Decision for dispute CAC-UDRP-107818

The Panel is not aware of any other legal proceedings which are pending or decided and which relate to the disputed domain name <secures-intesasanpaolo.com>.

The Complainant states and provides evidence to support that it is the owner, among others, of multiple trademark registrations for the trademarks “INTESA” and “INTESA SANPAOLO”:

- International trademark registration n. 920896 “INTESA SANPAOLO”, granted on March 7, 2007 and duly renewed, in connection with classes 9, 16, 35, 36, 38, 41 and 42;

- International trademark registration n. 793367 “INTESA”, granted on September 4, 2002 and duly renewed, in connection with class 36;

- EU trademark registration n. 5301999 “INTESA SANPAOLO”, filed on September 8, 2006, granted on June 18, 2007 and duly renewed, in connection with the classes 35, 36 and 38;

- EU trademark registration n. 12247979 “INTESA”, filed on October 23, 2013 and granted on March 5, 2014, in connection with classes 9, 16, 35, 36, 38, 41 and 42.

Moreover, the Complainant is also the owner, among others, of the following domain names bearing the signs “INTESA SANPAOLO” and “INTESA”: INTESASANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ, INTESA-SANPAOLO.COM, .ORG, .EU, .INFO, .NET, .BIZ and INTESA.COM, INTESA.INFO, INTESA.BIZ, INTESA.ORG, INTESA.US, INTESA.EU, INTESA.CN, INTESA.IN, INTESA.CO.UK, INTESA.TEL, INTESA.NAME, INTESA.XXX, INTESA.ME. All of them are now connected to the official website http://www.intesasanpaolo.com.

The Complainant is Intesa Sanpaolo S.p.A., a leading Italian banking group and one of the major players in the European financial sector. The Complainant was formed through the merger of Banca Intesa S.p.A. and Sanpaolo IMI S.p.A., effective as of January 1, 2007.

The Complainant is among the top banking groups in the eurozone, with a market capitalization exceeding EUR 91.62 billion. It holds a leading position in Italy across all business segments, including retail banking, corporate banking, and wealth management. The Complainant operates a network of approximately 2,800 branches throughout Italy, serving around 13.9 million customers, with market shares exceeding 13% in most regions.

The Complainant also maintains a significant presence in Central and Eastern Europe, with approximately 900 branches serving more than 7.6 million customers. In addition, its international network — focused on supporting corporate clients — operates in 25 countries, particularly in the Mediterranean region and in markets where Italian companies are active, including the United States, Russia, China, and India.

The disputed domain name <secures-intesasanpaolo.com> was registered on January 3, 2025.

COMPLAINANT:

1. The disputed domain name is confusingly similar to the protected mark

The Complainant asserts that the disputed domain name <secures-intesasanpaolo.com> is identical, or at least confusingly similar, to its registered trademarks INTESA SANPAOLO and INTESA. According to the Complainant, the disputed domain name wholly incorporates its well-known INTESA SANPAOLO mark, adding only the term “secures” at the beginning, separated by a hyphen.

In the Complainant’s view, the addition of the word “secures” does not serve to distinguish the disputed domain name from its trademarks. On the contrary, it reinforces the association with the Complainant, as the term directly relates to the security and financial services the Complainant provides. The Complainant contends that the overall structure of the disputed domain name is misleading and likely to cause confusion among Internet users, who may believe that <secures-intesasanpaolo.com> is connected to, endorsed by, or operated by the Complainant.

The Complainant further notes that the INTESA SANPAOLO trademark enjoys widespread recognition in the banking and financial sector, both in Italy and internationally. It argues that the distinctive nature of its trademarks, combined with the composition of the disputed domain name, gives rise to a significant risk of confusion among Internet users.

2. Respondent does not have any rights or legitimate interest in the disputed domain name

The Complainant contends that the Respondent has no rights or legitimate interests in respect of the disputed domain name. Any use of the trademarks INTESA and INTESA SANPAOLO must be authorized or licensed by the Complainant. In this case, no such authorization or license has been granted by the Complainant for the use of the disputed domain name.

Moreover, the disputed domain name does not correspond to the name of the Respondent, and, to the best of the Complainant’s knowledge, the Respondent is not commonly known by the name “secures-intesasanpaolo”.

Finally, the Complainant has identified no evidence of fair use or non-commercial use of the disputed domain name by the Respondent.

3. The disputed domain name has been registered and is being used in bad faith

The Complainant asserts that the disputed domain name <secures-intesasanpaolo.com> was registered and is being used in bad faith.

