WIPO Arbitration and Mediation Center
ADMINISTRATIVE PANEL DECISION
Discover Financial Services v. Domain Administrator, Fundacion Privacy Services LTD
Case No. D2021-1514
1. The Parties
1.1 The Complainant is Discover Financial Services, United States of America (“United States”), represented by Taft, Stettinius & Hollister, LLP, United States.
1.2 The Respondent is Domain Administrator, Fundacion Privacy Services LTD, Panama.
2. The Domain Names and Registrar
2.1 The disputed domain names <discoverersonaloans.com>, <discoverperoanloans.com>, <discoverperonslloans.com>, <discoverpersoanalloans.com>, <discoverpersonailloans.com>, <discoverpersonanlloan.com>, <discoverpersonqalloans.com>, <discoverpetrsonalloans.com>, <discoverporsonalloans.com>, <discoverspersonalloan.com>, <discoverstubdentloans.com>, <discoverypersonaloan.com> and <wwwdiscover360financial.com> (the “Domain Names”) are registered with Media Elite Holdings Limited dba Register Matrix (the “Registrar”).
3. Procedural History
3.1 The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on May 14, 2021. On May 17, 2021, the Center transmitted by email to the Registrar a request for registrar verification in connection with the Domain Names. In emails on May 18, 2021 and May 27, 2021, the Registrar provided its verification response to the Center confirming that the Respondent is listed as the registrant.
3.2 The Center verified that the Complaint satisfied the formal requirements of the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name Dispute Resolution Policy (the “Supplemental Rules”).
3.3 In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on May 28, 2021. In accordance with the Rules, paragraph 5, the due date for Response was June 17, 2021. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on June 18, 2021.
3.4 The Center appointed Matthew S. Harris as the sole panelist in this matter on June 22, 2021. The Panel finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.
3.5 On June 24, 2021 the Panel issued an order (“Procedural Order No. 1”) inviting the Registrar, inter alia, to identify whether Fundacion Privacy Services LTD was the privacy service of the Registrar and to provide the details of the underlying registrant of the Domain Names. The recitals to Procedural Order No. 1 also recorded a number of provisional observations of the Panel as to a large number of other cases involving Fundacion Privacy Services LTD, as to the terms and conditions of service of Fundacion Privacy Services LTD, and placed the Registrar on notice that adverse inferences might be drawn from any failure to provide the information requested and that its conduct might be reported to ICANN.
3.6 Procedural Order No. 1 also permitted, but did not require, the parties to file further submissions in relation to these issues.
3.7 On July 1, 2021, the Registrar responded by email to Procedural Order No. 1 in the following terms:
“Fundacion Privacy Services Corp. is the whois privacy provider for these domains. We have a contract with this company. We cannot disclose the details of the registrant behind privacy but the registrant agreed to release the domains to the complainant.”
3.8 Later that day the Complainant sent an email to the Center stating that this was the first time the Complainant had been made aware that the registrant of the Domain Names. They also contended that the appropriate approach if this was so, was for the registrant to identify itself and sign the appropriate settlement forms. The email then concluded as follows:
“Without waxing eloquent, the better public policy position is that the actual registrant of domain names should be disclosed when a UDRP complaint is filed. Failing to do so limits the possibility for settlement and ultimately shields even the most notorious and obvious of cybersquatters, such as whoever is behind these many infringing domain names.”
4. Factual Background
4.1 The Complainant is a credit card issuer and electronic payment services company based in the United States that operates under the “Discover” brand. It has thousands of employees and its products and services sold under the DISCOVER mark are advertised and promoted around the world.
4.2 The Complainant is the owner of a number of registered trade marks that comprise or incorporate the term “Discover”. Specific marks relied upon in the Complaint include:
(i) United Stated registered trade mark no. 1,479,946 for DISCOVER as a typed drawing in class 36, with a registration date of March 8, 1988 and declaring a first use in commerce of February 20, 1985; and
(ii) Panamanian registered trade mark no. 185692, for DISCOVER in class 36, with a registration date of November 13, 2009.
