On-line ADR Center of the Czech Arbitration Court (CAC)

Panel Decision

§ 15 of the UDRP Rules (Rules), § 9 of the CAC’s Supplemental Rules (Supplemental Rules)

Case No. 103115
Time of Filing 2020-06-19 08:19:08
Case Administrator
Name Iveta Špiclová
Organization Intesa Sanpaolo S.p.A.
Authorized Representative
Organization Perani Pozzi Associati
Name Leonida Marchi
Other Legal Proceedings
The Panel is not aware of any other legal proceedings pending or decided which relate to the disputed domain name.
Identification of rights
1. The Complainant has adduced evidence that it is the owner of the following registered trademarks:

- International trademark No. 793367 “INTESA” in class 36 of the Nice Classification (NCL), registered on 4 September 2002 and duly renewed;

- International trademark No. 920896 “INTESA SANPAOLO” in NCL classes 9, 16, 35, 36, 41, 42, registered on 7 March 2007 and duly renewed;

- EU trademark No. 12247979 “INTESA” in NCL classes 35, 36 and 38, registered on 5 March 2014;

- EU trademark registration No. 5301999 “INTESA SANPAOLO” in NCL classes 9, 16, 35, 36, 38, 41 and 42, registered on 18 June 2007 and duly renewed.

For information: NCL class 36 covers services related to financial or monetary affairs, within which the services of banking establishments form the first example given for this NCL class' scope.

2. The Complainant has adduced evidence that it is the registrant of the following domain name which integrates the above marks: <INTESASANPAOLO.COM>.

It further asserts that it is the registrant of the following TLD equivalents or variants of <INTESASANPAOLO.COM>: .ORG, .EU, .INFO, .NET, .BIZ, INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ as well as of the domain names INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME.

3. The Respondent registered the disputed domain name <INTESA-SAN-PAOLO-SECURITY.COM> through the ICANN-accredited registrar NameCheap Inc. on 6 March 2020.
Factual Background

The Complainant, Intesa Sanpaolo, is Italy's leading banking group, having a highly extensive coverage there geographically and in terms of its offerings. It is furthermore among the eurozone's top banking groups with a market capitalisation exceeding €27.2 billion. The group has a strong presence in Central and Eastern Europe with a network of some 1,000 branches and over 7.2 million customers, and is present in other regions of the world, including the United States, China, Russia and India.

The group's trademarks are complemented by its several domain names, all of which today link to its official website <INTESASANPAOLO.COM>.

The disputed domain name <INTESA-SAN-PAOLO-SECURITY.COM> is not being used in connection with any bone fide offerings, and appears not to be connected to any functional website.

The Complainant has been the target of phishing in the past few years. This practice consists with respect to a bank's customers in misleading them through wrongful use of a domain name into disclosing confidential information such as a credit card or bank account number for the purpose of unlawfully charging against the victims' bank accounts or withdrawing money from them. Some of the Complainant's customers have been cheated of their savings by these means.

On 24 March 2020, the Complainant’s attorneys sent the Respondent a cease and desist letter that requested voluntary transfer of the disputed domain name to the Complainant. The Respondent did not comply with the request.



It is more than obvious that the disputed domain name is identical or at least confusingly similar to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”: <INTESA-SAN-PAOLO-SECURITY.COM> exactly reproduces the Complainant's well-known trademark “INTESA SANPAOLO” with the mere addition of the English descriptive term “SECURITY”.


The use of the trademarks “INTESA SANPAOLO” and “INTESA” in the disputed domain name is neither authorized nor licensed. Nor does "INTESA-SAN-PAOLO-SECURITY" correspond to the Respondent's name or, to the best of the Complainant's knowledge, to a name that the Respondent is commonly known by.

Furthermore, there is no indication from a related website of any fair or non-commercial use of the disputed domain name.


The Complainant’s trademarks “INTESA” and “INTESA SANPAOLO” are distinctive and well known around the world. The fact that the Respondent registered a domain name that is confusingly similar to them indicates that the Respondent had knowledge of the Complainant’s trademarks at the time of registration of the disputed domain name. In addition, if the Respondent had carried even a basic Google search in respect of the terms “INTESA” and “INTESA SANPAOLO”, this would have yielded obvious references to the Complainant's brand, as the Complainant has shown in its submissions. This raises a clear inference of knowledge of the Complainant’s trademarks on the Respondent's part. Therefore, it is more than likely that the disputed domain name would not have been registered were it not for the Complainant’s trademarks. This is clear evidence of registration of the disputed domain name in bad faith.

In addition, the disputed domain name is not being used in connection with any bone fide offerings. More particularly, the circumstances indicate that the Respondent has registered or acquired the disputed domain name primarily for the purpose of selling, renting, or otherwise transferring the disputed domain name registration to the Complainant who is the owner of the trademark or to a competitor of the Complainant for valuable consideration in excess of the Respondent’s documented out-of-pocket costs directly related to the disputed domain name (cf. paragraph 4(b)(i) of the Policy).

UDRP decisions have confirmed that passive holding of a domain name with knowledge that the domain name infringes another’s trademark rights is evidence of bad faith registration and use (see Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003 and the consensus view in the “WIPO Overview of WIPO Views on Selected UDRP Questions” at paragraph 3.2).

Panels have notably tended to make such findings in circumstances of passive holding where a Complainant’s mark is well-known and there is no conceivable use that could be made of the domain name that would not amount to an infringement of the Complainant’s trade mark rights. In this regard, the Complainant has proved its trademarks' renown and it is objectively not possible to conceive of any such other use the Respondent might make of a domain name which so exactly corresponds to the Complainant’s trademarks and is so similar to the Complainant’s domain names used to provide online banking services for enterprises.

