The ZA Central Registry (ZACR) has announced that it now offers a Registry Lock security feature for the EPP-based domain names under its management.
This feature helps to prevent domain name hijacking and prevents domain names from being transferred without authorisation.
“Registry Lock is a function that can now be activated at the Registry level to prevent the unauthorised transfer of domain names for the following domain name extensions: co.za, net.za, org.za, web.za, as well as the four gTLDs of .africa, .capetown, .durban, and .joburg,” said ZACR CEO Lucky Masilela.
The process requires EPP-accredited registrars to provide the registry with a passphrase via a telephonic validation process to enable changes, such as updates, transfers, and deletes to be processed on a selected domain name.
ZACR said this manual intervention has the benefit of not being easily manipulated like fully automated systems.
Registry Lock incurs an additional cost to the normal domain name registration fee that users would pay, but ZACR said the value of this type of protection is immeasurable when compared to the reputational and revenue losses that a domain name holder may suffer as a result of their domain name being hijacked.
“Domain name holders are encouraged to take advantage of this service by contacting their EPP-accredited registrar (www.registry.net.za or www.registry.africa) to protect their domains from growing cyber threats and business interruption,” ZACR said.
ZACR acknowledged that in the past, concerns were raised around the lack of adequate security measures related to the .ZA domain name system.
“Specifically, in April 2019 it was reported that ‘South Africa’s .ZA domain is a security disaster waiting to happen,’ based on the premise that the .ZA namespace did not offer Registry Lock as a risk mitigation measure against domain name hijacking,” it said.
ZACR said the security of domain names in cyberspace is the collective responsibility of all stakeholders in the Internet value chain.
It added that it is imperative that domain name holders help prevent domain hijacking by using standard best security practices on their email accounts, such as implementing passphrases instead of passwords.
“ZACR will continue to keep abreast of security and other developments within the domain name ecosystem to maintain the integrity of its managed domain namespaces at all times,” the company said.