4.3 The Complainant operates a website from the domain name <discover.com> where customers can log into their confidential accounts and from which the Complainant provides consumer information about its goods and services.
4.4 The Domain Names were all registered from August 19, 2020 to December 24, 2020 on the following dates:
<discoverpetrsonalloans.com> August 19, 2020
<discoverpersoanalloans.com> August 27, 2020
<discoverersonaloans.com> August 27, 2020
<discoverporsonalloans.com> September 16, 2020
<discoverpersonailloans.com> September 16, 2020
<discoverperoanloans.com> October 1, 2020
<discoverperonslloans.com> October 9, 2020
<discoverpersonanlloan.com> October 9, 2020
<discoverstubdentloans.com> October 9, 2020
<discoverspersonalloan.com> November 20, 2020
<discoverypersonaloan.com> November 24, 2020
<wwwdiscover360financial.com> December 18, 2020
<discoverpersonqalloans.com> December 24, 2020
4.5 All but three of the Domain Names has been used to display a pay-per-click parking page displaying links related to financial services. The remaining three Domain Names (i.e. <discoverpetrsonalloans.com>, <discoverpersonanlloan.com>, and <wwwdiscover360financial.com>) have been used to resolve to “security check” pages which purport to be operated by Microsoft and McAfee (although whether these are genuinely operated by these business is questionable).
4.6 The domain name servers registered in respect all but one of the Domain Names are “ns1.namedynamics.net” and “ns1.namedynamics.net”. The one exception is <wwwdiscover360financial.com>, where the domain servers are “ns1.thednscloud.com” and “ns2.thednscloud.com”.
4.7 Who is behind the registration of the Domain Name is unclear. They have at all relevant times been registered in the name of Fundacion Privacy Services LTD, which is a “privacy service” that has (according to the Registrar) entered into some sort of contractual relationship with the Registrar.
4.8 Fundacion Privacy Services LTD has previously been named as a Respondent in over 170 decisions under the Policy. It would appear from the format of the case name in those cases, that the underlying registrant of the relevant domain name or domain names was not disclosed by the Registrar in any of those proceedings. It would also appear that in all, save for perhaps a small handful of these cases, the complainant was successful.
5. Parties’ Contentions
5.1 The Complainant contends that the way in which the Domain Names have been used, the fact that they are all registered with the same Registrar, use the same registration details, use domain servers with the names “namedynamics.net” or “thednscloud.com” and the way in which each Domain Name has been used, means that there is sufficient connection between the Domain Names that it is appropriate for the Complainant’s claims to be addressed in a single set of proceedings.
5.2 The Complainant refers to its business and marks and its activities on the Internet. It also refers to a number of UDRP cases in which it has been involved in which the panel held that the Complainant’s trade mark was famous, although the geographical extent of that fame beyond the United States is not clear.
5.3 The Complainant contends that all of the Domain Names are confusingly similar to the Complainant’s mark, since all incorporate that mark in full. Further each of the Domain Names, is said to comprises the DISCOVER mark to which extra elements such as “l,” “t,” “b,” and the terms such as “personal,” “loan,” “loans,” “financial,” with those words frequently misspelled, have been added. The relevant additions in each case is said not to make the Domain Name any less confusingly similar. The misspellings are also said to indicate that this is a case of typosquatting.
5.4 Further, the content of the Domain Names, the way in which they have been used and the name in which the Domain Names have been registered are all said to indicate a lack of any rights or legitimate interests on the part of the Respondent and that the Domain Names were registered and are being held in bad faith.
5.5 Finally, it is useful to record that although the Complaint contains the usual required waiver of claims against persons involved in the operation of the UDRP, so far as the Registrar is concerned, the waiver is expressly expressed to exclude any claim:
“related to the Registrar’s registration of any domain names in its own name, provision of WHOIS masking and/or privacy services, hosting, and/or any other cooperation with the Respondent beyond the services unique to an ICANN-accredited registrar.”