In the light of the above, the present case completely matches the above-cited reasoning and the passive holding of the contested domain name has to be considered a use in bad faith: "The very act of having acquired [the domain name] raises the probability of Respondent using [it] in a manner that is contrary to Complainant’s legal rights and legitimate interests. [...] To argue that Complainant should have to wait for some future use of the disputed domain names to occur in order to demonstrate Respondent’s bad faith use is to render intellectual property law into an instrument of abuse by the Respondent. The result would be the likelihood of the accumulation and use of disputed domain names for the implicit, if not explicit, purpose of misappropriating or otherwise unlawfully undermining Complainant’s goodwill and business. The fact that this misappropriation may occur in any as yet undetermined manner at an uncertain future date does not negate Respondent’s bad faith. On the contrary, it raises the specter of continuing bad faith abuse by Respondent of Complainant’s Mark, name and related rights and legitimate business interests" (Decision No. D2004-0615, Comerica Inc. v. Horoshiy, Inc., a case that also involved a bank).

Even excluding any “phishing” purposes or other illicit use of the disputed domain name in the present case, no other possible legitimate use of <INTESA-SAN-PAOLO-SECURITY.COM> is imaginable. The only further aim of the registrant of the disputed domain name would be to resell it to the Complainant, which represents, in any case, evidence of the registration and use in bad faith, according to paragraph 4(b)(i) of the Policy.

In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain name registration and use has been established.


No administratively compliant Response has been filed.
The Complainant has, to the satisfaction of the Panel, shown that the disputed domain name is identical or confusingly similar to a trade mark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).
No rights or legitimate interests
The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).
Bad faith
The Complainant has, to the satisfaction of the Panel, shown that the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).
Procedural Factors
The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.
Principal Reasons for the Decision
The facts of this uncontended case are crystal clear and no procedural issues are raised. It remains to state the reasons for arriving at the findings under the Policy's three-criteria test stated above.

(1) The initial and major part of the stem of the disputed domain name is identical to trade marks belonging to the Complainant. Addition within the stem of the generic term "security" serves solely to make the whole confusingly similar to the trade marks by including a descriptor -- that of security -- essential to the banking services that the Complainant provides and its customers expect. The TLD suffix ".com" is here simply a technical designator that can be disregarded for present purposes.

(2) No legitimate reason is disclosed from the Case File whereby the Respondent might be entitled to use the Complainant's trademarks. To the contrary, employing them in the manner just described creates a potential risk to the Complainant’s business and its customers' expectations.

(3) By the same token, creating that risk -- by registering a domain name like <INTESA-SAN-PAOLO-SECURITY.COM> corresponding to a bank and to the main concern customers have about their money at a bank -- is an act that implies corresponding knowledge and purpose. Absent an explanation from the Respondent, the Panel can only draw an inference of bad faith registration, the probability of some legitimate purpose being close to zero in these circumstances.

As to the remaining requirement under this limb of the Policy's three-part test, that of use of the disputed domain name in bad faith, the Panel notes the Decisions of previous Panels invoked by the Complainant regarding passive domain name holding.

In this regard, the Panel recalls that the Policy in Paragraph 4(b) itemizes four cardinal examples of circumstances evidencing registration and use of a domain name in bad faith and that the Policy does so in an explicitly non-exhaustive manner.

When reviewing Paragraph 4(b)'s non-exhaustive approach in the context of passive holding, the Panelist in the oft-cited Telstra Corporation Limited v. Nuclear Marshmallows case (WIPO Case No. D2000-0003) drew attention to the need to scrutinize the particular evidential circumstances in each case but pointed to indications in the uncontended case before him that sufficed to show bad faith use. One was the Respondent’s active concealment of identity. Another was giving false details upon registration and failing to correct them subsequently.

For its part, the Comerica Inc. v. Horoshiy, Inc. case (WIPO Case No. D2004-0615) concerned seven domain names registered by the same Respondent which all incorporated the same Complainant’s marks. The Decision in that (also uncontended) proceeding addressed the possibility that a Respondent might accumulate domain names infringing another’s rights with impunity in the absence of evidence of active use. There is no evidence in the present proceeding of such accumulation and potential weakening thereby of the Complainant's intellectual property; the Panel will thus not deal further with this part of the Complainant's argumentation.

The Panel instead takes note of the following circumstances:

(a) None of the forms of usual bad faith activity as itemized in the Policy has apparantly transpired;

(b) Technical difficulties were encountered by the Case Administrator in the procedural phase of this proceeding when trying to contact the Respondent via the e-mail address provided by the registrar and when seeking to access the disputed domain name website (firewall blocking);

(c) The Respondent’s identity as registered differs from that of the e-mail address given for the registrant and her postal address does not appear to be a credible one, as a cursory check made by the Panel in the exercise of its general powers has revealed;

(d) There is no proof contained in the Case File that the Respondent has engaged in phishing, although the Panel does note that the technical capability to use the disputed domain name to send e-mails is currently available to it.

The Panel finds that the above circumstances suggest at least active and continuing concealment of identity while the possibility of some form of active and probably surreptitious domain name abuse by technical means cannot be ruled out. Rather, given the nature of the bad faith registration of the disputed domain name already established above, there is a likelihood of there being some bad faith use even if it has not yet come to light.

The Panel thus concludes that the requirements of the third and final part of the Policy’s test have been sufficiently shown to be met in this proceeding. It thus finds for the Complainant and orders the transfer of the disputed domain name to it.
For all the reasons stated above, the Complaint is Accepted
and the disputed domain name(s) is (are) to be
INTESA-SAN-PAOLO-SECURITY.COM Transferred to the Complainant
Name Kevin J. Madders
Date of Panel Decision 2020-07-28
Publication of the Decision
Publish the Decision