive holding of the contested domain names has to be considered a use in bad faith: «The very act of having acquired [the domain name] raises the probability of Respondent using [it] in a manner that is contrary to Complainant’s legal rights and legitimate interests. [...] To argue that Complainant should have to wait for some future use of the disputed domain names to occur in order to demonstrate Respondent’s bad faith use is to render intellectual property law into an instrument of abuse by the Respondent. The result would be the likelihood of the accumulation and use of disputed domain names for the implicit, if not explicit, purpose of misappropriating or otherwise unlawfully undermining Complainant’s goodwill and business. The fact that this misappropriation may occur in any as yet undetermined manner at an uncertain future date does not negate Respondent’s bad faith. On the contrary, it raises the specter of continuing bad faith abuse by Respondent of Complainant’s Mark, name and related rights and legitimate business interests» (Decision No. D2004-0615, Comerica Inc. v. Horoshiy, Inc., concerning just the case of a bank).
The risk of a wrongful use of the domain name at issue is even higher in the present case, since the Complainant has already been targeted by some cases of phishing in the past few years. Such a practice consists of attracting the customers of a bank to a web page which imitates the real page of the bank, with a view to having customers disclose confidential information like a credit card or bank account number, for the purpose of unlawfully charging such bank accounts or withdrawing money out of them (see Decisions CAC UDRP No. 103177 INTESASANPAOLO-ALERT.COM and No. 103209 INTESASANPAOLO-SECURE.COM). It happened that some clients of the Complainant have received e-mail messages asking, by the means of web pages which were very similar to the Complainant’s ones, the sensitive data of the Clients, like user ID, password etc. Then, some of the Clients have been cheated of their savings.
Also, in the present case, the Complainant believes that the current owner registered the disputed domain name with the “phishing” purpose, in order to induce and divert the Complainant’s legitimate customers to its website and steal their money.
Even excluding any “phishing” purposes or other illicit use of the domain name in the present case, anyway we could find no other possible legitimate use of <INTESA-SECURITY.com>. The sole further aim of the owner of the domain name under consideration might be to resell it to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).
In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.
|