5.6 The Respondent did not reply to the Complainant’s contentions.
6. Discussion and Findings
6.1 There are no exceptional circumstances within paragraph 5(f) of the Rules so as to prevent this Panel from determining the dispute based upon the Complaint, notwithstanding the failure of any person to lodge a Response.
6.2 Notwithstanding that default, it remains incumbent on the Complainant to make out its case in all respects set out in paragraph 4(a) of the Policy. Namely, the Complainant must prove that:
(i) the Domain Names are identical or confusingly similar to a trade mark or service mark in which the Complainant has rights (paragraph 4(a)(i)); and
(ii) the Respondent has no rights or legitimate interests in respect of the Domain Names (paragraph 4(a)(ii)); and
(iii) the Domain Names have been registered and are being used in bad faith (paragraph 4(a)(iii)).
6.3 However, under paragraph 14(b) of the Rules, where a party does not comply with any provision of the Rules, the Panel shall “draw such inferences therefrom as it considers appropriate”.
6.4 The Panel will address each aspect of the Policy in turn. However, this case is unusual in that it also raises the procedural issues of how the Panel should respond to the Registrar’s statement that the registrant is willing to transfer the Domain Names, the Registrar’s conduct, and the Complainant’s request for consolidation. The Panel will, therefore, address each of these procedural issues first before addressing the substance of the Policy.
A. Procedural Issues
(i) Consent to transfer
6.5 As has already been recorded in the Procedural History section of this decision, the Registrar stated, in response to Procedural Order No.1, that the underlying registrant of the Domain Names was willing to transfer the Domain Names to the Complainant. The Complainant’s representatives replied that if this was so, the appropriate way to address this was for the registrant to be revealed and then for that Respondent to sign the relevant settlement forms. The Panel understands this to have been a reference to the “standard settlement form” recorded in paragraph 17 of the Rules. In the case of the Center, the format of that standard settlement form is recorded at Annex F to the Supplemental Rules, which requires someone to sign the form “for the Respondent”.
6.6 That raises the question who can sign the form “for the Respondent”, but it is not necessary to consider this question further, since no such form has been signed in this case.
6.7 Although the procedure outlined in paragraph 17 of the Rules provides a convenient mechanism for the UDRP provider (in this case, the Center) to facilitate transfer without the need for any further involvement of a Panel, the signing of such a form is not the only way that a transfer of a domain name the subject of proceedings can be effected by consent. As is recorded in section 4.10 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (the “WIPO Overview 3.0”), where a respondent has indicated its consent to transfer, the Panel can proceed to order transfer on that basis.
6.8 However, whether a panel proceeds to make an order on the basis of consent is a matter of discretion for the panel. Relevant factors here are also identified in section 4.10 of the WIPO Overview 3.0 and include the consent or otherwise of the complainant and whether there is a broader interest in recording a substantive decision on the merits. The Panel is of the view that in this case there is a broader interest in recording a substantive decision on the merits and, in the absence of any consent on the part of the Complainant to the case being dealt with on any other basis, the Panel will proceed accordingly.
(ii) Registrar Conduct
6.9 Fundacion Privacy Services LTD and the Registrar are both based in Panama and so far as the Panel can tell in every one of the over 170 UDRP cases to date in which Fundacion Privacy Services LTD has been named, the Registrar has been the registrar in respect of the relevant domain names. From this the Panel drew the provisional inference that Fundacion Privacy Services LTD is the privacy service of the Registrar. These facts and that inference were put to the Registrar in Procedural Order No. 1. The Registrar in its brief submission did not dispute this and confirmed that there is some form of contractual relationship between it and Fundacion Privacy Services LTD.
6.10 The common practice of reputable registrars that operate a privacy service (whether through a legally distinct entity or otherwise), when receiving a registrar verification request in the course of UDRP proceedings from a UDRP provider, is to reveal the details of the underlying registrant of the domain names in issue and that registrant’s contact details.
