When providing hosting and domain registration services, there are known and various risks including fraud, DOS attacks etc…
Unfortunately in this case, it was customer based fraud and this is something almost impossible to predict or stop. A customer from Brazil purchased a domain and hosting from us and then reported the transaction as unauthorized. As many businesses will know, even rock solid proof that the purchase was authorized is often a futile attempt in fighting fraudulent credit card chargebacks.
After the chargeback we naturally canceled their hosting and moved the domain back into our name and it was parked as any standard domain to prevent them from making use of it.
How I learned about UDRP (Uniform Domain-Name Dispute-Resolution Policy) & WIPO First Hand
UDRP is a sort of internet domain lawsuit challenging the rights of the current owner under the pretext that it contains trademarked words and/or is misleading and confusing over whatever brand or rights they claim to hold. It can cost as little as $1000 USD to file a UDRP complaint and if successful the domain will be transferred to the complainant (assuming you do not file a lawsuit to fight it). UDRP is something any TLD (Top Level Domain) under ICANN that you agree to accepting when registering any ICANN administered TLD (so virtually almost all TLDs).
According to Bradesco Bank and counsel from Brazil, the domain registered by our customer “ativacoestabelabradesco.com” allegedly contained one of their trademarked names in Portugese. To us the domain was gibberish and a random string of characters that we didn’t recognize, and we had never heard of the name, likeness or bank in Brazil since none of us even speak Portugese or have ever visited Brazil. They e-mailed our administrative contact with a notice of the UDRP filed with WIPO.
What is WIPO (World Intellectual Property Organization)?
It is a third party organization established through ICANN for UDRP disputes. They act as a quasi-judicial court for domain name disputes and are supposed to be impartial, however a Google search reveals many outrageous complaints about “rogue” adjudicators or judges. In essence and practice the adjudicators do not have to follow precedent cases or even apply all the rules as I believe my experience shows, there is a wide range of discretion for the adjudicator.
What does it take to win a UDRP Dispute?
Here is what WIPO says as of 2016-02-13 (note our dispute was back in 2013): https://www.icann.org/resources/pages/policy-2012-02-25-en#4
By definition the following tests must be met:
4. Mandatory Administrative Proceeding.
This Paragraph sets forth the type of disputes for which you are required to submit to a mandatory administrative proceeding. These proceedings will be conducted before one of the administrative-dispute-resolution service providers listed at www.icann.org/en/dndr/udrp/approved-providers.htm (each, a “Provider”).
a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a “complainant”) asserts to the applicable Provider, in compliance with the Rules of Procedure, that
b. Evidence of Registration and Use in Bad Faith. For the purposes of Paragraph 4(a)(iii), the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:
(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) you have registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that you have engaged in a pattern of such conduct; or
(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location.
c. How to Demonstrate Your Rights to and Legitimate Interests in the Domain Name in Responding to a Complaint. When you receive a complaint, you should refer to Paragraph 5 of the Rules of Procedure in determining how your response should be prepared. Any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, shall demonstrate your rights or legitimate interests to the domain name for purposes of Paragraph 4(a)(ii):
(i) before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services; or
(ii) you (as an individual, business, or other organization) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or
(iii) you are making a legitimate noncommercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the trademark or service mark at issue.