Decision for dispute CAC-UDRP-102935

The Panel is not aware of any pending or decided proceeding related to the disputed domain names.

The Complainant is the owner, among others, of the following registrations for the trademarks “INTESA” and “INTESA SANPAOLO”:

- International trademark registration n. 920896 “INTESA SANPAOLO”, granted on March 07, 2007, in classes 9, 16, 35, 36, 38, 41 and 42;
- International trademark registration n. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in connection with class 36;
- EU trademark registration n. 5301999 “INTESA SANPAOLO”, applied on September 08, 2006 and granted on June 18, 2007, in classes 35, 36 and 38;
- EU trademark registration n. 12247979 “INTESA”, filed on October 23, 2013 and granted on March 5, 2014, in connection with classes 9, 16, 35, 36 38, 41 and 42;
- Italian trademark registration n. 1042140 “INTESA SANPAOLO”, filed on February 2, 2007, granted on March 7, 2007, and duly renewed in connection with classes 9, 16, 35, 36, 38, 41 and 42.

Moreover, the Complainant is also the owner, among the others, of the following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”: INTESASANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ, INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ and INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME.

FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT:

PRELIMINARY REQUEST FOR CONSOLIDATION OF MULTIPLE RESPONDENTS

According to the Registrar verification carried out on February 25, 2020, the Respondents details should be the followings:

CONTROLLA‐I‐TUOI‐DATI‐INTESASANPAOLO.COM,
Organization Mario Bertinelli
Address of the seat/residence via cataldo
City TO
Country IT
ZIP 20019
Address for correspondence via cataldo
City TO
Country IT
ZIP 20019
E‐mail bertinelli2526@libero.it
Telephone +39 336 3525214
Fax

VERIFICADATI‐INTESASANPAOLO.COM,
Organization Giacomo Natale
Address of the seat/residence via cernia
City TO
Country IT
ZIP 20019
Address for correspondence via cernia
City TO
Country IT
ZIP 20019
E‐mail giacomino1119@libero.it
Telephone +39 335 2524456
Fax

VERIFICA‐I‐TUOI‐DATI‐INTESASANPAOLO.COM
Organization Giacomo Natale
Address of the seat/residence via cernia
City TO
Country IT
ZIP 20019
Address for correspondence via cernia
City TO
Country IT
ZIP 20019
E‐mail giacomino1119@libero.it
Telephone +39 335 2524456
Fax

However, the Complainant believes there is only one Respondent in the present case, for the following reasons:

According to paragraph 4.11.2 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition, WIPO panels have articulated principles governing the question of whether a single complaint filed with WIPO may be brought against multiple respondents. In particular, “Where a complaint is filed against multiple respondents, panels look at whether (i) the domain names or corresponding websites are subject to common control, and (ii) the consolidation would be fair and equitable to all parties. Procedural efficiency would also underpin panel consideration of such a consolidation scenario”.

In this regard, “Panels have considered a range of factors, typically present in some combination, as useful to determining whether such consolidation is appropriate, such as similarities in or relevant aspects of (i) the registrants’ identity(ies) including pseudonyms, (ii) the registrants’ contact information including email address(es), postal address(es), or phone number(s), including any pattern of irregularities, (iii) relevant IP addresses, name servers, or webhost(s), (iv) the content or layout of websites corresponding to the disputed domain names, (v) the nature of the marks at issue (e.g., where a registrant targets a specific sector), (vi) any naming patterns in the disputed domain names (e.g., <mark-country> or <mark-goods>), (vii) the relevant language/scripts of the disputed domain names particularly where they are the same as the mark(s) at issue, (viii) any changes by the respondent relating to any of the above items following communications regarding the disputed domain name(s), (ix) any evidence of respondent affiliation with respect to the ability to control the disputed domain name(s), (x) any (prior) pattern of similar respondent behavior, or (xi) other arguments made by the complainant and/or disclosures by the respondent(s)”.