6.11 The development and importance of that practice to the integrity of the UDRP and subsequent developments as to disclosure in the context of UDRP proceedings (including the redaction and disclosure of data required by the Temporary Specification for generic Top-Level-Domain Registration Data issued by ICANN dated May 17, 2018) were addressed at some length by this Panel in Rubis Energie v. Privacy Administrator, Anonymize, Inc. WIPO Case No. DCO2019-0033. The process of disclosure and how this is practically dealt with, is also recorded in section 4.4 of the WIPO Overview 3.0.
6.12 It is therefore a matter of disappointment and concern that the Registar refused to disclose the underlying registrant details in this case, either in response to the Center’s verification request or in response to the Panel’s express request that it do so. The only explanation offered for that refusal is a claim that it “cannot disclose the details of the registrant behind privacy”, but no reason is offered as to why that this is the case. This statement also appears to be untrue or at best misleading. As was once again recorded in Procedural Order No. 1, the service agreement applicable to Fundacion Privacy Services LTD services is available on its website. Section 10 of that agreement, expressly reserves the right to reveal registrant and contact information, inter alia:
“If the [relevant domain name(s)] is (are) alleged to violate or infringe a third party’s trademark, trade name, copyright interests or other legal rights of third parties;” or
“If necessary to comply with ICANN’s Dispute Resolution Policy, UDRP, the Uniform Rapid Suspension System, URS, or other policies promulgated by ICANN …”
6.13 It follows that prima facie Fundacion Privacy Services LTD is contractually able to disclose this information and there appears to be no good reason why the Registrar cannot also do so.
6.14 Next there is the issue that the Registrar in response to Procedural Order No. 1 has purported to make an offer on behalf of the underlying registrant of the Domain Names to transfer the Domain Names to the Complainant but in a manner where the identity of the respondent is kept anonymous.
6.15 This demonstrates that whatever arrangements are in place between the Registrar, Fundacion Privacy Services LTD and the underlying registrant, they are sufficiently close that the Registrar has been able to obtain pass an offer of transfer of the Domain Names from the underlying registrant of the Domain Names to the Complainant within a few days. This is another factor that suggests that the Registrar is aware of the identity of the registrant.
6.16 However, what the Registrar has done also raises a more fundamental issue of principle. As was recorded by this Panel in Rubis Energie v. Privacy Administrator, Anonymize, Inc. WIPO Case No. DCO2019-0033:
“A registrar has its own obligations under the UDRP, the Rules and the Clarification that are quite distinct from the rights and obligations of the parties to UDRP proceedings. For example, in addition to the obligation to respond to a verification request already discussed, a registrar has an obligation under paragraph 4(b) of the Rules to place a domain name on lock before even notifying a respondent of UDRP proceedings. It also has an obligation to implement any decision under the UDRP in accordance with, and subject to, the provisions paragraph 4(k) of the Policy. However, it is wholly inappropriate for a registrar to descend into the arena of proceedings for the purpose of furthering the interests, or advancing the case, of one or other party. It is a principle that is expressly recorded in paragraph 4(h) of the Policy, which provides:
“h. Our Involvement in Administrative Proceedings. We [i.e. the Registrar] do not, and will not, participate in the administration or conduct of any proceeding before an Administrative Panel.”
6.17 In the Rubis Energie v. Privacy Administrator, Anonymize, Inc. case supra, the involvement of the registrar was extreme, extending to arguing the case of a registrant hidden behind a privacy shield. The Registrar has not done this here. But it has nevertheless engaged in the passing of messages from a registrant to a Complainant, in a manner that preserves the anonymity of that registrant who (as will be discussed in greater detail in this decision) appears to be engaged in obvious and extensive cybersquatting. In so doing it has improperly furthered the interests of a registrant in those proceedings in that it sought to facilitate settlement of these proceedings in a manner that would avoid the identity of the registrant being disclosed and which would avoid the publication of an adverse decision in respect of the Domain Names. The Panel also observes that had that offer been accepted, the Registrar would also have avoided possible criticism of its conduct in a published decision.
