Carrefour SA and its subsidiary Atacadão successfully secured the transfer of the domain name <portalcartaoatacadao.sbs> in a WIPO UDRP proceeding. The sole panelist ruled that the domain, which combines the distinctive ‘ATACADAO’ trademark with Portuguese terms for ‘portal’ and ‘card,’ was registered in bad faith to mimic the Complainants’ branded credit card services. Despite the domain resolving to an inactive error page, the panel ordered its transfer to the Complainants.
Case Snapshot
| Case Number | D2025-4326 |
|---|---|
| Complainant | Atacadão – Distribuição, Comércio E Indústria LTDA.Carrefour SA |
| Respondent | gabriel silva, Carpau Agropecuaria LTDA |
| Disputed Domain | portalcartaoatacadao.sbs |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2025-12-23 |
| Panelist | Marcello do Nascimento |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4326 |
Threats to Regional Consumer Trust and Financial Service Expansion
The registration of the disputed domain name <portalcartaoatacadao.sbs> poses a direct threat to the regional digital expansion and commercial reputation of Atacadão and its parent company, Carrefour SA. By pairing the highly distinctive ATACADÃO trademark with the Portuguese words ‘portal’ and ‘cartao’ (card), the domain directly targets the complainants’ retail consumer base in South America, specifically those looking for online credit card and financial portal services. This brand-plus-keyword tactic creates an immediate risk of customer confusion, as users looking for legitimate credit card account access could easily mistake the unauthorized domain for an official portal or endorsed service, thereby disrupting the brand’s control over its digital customer touchpoints.
Although the domain resolved to an inactive error page at the time of the dispute and did not have documented history of active phishing or financial data breaches, its passive holding represents a latent operational threat. For retail groups expanding into digital financial services, inactive domains containing highly targeted terms like ‘portal’ and ‘cartao’ function as pre-positioned infrastructure that can be activated instantly for fraudulent activities, such as credential harvesting or corporate impersonation. The presence of such domains forces brand owners to bear significant defensive monitoring costs to prevent these addresses from being converted into live phishing nodes that could compromise customer credentials.
Furthermore, the choice of the generic Top-Level Domain ‘.sbs’ illustrates how bad-faith actors exploit alternative gTLDs to bypass traditional brand monitoring systems focused on country-code or legacy extensions. This tactic dilutes the exclusive trademark rights of Carrefour and Atacadão by dispersing branded keywords across newer registry spaces. For trademark professionals, this case demonstrates that bad-faith registration persists even without active content, making proactive enforcement and prompt administrative filings necessary to secure vulnerable customer-facing terms before they are weaponized.
Analysis of Panel Reasoning: Trademark Mimicry, Passive Holding, and Targeted Bad Faith
In evaluating the first element of the UDRP, the Panel focused on how the disputed domain name <portalcartaoatacadao.sbs> incorporates the Complainants’ ATACADÃO trademark in its entirety. The omission of the Portuguese diacritical mark does not prevent a finding of confusing similarity. Furthermore, the Panel determined that adding the descriptive Portuguese terms ‘portal’ and ‘cartao’ (meaning card) does not mitigate confusing similarity. Instead, because these terms directly correspond to the Complainants’ actual online customer portal and branded credit card services (‘Cartão Atacadão’), their inclusion actually reinforces the false impression that the domain is officially associated with or endorsed by the Complainants. Under established UDRP standards, the generic Top-Level Domain (gTLD) ‘.sbs’ was disregarded as a technical requirement.
Regarding the second element, the Panel established that the Respondent, identified as gabriel silva, Carpau Agropecuaria LTDA, possesses no rights or legitimate interests in the disputed domain name. The Respondent is not commonly known by the name ‘portalcartaoatacadao’ and has never received any authorization, license, or business permission from the Complainants to use the ATACADÃO / ATACADAO trademarks. Crucially, at the time of the Complaint and the subsequent decision, the domain resolved to an inactive error page. The Panel verified that this passive holding does not constitute a bona fide offering of goods or services, nor does it represent a legitimate noncommercial or fair use of the trademarked term.
In the bad faith analysis, the Panel weighed the extensive regional reputation of the ATACADÃO trademark, which has been registered in Brazil since October 10, 1978, and in the European Union since May 24, 2015. Given that these trademark rights long predate the registration of <portalcartaoatacadao.sbs>, and that the mark is highly distinctive, the deliberate pairing of ‘ATACADAO’ with specific financial service terms (‘portal’ and ‘cartao’) points directly to target-specific registration. The Panel concluded that the Respondent registered and used the domain in bad faith. Under the doctrine of passive holding, the lack of an active website did not prevent a finding of bad faith registration and use, especially considering the high risk of consumer confusion regarding the Complainants’ customer portal.
