Belfius Bank successfully secured the transfer of belfius-identiteit.net through a WIPO UDRP proceeding. The domain, which combined the bank’s trademark with the Dutch term for ‘identity,’ was found to be a case of bad faith passive holding. The panel ruled that the registration clearly targeted the bank’s Belgian customer base despite the lack of an active website.
Case Snapshot
| Case Number | D2025-4583 |
|---|---|
| Complainant | Belfius Bank SA / Belfius Bank NV |
| Respondent | Akija Minour |
| Disputed Domain | belfius-identiteit.net |
| Threat Tactic | Brand Plus Keyword |
| Decision Date | 2026-01-02 |
| Panelist | Beatrice Onica Jarka |
| Outcome | Transfer |
| Official Source | https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2025-4583 |
Strategic Identity-Themed Targeting and Financial Fraud Risk
The inclusion of the Dutch term ‘identiteit’ (identity) alongside the distinctive BELFIUS trademark creates a specific risk of credential harvesting and phishing. In the financial services sector, ‘identity’ is a sensitive keyword often associated with authentication, account security, and official verification portals. The registration of belfius-identiteit.net establishes a technical infrastructure that can be instantly activated to mimic a bank-sanctioned security gateway. Although the domain was held passively at the time of the dispute, its structure suggests a tactical intent to facilitate identity-related fraud against the Complainant’s customer base. This type of ‘sleeping’ infrastructure remains a high-priority threat because it allows a threat actor to launch a campaign with a deceptive, trust-exploiting URL on short notice, bypassing basic brand filters that might only look for the standalone brand name.
The geographic and linguistic targeting of this registration increases the commercial risk to the brand. By selecting a keyword in Dutch—a national language of Belgium where Belfius Bank is headquartered—the Respondent demonstrated a clear focus on the Complainant’s specific market demographics. This linguistic alignment increases the likelihood of successful consumer deception, as local customers are more likely to perceive a Dutch-language keyword as an official extension of the bank’s domestic digital services. For brand owners, this highlights a sophisticated form of targeting where the threat actor moves beyond generic English terms to language-specific markers that exploit local consumer trust and national identity. The resulting erosion of trust is a significant commercial risk, as customers may become wary of official digital communications if they associate the brand with unauthorized and deceptive domain variants.
Furthermore, the Respondent’s choice to provide incomplete contact details and conceal their true identity signals an intent to obstruct brand protection efforts. From a legal and operational perspective, this lack of transparency is a standard indicator of bad faith, intended to delay enforcement and hide the origins of the infrastructure. The use of a highly distinctive and invented mark like BELFIUS—which combines ‘Bel’ for Belgium and ‘fius’ for fiduciality—leaves no room for plausible deniability regarding the Respondent’s awareness of the bank. This case underscores the necessity of proactive monitoring for language-specific brand-plus-keyword combinations that target a financial entity’s core jurisdiction, even when those domains do not yet resolve to active websites.
Comprehensive Panel Assessment of Standing, Rights, and Bad Faith
The Panel’s analysis of the first element followed the standard standing test, which involves a straightforward comparison between the Belfius Bank trademark and the disputed domain name. The domain belfius-identiteit.net incorporates the BELFIUS mark in its entirety, separated by a hyphen from the term “identiteit.” The Panel found that the addition of this descriptive term—which translates to “identity” in Dutch—does not prevent a finding of confusing similarity. Because the BELFIUS mark is a highly distinctive and invented term (derived from “Bel” for Belgium and “fius” for fiduciality), its presence as the dominant component of the domain name is sufficient to establish that the domain is confusingly similar to the Complainant’s prior registrations dating back to 2012.
Regarding rights or legitimate interests, the Complainant successfully established a prima facie case that the Respondent had no authorization to use the mark. In UDRP proceedings, while the overall burden remains with the Complainant, the Respondent’s failure to reply to the contentions or provide any evidence of a legitimate non-commercial use resulted in a finding against them. The Panel noted that the Respondent, Akija Minour, is not commonly known by the disputed domain and holds no trademark rights that would justify the registration of a name so closely tied to a major financial institution’s brand, especially one with a significant presence in the Benelux region.
The finding of bad faith registration and use was rooted in the doctrine of passive holding and the specific linguistic targeting of the Complainant’s audience. Despite the domain not resolving to an active website at the time of the complaint, the Panel determined that the Respondent likely had actual knowledge of the BELFIUS mark at the time of registration in September 2025. This conclusion was bolstered by the inclusion of the Dutch keyword “identiteit,” which specifically targets the Belgian market where the Complainant is headquartered. Under the criteria established in the WIPO Overview 3.0, the non-use of a domain does not preclude a finding of bad faith when the trademark involved is as distinctive as the Complainant’s invented name.