Most of the above factors are included in the present case. First of all, it shall be considered that all the disputed domain names have common DNS, common Registrar and common service of privacy protection. In addition, it shall be underlined that almost all of the new Registrants’ contact details provided by the concerned Registrar are fake. In particular:

- there is no "via cataldo" in Turin;
- there is no "via cernia" in Turin.

Furthermore, it shall be noted that the domain names at issue are currently carrying out phishing activity against the Complainant, and that is a clear evidence of a common pattern of conduct which is aimed to damage Intesa Sanpaolo and its trademark rights on the signs “INTESA” and “INTESA SANPAOLO” (see the Complaint filed for further details in this concern).

There is something more. It is clear that there is also a naming pattern in the disputed domain names, as all of them exactly reproduces the trademark “INTESA SANPAOLO” with the addition of Italian expressions such as "controlla i tuoi dati" (control your data), "verifica dati" (data verification) and "verifica i tuoi dati" (verify your data), that are typical of internet banking, a business sector in which the Complainant is fully involved.

To sum up, the disputed domain names:

- Have common DNS;
- Have common Registrar;
- Have common service of privacy protection;
- Have fake addresses indicated in the whois;
- Are carrying out phishing activity against the Complainant within a common patter of conduct;
- Have been registered in the context of a naming pattern, as they all exactly reproduce Complainant’s trademark + generic/business terms.

Therefore, it is undeniable the disputed domain names only appear to be registered by different subjects, although they clearly have been registered by the same subject/entity and/or are subject to a common control.

As confirmed by WIPO in Decision D2015-2244 (Moncler S.p.A. v. Yao Tom, Lee Fei, Geryi Wang), “it is clear that all Domain Names are prima facie either own[ed] by the same individual […] or are subject to a common control. Hence the Complainant requests the Panel to treat all Domain Names in a single proceeding. As a matter of fact, it would be quite cumbersome and inequitable for the Complainant to start three separate proceedings in this matter, while the consolidation would be fair and equitable to all parties, in view of the aforesaid common ownership or control. Consolidation would permit to deal in a single proceeding multiple domain name disputes arising from a common nucleus of facts and involving common legal issues. Doing so promotes the shared interests of the parties in avoiding unnecessary duplication of time, effort and expenses, and generally fulfils the fundamental goals of the Policy”.

The above approach perfectly squares the present case, considering that the relevant criteria for consolidation have been met.

In the light of the above, the Complainant respectfully submits a request for consolidation.

***

THE DOMAIN NAMES ARE IDENTICAL OR CONFUSINGLY SIMILAR TO A TRADEMARK OR SERVICE MARK IN WHICH THE COMPLAINANT HAS RIGHTS

The Complainant is the leading Italian banking group and also one of the protagonists in the European financial arena. Intesa Sanpaolo is the company resulting from the merger (effective as of January 1, 2007) between Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., two of the top Italian banking groups.

Intesa Sanpaolo is among the top banking groups in the euro zone, with a market capitalisation exceeding 39,3 billion euro, and the undisputed leader in Italy, in all business areas (retail, corporate and wealth management). Thanks to a network of approximately 3,800 branches capillary and well distributed throughout the Country, with market shares of more than 15% in most Italian regions, the Group offers its services to approximately 11,8 million customers. Intesa Sanpaolo has a strong presence in Central-Eastern Europe with a network of approximately 1.000 branches and over 7,2 million customers. Moreover, the international network specialised in supporting corporate customers is present in 25 countries, in particular in the Mediterranean area and those areas where Italian companies are most active, such as the United States, Russia, China and India.

It is more than obvious that the domain names at issue are identical, or – at least – confusingly similar, to the Complainant’s trademarks “INTESA SANPAOLO” and “INTESA”. As a matter of fact, the aforesaid domain names exactly reproduce the well-known trademark “INTESA SANPAOLO”, with the mere addition of Italian expressions such as “CONTROLLA I TUOI DATI”, “VERIFICA DATI” e “VERIFICA I TUOI DATI” (meaning "check your data", "verify data" and "verify your data").


