Namecheap said it “vigorously fights to combat online fraud of all kinds” but had to balance this with “the right to due process for everyone.”
It said Telegraph Money had been able to buy the Credit Suisse domain in part because the account used had been open for seven years and had never been reported in connection with any wrongdoing. However, Namecheap agreed that selling the domain was a mistake and said it would tighten procedures.
A spokesman added: “Since this domain was never registered with us before, our customer service representative mistakenly did not recognise the prior alleged abuse. As a result they did not follow protocol to escalate it to the appropriate department for a final review. This was human error and we have taken steps to ensure the correct procedure is followed in future.”
While it topped the NCSC’s abuse list for 2020, the company insisted it had made progress and its share of abusive website registrations had dropped to 15pc this month. The NCSC declined to comment.
As for its sale of a Parcel Force web address, the spokesman said: “Namecheap is a US-based company and our customer service department was probably not familiar with all brands associated with Royal Mail. However, we are constantly assessing and updating our banned keywords.”
Royal Mail said it worked hard to prevent and detect fraud, taking down 30,000 fraudulent domains in the past year and sharing intelligence with the police. A spokesman added: “This joint intelligence work has resulted in the arrest of eight suspected fraudsters in police raids.”
This newspaper has offered to transfer rogue web addresses to their rightful owners.
The Financial Conduct Authority, the City regulator, has added the Credit Suisse website to its list of clone firms. The list is public, but the FCA lacks the powers to ban websites or make companies act on its information. It declined to comment.