According to the Complainant, its trademarks INTESA and INTESA SANPAOLO are distinctive and well known globally, particularly in the banking and financial sectors. The Complainant contends that the Respondent must have been aware of its trademark rights when registering the disputed domain name, which fully incorporates the INTESA SANPAOLO mark, preceded by the term “secures.” In the Complainant’s view, even a basic online search for “INTESA SANPAOLO,” “INTESA,” or “secures intesa sanpaolo” would have revealed the Complainant and its extensive trademark rights. The Complainant submits a screenshot of a Google search as evidence and argues that it is implausible that the disputed domain name was selected without knowledge of the Complainant’s brand. As such, the Complainant claims the registration was clearly opportunistic and indicative of bad faith.

The Complainant further argues that the disputed domain name is not being used in connection with any bona fide offering of goods or services. Rather, the Complainant contends that the Respondent appears to be passively holding the disputed domain name without any legitimate purpose.

In this context, the Complainant notes that the disputed domain name closely resembles domain names used by the Complainant for online banking services. The Complainant asserts that no plausible legitimate use could be made of such a domain name that would not create a risk of confusion or infringement.

The Complainant also refers to the high risk of abuse in light of past phishing incidents involving the Complainant’s customers. According to the Complainant, the disputed domain name could easily be used to deceive users by imitating official banking websites and capturing sensitive information — a practice that has previously resulted in financial harm to the Complainant’s clients. Based on the structure and wording of the disputed domain name, the Complainant suspects that it may have been registered with malicious intent, potentially for phishing purposes.

In addition, the Complainant argues that the Respondent may have registered the disputed domain name with the intention to sell it back to the Complainant for a profit. In support of this argument, the Complainant invokes paragraph 4(b)(i) of the Policy, which lists as an example of bad faith registration circumstances indicating that the domain name was acquired primarily for the purpose of selling it to the Complainant (or a competitor) for valuable consideration in excess of out-of-pocket costs.

Finally, the Complainant states that its legal representatives sent a cease and desist letter to the Respondent on January 30, 2025, requesting the voluntary transfer of the disputed domain name. The Respondent did not respond or comply with this request.

Therefore, the Complainant contends that the requirements of the Policy have been met and that the disputed domain name should be transferred to it. 

RESPONDENT:

NO ADMINISTRATIVELY COMPLIANT RESPONSE HAS BEEN FILED.

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name is identical or confusingly similar to a trademark or service mark in which the Complainant has rights (within the meaning of paragraph 4(a)(i) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the Respondent to have no rights or legitimate interests in respect of the disputed domain name (within the meaning of paragraph 4(a)(ii) of the Policy).

The Complainant has, to the satisfaction of the Panel, shown the disputed domain name has been registered and is being used in bad faith (within the meaning of paragraph 4(a)(iii) of the Policy).

The Panel is satisfied that all procedural requirements under UDRP were met and there is no other reason why it would be inappropriate to provide a decision.

The UNIFORM DOMAIN NAME DISPUTE RESOLUTION POLICY of the Internet Corporation for Assigned Names and Numbers (ICANN) (the “Policy”) provides that a complainant must prove each of the following to obtain transfer or cancellation of a domain name:

1. that respondent’s domain name is identical or confusingly similar to a trademark or service mark in which complainant has rights; and

2. that respondent has no rights or legitimate interests in respect of the domain name; and

3. the domain name has been registered and is being used in bad faith.

1) The disputed domain name is confusingly similar to a trademark in which the Complainant has rights (Para.4(a)(i) of the Policy).

The Complainant has provided evidence of its ownership of numerous registered trademarks for “INTESA” and “INTESA SANPAOLO” in multiple jurisdictions. The Panel notes that “INTESA SANPAOLO” is a well-known and distinctive trademark in the financial and banking sectors, both in Italy and internationally.

The disputed domain name <secures-intesasanpaolo.com> incorporates the Complainant’s well-known mark “INTESA SANPAOLO” in its entirety, preceded by the term “secures” and separated by a hyphen. The Panel finds that the addition of the term “secures” does not prevent a finding of confusing similarity. On the contrary, it reinforces the association with the Complainant, as it relates to the security and financial services the Complainant offers.

Pursuant to Section 1.8 of the WIPO Overview 3.0, “where the relevant trademark is recognizable within the disputed domain name, the addition of other terms (whether descriptive, geographical, pejorative, meaningless, or otherwise) does not prevent a finding of confusing similarity under the first element.” In this case, the Complainant’s mark “INTESA SANPAOLO” is clearly recognizable and remains the dominant element of the disputed domain name.

The Panel further notes that the prefix “secures” may increase the likelihood of confusion by suggesting that the disputed domain name relates to a security function or service offered by the Complainant. This reinforces, rather than diminishes, the impression that the disputed domain name is affiliated with the Complainant.