THE RESPONDENT HAS NO RIGHTS OR LEGITIMATE INTERESTS IN RESPECT OF THE DOMAIN NAMES

The Respondent has no rights on the disputed domain names, and any use of the trademarks “INTESA SANPAOLO” and “INTESA” has to be authorized by the Complainant. Nobody has been authorized or licensed by the above-mentioned banking group to use the domain names at issue.

The domain names at stake do not correspond to the name of the Respondent and, to the best of our knowledge, the Respondent is not commonly known as “CONTROLLA-I-TUOI-DATI-INTESASANPAOLO” and/or “VERIFICADATI-INTESASANPAOLO” and/or “VERIFICA-I-TUOI-DATI-INTESASANPAOLO”.

Lastly, we do not find any fair or non-commercial uses of the domain names at stake (see www.controlla-i-tuoi-dati-intesasanpaolo.com, www.verificadati-intesasanpaolo.com and www.verifica-i-tuoi-dati-intesasanpaolo.com home-page.


THE DOMAIN NAMES WERE REGISTERED AND ARE USED IN BAD FAITH

The domain names CONTROLLA-I-TUOI-DATI-INTESASANPAOLO.COM, VERIFICADATI-INTESASANPAOLO.COM and VERIFICA-I-TUOI-DATI-INTESASANPAOLO.COM are currently passively held.
However, thy were registered and are used in bad faith. Besides, it shall be underlined that the webpage connected to the domain names CONTROLLA-I-TUOI-DATI-INTESASANPAOLO.COM and VERIFICADATI-INTESASANPAOLO.COM is currently blocked by Google Safe Browsing because of a suspected phishing activity.


The Complainant’s trademarks “INTESA SANPAOLO” and “INTESA” are distinctive and well known all around the world. The fact that the Respondent has registered three domain names that are confusingly similar to it indicates that the Respondent had knowledge of the Complainant’s trademarks at the time of registration of the disputed domain names. In addition, if the Respondent had carried even a basic Google search in respect of the wordings “INTESA SANPAOLO” and “INTESA”, the same would have yielded obvious references to the Complainant. The Complainant submits an extract of a Google search in support of its allegation. This raises a clear inference of knowledge of the Complainant’s trademark on the part of the Respondent. Therefore, it is more than likely that the domain names at issue would not have been registered if it were not for Complainant’s trademark. This is a clear evidence of registration of the domain names in bad faith.

In addition, the disputed domain names are not used for any bone fide offerings. More particularly, there are present circumstances indicating that, by using the domain names, the Respondent has registered or acquired the domain names primarily for the purpose of selling, renting, or otherwise transferring the domain names registration to the Complainant who is the owner of the trademark or service mark or to a competitor of Complainant, for valuable consideration in excess of the Respondent’s documented out-of-pocket costs directly related to the domain names (par. 4(b)(i) of the Policy).

The disputed domain names are not used for any bone fide offerings, even if they are not connected to any web site, by now. In fact, countless UDRP decisions confirmed that the passive holding of a domain name with knowledge that the domain name infringes another party’s trademark rights is evidence of bad faith registration and use (see, in this regard, Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003, and also the panels’ consensus view on this point, as reflected in the “WIPO Overview of WIPO Views on Selected UDRP Questions” at paragraph 3.2.).

In particular, the consensus view of WIPO UDRP panellists is that passive holding of a disputed domain name may, in appropriate circumstances, be consistent with a finding of bad faith. However, panels have tended to make such findings in circumstances in which, for example, a complainant’s mark is well-known, and there is no conceivable use that could be made of the domain name that would not amount to an infringement of the complainant’s trade mark rights.

As regards to the first aspect, the Complainant has already extensively proved the renowned of its trademarks. For what concern the second circumstance, it must be underlined that it is objectively not possible to understand what kind of use the Respondent could make with 3 domain names which do exactly correspond to the Complainant’s trademarks and that result so similar to the Complainant’s domain names currently used by the latter to provide online banking services for enterprises.