Furthermore, the Respondent’s procedural conduct served as a supplementary indicator of bad faith. By providing incomplete contact details to the registrar and concealing their true identity, the Respondent demonstrated an intent to frustrate the Complainant’s efforts to protect its intellectual property. The Panel concluded that such concealment was not inspired by a legitimate need for privacy but was instead designed to make it difficult for the Complainant to enforce its rights against a domain that could easily be activated for credential harvesting or identity-themed fraud targeting banking customers.
Linguistic Integration and the Passive Holding Doctrine
The Complainant’s strategy focused on the high level of distinctiveness inherent in the BELFIUS mark, an invented term combining ‘Bel’ for Belgium and ‘fius’ for fiduciality. By emphasizing that the Respondent paired this unique trademark with ‘identiteit’—the Dutch word for ‘identity’—the Complainant established a clear intent to target a specific linguistic demographic in the Belgian financial market. This tactical focus on the language-specific keyword was instrumental in proving that the Respondent had the Complainant in mind at the time of registration. The Panel accepted that the incorporation of the entire BELFIUS mark alongside a descriptive term relevant to the banking sector’s identity verification processes creates a risk of confusion for consumers expecting official portal services.
Legally, the success of the case rested on the application of the passive holding doctrine to establish bad faith in the absence of an active website. The Complainant successfully argued that the combination of a highly distinctive financial mark with a keyword related to sensitive user data, such as ‘identity,’ constitutes a strategic threat even if the domain remains dormant. Furthermore, the Complainant highlighted the Respondent’s use of incomplete contact details and the concealment of their true identity as supplementary indicators of bad faith. This approach demonstrates how brand owners can secure transfers of deceptive infrastructure before it is activated for phishing or credential harvesting, effectively mitigating potential identity-theft risks before they materialize into documented financial losses for customers.
Practical Recommendations
- Prioritize enforcement against domain registrations that combine core trademarks with local-language keywords (e.g., the Dutch term ‘identiteit’) in markets where the brand has a significant presence, as panels recognize this as targeted bad faith.
- Leverage the ‘invented’ or ‘highly distinctive’ nature of a trademark (like BELFIUS) in UDRP filings to strengthen arguments for passive holding; panels are more likely to find bad faith in non-use when a domain has no plausible legitimate purpose.
- Incorporate registrar verification failures and the provision of incomplete or concealed registrant contact data into the complaint as formal evidence of bad faith, rather than relying solely on the content of the website.
- Do not wait for a domain to resolve to an active phishing site before taking action; proactively target ‘sleeping’ infrastructure that uses high-risk, identity-themed keywords to mitigate the risk of future credential-harvesting campaigns.
- Monitor for hyphenated brand-plus-keyword variations across gTLDs like .net, as these structures are specifically chosen by bad-faith actors to mimic official identity verification portals and bypass simple exact-match brand monitoring.
Frequently Asked Questions (FAQ)
Why was ‘belfius-identiteit.net’ considered confusingly similar to the BELFIUS trademark?
The domain name incorporated the entire BELFIUS mark—an invented and highly distinctive financial services brand—combined with the Dutch word ‘identiteit’ (identity). Because Dutch is a primary language in Belgium where the Complainant operates, the panel found this construction created a clear, confusing association with the bank’s brand.
How did the panel determine the respondent lacked legitimate rights or interests?
The respondent failed to respond to the complaint and provided no evidence of any rights or legitimate interests in the domain. Given that BELFIUS is an invented, proprietary trademark, there was no credible scenario where the respondent could legitimately use such a domain for a non-infringing purpose.
What evidence proved the domain was registered and used in ‘bad faith’ despite it being inactive?
The panel applied the doctrine of ‘passive holding,’ ruling that the domain was likely intended for future fraud. The bad faith was reinforced by the respondent’s use of incomplete contact details and the intentional concealment of their identity, which were clearly aimed at preventing the complainant from enforcing its trademark rights.
What business risks were identified regarding the ‘identiteit’ keyword?
The inclusion of the term ‘identiteit’ (identity) in a domain targeting a major bank posed a significant risk for credential harvesting and identity theft. By securing the transfer of this ‘sleeping’ infrastructure, Belfius Bank successfully mitigated the strategic threat of the respondent activating a fraudulent portal for deceptive banking practices.
Found a brand-plus-keyword impersonation domain?
Does your portfolio include domains using your brand name paired with descriptive keywords like ‘identity’ or ‘login’? Protect your customers from potential credential harvesting by assessing your legal options for domain recovery.
This case note is for informational purposes only and is not legal advice.



