You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

ISSUE:    A.1.b

Registrar obligations to collect, securely maintain and validate data

 

Priority:
 

RAA Final Report:  N/A


Issue/Request

LEA:
Registrars and all associated third-party beneficiaries to Registrars are required to collect and securely maintain the following data:
(i) Source IP address;
(ii) HTTP Request Headers
(a) From
(b) Accept
(c) Accept‐Encoding
(d) Accept‐Language
(e) User‐Agent
(f) Referrer
(g) Authorization
(h) Charge‐To
(i) If‐Modified‐Since
(iii) Collect and store the following data from registrants:
(a) First Name:
(b) Last Name:
(c) E‐mail Address:
(d) Alternate E‐mail address
(e) Company Name:
(f) Position:
(g) Address 1:
(h) Address 2:
(i) City:
(j) Country:
(k) State:
(l) Enter State:
(m) Zip:
(n) Phone Number:
(o) Additional Phone:
(p) Fax:
(q) Alternative Contact First Name:
(r) Alternative Contact Last Name:
(s) Alternative Contact E‐mail:
(t) Alternative Contact Phone:
(iv) Collect data on all additional add‐on services purchased during the registration process.
(v) All financial transactions, including, but not limited to credit card, payment information.
Each registrar is required to validate the following data upon receipt from a registrant:
(1) Technical Data
(a) IP addresses used to register domain names.
(b) E‐mail Address
(i) Verify that registration e‐mail address(es) are valid.
(2) Billing Data
(a) Validate billing data based on the payment card industry (PCI standards), at a minimum, the latest version of the PCI Data Security Standard (DSS).
(3) Contact Data
(a) Validate data is being provided by a human by using some anti‐automatic form submission technology (such as dynamic imaging) to ensure registrations are done by humans.
(b) Validate current address WHOIS data and correlate with in‐house fraudulent data for domain contact information and registrant’s IP address.
(4) Phone Numbers
(i) Confirm that point of contact phone numbers are valid using an automated system.
(ii) Cross validate the phone number area code with the provided address and credit card billing address

Source: 
LEA original Request to RAA-DT

Notes

Additional information regarding requests:

  • Not included in LEA Code of Conduct

Source: 


Discussion Points

Description

Date Discussed

 

  • ICANN to seek clarification regarding the request, e.g., definition of “all associated third party beneficiaries” and other questions.  Will defer discussion until ICANN receives further input from LEA

18 Nov 2011

Proposed Text

Open


Status/Outcome

Under Discussion


Explanation

Open


COMMENTS:

Comments may be submitted using the “Add Comment” feature below.






To Leave a Comment on This Page:  Any user logged into Confluence will see an "Add Comment" button at the bottom of this page, which can be used to leave a comment.  To log in, click the "Log In" button on the gray control bar toward the top of the page, and enter your user name and password.  If you do not have a user name and password, please e-mail seth.greene@icann.org with "Log In" in the subject line. 

  • No labels