In the light of the above, the present case completely matches to the above requirements and the passive holding of the disputed domain names has to be considered a use in bad faith: «The very act of having acquired [the domain name] raises the probability of Respondent using [it] in a manner that is contrary to Complainant’s legal rights and legitimate interests. [...] To argue that Complainant should have to wait for some future use of the disputed domain names to occur in order to demonstrate Respondent’s bad faith use is to render intellectual property law into an instrument of abuse by the Respondent. The result would be the likelihood of the accumulation and use of disputed domain names for the implicit, if not explicit, purpose of misappropriating or otherwise unlawfully undermining Complainant’s goodwill and business. The fact that this misappropriation may occur in any as yet undetermined manner at an uncertain future date does not negate Respondent’s bad faith. On the contrary, it raises the spectre of continuing bad faith abuse by Respondent of Complainant’s Mark, name and related rights and legitimate business interests» (Decision No. D2004-0615, Comerica Inc. v. Horoshiy, Inc., concerning just the case of a bank.

The risk of a wrongful use of the domain names at issue is even higher in the present case, since the Complainant has already been targeted by some cases of phishing in the past few years. Such a practice consists of attracting the customers of a bank to a web page which imitates the real page of the bank, with a view to having customers disclose confidential information like a credit card or bank account number, for the purpose of unlawfully charging such bank accounts or withdrawing money out of them. It happened that some clients of the Complainant have received e-mail messages asking, by the means of web pages which were very similar to the Complainant’s ones, the sensitive data of the Clients, like user ID, password etc. Then, some of the Clients have been cheated of their savings.

Also in the present case, the Complainant believes that the current owner registered the disputed domain names with the “phishing” purpose, in order to induce and divert the Complainant’s legitimate customers to its website and steal their money and the above could be easily verified given the particular nature of the disputed domain names (typosquatting).

Even excluding any “phishing” purposes or other illicit use of the domain names in the present case, anyway we could find no other possible legitimate use of CONTROLLA-I-TUOI-DATI-INTESASANPAOLO.COM, VERIFICADATI-INTESASANPAOLO.COM and VERIFICA-I-TUOI-DATI-INTESASANPAOLO.COM. The sole further aim of the owner of the domain names under consideration might be to resell them to the Complainant, which represents, in any case, an evidence of the registration and use in bad faith, according to par. 4(b)(i) («circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name»).

In the light of the above, the third and final element necessary for finding that the Respondent has engaged in abusive domain names registration and use has been established.

NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain names are identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain names (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain names have been registered and are being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

1. Identical or confusingly similar
The Complainant contended that three disputed domain names <CONTROLLA-I-TUOI-DATI-INTESASANPAOLO.COM>, <VERIFICADATI-INTESASANPAOLO.COM> and <VERIFICA-I-TUOI-DATI-INTESASANPAOLO.COM>, possessed by the same domain registrant, are confusingly similar to its registered trademark "INTESA SANPAOLO". The Complainant also stated that in addition to reproducing the Complainant’s well known marks “INTESA SANPAOLO”, addition of Italian expressions such as “CONTROLLA I TUOI DATI”, “VERIFICA DATI” and “VERIFICA I TUOI DATI” (meaning "check your data", "verify data" and "verify your data"), does not obviate such confusing similarity.

The Complainant’s registered mark “INTESA SANPAOLO” is a name formed by the merger of two prominent Italian banks “Banca Intesa” and “Sanpaolo IMI”; both are recognized names in European banking industries. The Complainant owns several trademarks comprising the terms “INTESA” and “INTESA SANPAOLO”, such as the international trademark n° 920896 “INTESA SANPAOLO” and n° 793367 “INTESA”. Moreover, the Complainant is also the owner of numerous domain names bearing the signs “INTESA SANPAOLO” and “INTESA”.

The disputed domain names fully incorporate the Complainant’s trademark. The addition of Italian expressions meaning “check your data”, “verify data” and “verify your data”, are terms with slight neutral to negative connotations. As indicated by the Complainant and suggested by many UDRP decisions, slight differences between domain names and registered marks such as the addition of a descriptive term in connection with the mark, should NOT adequately distinguish the domain name from the incorporated mark. In this case, the added terms are not sufficient to escape the finding that the disputed domain names are identical to the Complainant's trademark and does not change the overall impression of the designations as being connected to its trademark.