The Panel agrees that where a trademark constitutes the most prominent or distinctive component of a domain name, and the remainder consists of descriptive or non-distinctive terms, the threshold for establishing confusing similarity is met (see LEGO Juris A/S v. Domain Tech Enterprises, WIPO Case No. D2011-2286; Kabushiki Kaisha Toshiba dba Toshiba Corporation v. WUFACAI, WIPO Case No. D2006-0768).

In conclusion, the Panel finds that the disputed domain name <secures-intesasanpaolo.com> is confusingly similar to the Complainant’s registered trademarks INTESA and INTESA SANPAOLO, within the meaning of paragraph 4(a)(i) of the Policy.

2) The Respondent lacks rights or legitimate interests in the disputed domain name (Paragraph 4(a)(ii) of the Policy)

Under the Policy, the Complainant is required to establish a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain name. Once such a prima facie case is made, the burden of production shifts to the Respondent to demonstrate rights or legitimate interests in the domain name (see WIPO Overview 3.0, section 2.1).

In this case, the Complainant contends that the Respondent has no rights or legitimate interests in respect of the disputed domain name. The Complainant states that no license, permission, or other authorization has been granted to the Respondent to use its trademarks “INTESA” or “INTESA SANPAOLO” or to register any domain name incorporating them.

Moreover, the disputed domain name does not correspond to the name of the Respondent, and there is no evidence that the Respondent is commonly known by the name “secures-intesasanpaolo” or any similar designation. Nor has the Respondent provided any evidence of bona fide use or preparations to use the disputed domain name in connection with a legitimate offering of goods or services, or for any non-commercial or fair use.

The Respondent has not submitted a Response and has therefore failed to rebut the Complainant’s prima facie case or to assert any rights or legitimate interests.

In light of the above, the Panel finds that the Respondent has no rights or legitimate interests in the disputed domain name within the meaning of paragraph 4(a)(ii) of the Policy.

3) The disputed domain name has been registered and is being used in bad faith (Paragraph 4(a)(iii) of the Policy)

The Panel finds that the Complainant’s trademarks “INTESA” and “INTESA SANPAOLO” are distinctive and widely recognized, particularly in the banking and financial services sector, both in Italy and internationally. The disputed domain name <secures-intesasanpaolo.com> incorporates the Complainant’s well-known trademark “INTESA SANPAOLO” in its entirety, with the mere addition of the word “secures”, separated by a hyphen.

Given the notoriety of the Complainant’s trademarks, the Panel finds it more likely than not that the Respondent was aware of the Complainant’s rights at the time of registering the disputed domain name. The Complainant has submitted that even a basic Google search of the terms “INTESA SANPAOLO” or “SECURES INTESA SANPAOLO” would have yielded obvious references to the Complainant, which supports an inference of knowledge.

The Panel finds persuasive the Complainant’s argument that the disputed domain name was registered with the intention to exploit the reputation of the Complainant’s marks. The composition of the disputed domain name strongly suggests an affiliation with the Complainant, particularly in the context of banking services, where the term “secures” may be perceived as referring to security-related offerings.

Furthermore, the disputed domain name is not being used for any bona fide offering of goods or services. At the time of the Complaint, the disputed domain name did not resolve to an active website. The passive holding of a domain name, particularly one that incorporates a well-known trademark, can support a finding of bad faith where no plausible legitimate use by the respondent exists (see Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003, and WIPO Overview 3.0, section 3.3).

In addition, the Complainant refers to past instances of phishing attacks targeting its customers and contends that the disputed domain name was registered with a similar deceptive intent. While there is no direct evidence of phishing in this case, the nature of the disputed domain name and the Complainant’s prior experience with similar misuse increase the plausibility of such a risk. Even absent evidence of actual misuse, the risk of abusive use is sufficient to support a finding of bad faith where no legitimate purpose is apparent (see Comerica Inc. v. Horoshiy, Inc., WIPO Case No. D2004-0615).

The Complainant has also submitted that it sent a cease and desist letter to the Respondent requesting voluntary transfer of the disputed domain name, but received no reply. The Respondent’s failure to respond further supports an inference of bad faith.

Taken together, the totality of the circumstances—including the fame of the Complainant’s trademarks, the composition of the disputed domain name, the lack of any legitimate use, the risk of consumer deception, and the Respondent’s silence—supports a finding that the disputed domain name was registered and is being used in bad faith.

Accordingly, the Panel finds that the Complainant has satisfied the requirements of paragraph 4(a)(iii) of the Policy.