For brand owners and intellectual property professionals, this decision reinforces the critical necessity of monitoring brand-plus-keyword domains within emerging gTLDs such as ‘.sbs’. Even in the absence of evidence of active digital fraud, phishing, or direct financial losses, the strategic alignment of a domain with a brand’s customer-facing financial portals represents an immediate threat to brand integrity. Securing transfers of passively held domains through the UDRP remains a vital, proactive step to prevent future unauthorized activation and to safeguard regional digital expansion in highly competitive retail and credit sectors.
Analyzing the Brand-Plus-Keyword Strategy and Passive Bad Faith in the Atacadão Dispute
The Complainants’ enforcement strategy succeeded by demonstrating that the addition of descriptive Portuguese terms directly targeted their specific retail and financial operations. Rather than treating "portal" and "cartao" as generic additions, the Complainants established that these terms specifically mimicked their established "Cartão Atacadão" credit card and customer portal services. By pairing their highly distinctive ATACADÃO trademark—which holds a Brazilian registration dating back to October 10, 1978—with these service-specific terms, the Complainants convinced the Panel that the domain <portalcartaoatacadao.sbs> was deliberately engineered to foster a false association with their brand. This framework allowed the Complainants to successfully argue that the omission of Portuguese diacritics and the inclusion of the ".sbs" gTLD were irrelevant to the confusing similarity analysis.
Furthermore, the Complainants overcame the challenge of passive holding by leveraging the well-known status of the ATACADÃO mark, particularly within Brazil. Although the disputed domain name resolved to an inactive error page and there was no evidence of active phishing or consumer financial losses, the Complainants successfully argued that bad faith was present from inception. The targeted pairing of a well-known retail trademark with consumer financial terms made it highly implausible that the Respondent, gabriel silva of Carpau Agropecuaria LTDA, registered the domain without prior knowledge of the Complainants. This legal positioning demonstrates that brand owners can successfully secure domain transfers in newer generic Top-Level Domains even in the absence of active website deployment, provided they can prove the registration directly targets highly distinctive brand identifiers.
Practical Recommendations
- Implement proactive domain monitoring that tracks core trademarks combined with localized commercial keywords (e.g., ‘portal’, ‘cartao’, ‘credit’) across emerging generic Top-Level Domains (gTLDs) like ‘.sbs’ to preemptively flag brand-plus-keyword abuses.
- Do not delay enforcement against inactive sites; leverage the passive holding doctrine in UDRP filings when a domain incorporates a highly distinctive trademark paired with terms that directly reference your proprietary customer services.
- Document and present clear evidence of the direct link between the respondent’s chosen descriptive terms (such as ‘cartao’ for retail credit cards) and your actual consumer-facing products to prove bad faith registration and targeting.
- Incorporate localized, industry-specific terms (such as Portuguese financial and portal keywords) into your brand protection team’s defensive registration matrices when expanding regional digital services.
Frequently Asked Questions (FAQ)
Why was the domain <portalcartaoatacadao.sbs> considered confusingly similar to the ATACADÃO trademark?
The Panel determined that the domain incorporates the well-known ATACADÃO mark in its entirety. The addition of the Portuguese terms ‘portal’ and ‘cartao’ (card) reinforces the likelihood of confusion, as these words explicitly reference the Complainants’ legitimate customer portal and credit card services.
How did the Panel establish bad faith given that the disputed domain was inactive?
Under the UDRP, passive holding does not preclude a finding of bad faith. The Panel concluded that the deliberate pairing of a globally recognized trademark with highly specific, descriptive terms related to the brand’s financial services served no legitimate purpose and was clearly intended to target the Complainants’ business.
What evidence confirmed that the Respondent lacked rights or legitimate interests in the domain?
The Complainants demonstrated that the Respondent is not commonly known by the name ‘portalcartaoatacadao’ and has no business, contractual, or authorized relationship with Atacadão or Carrefour. Furthermore, the Respondent provided no evidence of any bona fide offering of goods or services associated with the domain.
What business risk does this case highlight regarding brand-plus-keyword domains?
This case illustrates the risk of bad actors using ‘brand-plus-keyword’ tactics to mimic corporate portals. Even if a domain is currently inactive, such registrations facilitate potential future phishing or financial credential harvesting, posing a significant security threat to retail customers and requiring active monitoring of branded terms across various gTLDs.
Is your brand being targeted by deceptive ‘brand + keyword’ domains?
The unauthorized pairing of your trademark with service terms like ‘portal’ or ‘cartao’ creates significant confusion for your customers and threatens your digital infrastructure. Learn how to identify and recover these high-risk impersonation domains before they are weaponized.
This case note is for informational purposes only and is not legal advice.