The Panel therefore concludes that the disputed domain names are confusingly similar to a trademark in which the Complainant has rights within the meaning of paragraph 4(a)(i) of the Policy.

2. No rights or legitimate interests

Although the Respondent did not file an administratively compliant (or any) response, the Complainant is still required to make out a prima facie case that the Respondent lacks rights or legitimate interests. Once such prima facie case is made, the Respondent carries the burden of demonstrating rights or legitimate interests in the domain name. If the Respondent fails to do so, the Complainant is deemed to have satisfied paragraph 4(a)(ii) of the Policy.

The Complainant has offered three arguments to support its contention that the Respondent has no rights or legitimate interests in respect of the disputed domain names. Firstly, the Respondent is not known as the disputed domain names; secondly, neither license or authorization has been granted to the Respondent; thirdly, current websites did not indicate any sign of non-commercial or fair use.

According to the information of the Respondent as provided by the Registrar, the name of the Respondent’s organization is protected by privacy. Therefore, there is no evidence suggests that the Respondent is in anyway associated with the name “INTESA” or “INTESA SAUPAOLO”. The Complainant also contended that it does not carry out any activity for, nor has any business with the Respondent. It has never licensed nor authorized the Respondent to make any use of the Complainant’s trademark INTESA SAOPAOLO.

On the basis of preponderance of evidence, and in the absence of any evidence to the contrary or any administratively compliant response being put forward by the Respondent, the Panel finds that the Respondent does not have rights or legitimate interests in the disputed domain names within the meaning of paragraph 4(a)(ii) of the Policy.

3. Bad faith
By trying to establish the bad faith element of paragraph 4(a) of the Policy, the Complainant has primarily attempted to rely on paragraph 4(b)(i) and 4(b)(iv) of the Policy.

There are a couple of instances cited by the Complainant that can be used to prove that the domain name is registered and used in bad faith.

As far as registration goes, UDRP Panels have consistently held that the mere registration of a domain name that is confusingly similar to a famous or widely-known trademark by an unaffiliated entity can by itself create a presumption of bad faith. The Complainant’s trademark “INTESA SAOPAOLO” is not a common word and a simple Google search reveals all results and references related to the Complainant’s brand. Moreover, although inconclusive, it is suspicious that the respondent registered three similar domain names incorporating the Complainant’s trademark at the same time.
As far as usage of the domain name, all three domain names have been passively held. It has been a well-known consensus as held by UDRP panels, that the non-use of a domain name (including a blank or “coming soon” page) would not prevent a finding of bad faith under the doctrine of passive holding (WIPO Overview §3.3). In “passive holding” scenarios, where the panellist is allowed to examine a totality of circumstances including the degree of distinctiveness or reputation of the complainant’s mark, the failure of the respondent to submit a response or to provide any evidence of actual or contemplated good-faith use, the respondent’s concealing its identity or use of false contact details, and so on (WIPO Overview 3.0 §3.1.4). Here the disputed domain names are not used for any bone fide offerings.

Moreover, the Complainant has offered evidence that two of the disputed domain names <CONTROLLA-I-TUOI-DATI-INTESASANPAOLO.COM> and <VERIFICADATI-INTESASANPAOLO.COM> are already blocked by Google Safe Browsing because of suspected phishing activities. Longer term, this is likely to mislead the Complainant’s customer group and taint the business goodwill of the Complainant’s. It could also harm privacy interests of the Complainant’s customers. UDRP Panels have categorically held that the use of a domain name for illegal activity other than to host a website, such as phishing, may constitute bad faith (WIPO Overview 3.0 § 3.4).

In view of the above, in the absence of any evidence to the contrary (or any administratively compliant response) being put forward by the Respondent, the Panel determines that the disputed domain names were registered and are being used in bad faith within the meaning of paragraph 4(a)(iii) of the Policy.