6.18 In conclusion, the Panel has significant concerns about the Registrar’s conduct in this case in that (a) it has failed to disclose details that it either has or is able to obtain as to the underlying registrant of the domain name in response to a UDRP provider’s request and a subsequent request of the Panel in an attempt to frustrate UDRP proceedings or hide the misconduct of the registrant, (b) it has made a statement to the Panel that is prima facie untrue or misleading regarding its ability to disclose the identity of the registrant, and (c) it has sought to improperly further the interests of the registrant of the Domain Names (and possibly itself) in passing messages from the registrant to the Complainant and facilitating a transfer of the Domain Names in a manner that seeks to preserve the anonymity of the registrant.
6.19 Further, the conduct of the Registrar’s in the present case is not an isolated case. The fact that there are 170 or so previous cases involving Fundacion Privacy Services LTD and the Registrar, that the underlying registrant was not disclosed in any of these cases and in nearly all those cases, the complainant was successful, strongly suggests that the Registrar together with Fundacion Privacy Services LTD, has adopted a business model of providing registrar and privacy services either to a single or multiple cybersquatters.
6.20 In LEGO Juris A/S v. Whois Privacy Protection Service, Inc. / Domains Secured, LLC, WIPO Case No. D2011-1857, the Panel observed (having considered the practice of previous panels) that where a registrar breached the provisions of the Policy or Rules or its conduct otherwise threatened to undermine the proper operation of the UDRP, it might be appropriate to invite the Center to bring that failure to the attention of ICANN, with a view to ICANN undertaking such investigation into, and enforcement steps against, the registrar as it considers appropriate.
6.21 For the reasons set out above, the Panel has concluded that the Registrar’s conduct in this case (and indeed the many other previous cases in which it has been involved) merits referral to ICANN for investigation and possible enforcement. It, therefore, invites the Center and the Complainant to do so.
(iii) Consolidation of Proceedings
6.22 It is questionable whether there is any need for a positive finding from the Panel that consolidation is appropriate in circumstances where these proceedings have been advanced by a single Complainant against a single Respondent, i.e. Fundacion Privacy Services LTD, and where there has been a refusal to disclose any different underlying registrant. It would be inherently unfair for a registrant to be able to complain that his or her dispute is being decided in proceedings involving other registrants if he or she has taken advantage of a privacy service that refuses to disclose those separate identities.
6.23 However, the Panel in any event accepts that the Domain Names are indeed controlled by the same person. In this respect, the timing of the registration of the Domain Names, the fact that they are (as is discussed in greater detail later on in this decision) all examples of typo-squatting and have been used in a similar manner, and in all but one case all the Domain Names use the same name servers, all support that conclusion. Further, any doubt as to this issue appears to be laid to rest by the Registrar’s email of June 30, 2021 that made reference to a single registrant.
6.24 In the circumstances, there is no reason why these proceedings cannot validly proceed in respect of all of the Domain Names.
B. Identical or Confusingly Similar
6.25 The Complainant has satisfied the Panel that it has registered trade marks that comprise or incorporate the word “Discover”. In order to satisfy the first element of the Policy it is usually sufficient for a complainant to show that the relevant mark is “recognizable within the disputed domain name” (as to which see section 1.7 of the WIPO Overview 3.0).
6.26 The Panel accepts that the only sensible reading of 11 of the Domain Names is as including the word “Discover” in combination with other ordinary words where in nearly all cases those ordinary words have been misspelt. As a consequence, the term “Discover” is clearly recognisable in all of these Domain Names. The two remaining domain names can only be sensibly read as including the words “Discovery” or “Discovers”. Each thereby contains the text “Discover”. Further, and in any event, each of the words “Discovery” or “Discovers” are confusingly similar to the Complainant’s mark and the additional text in those Domain Names does not detract from that similarity. The Complainant has, therefore, satisfied paragraph 4(a)(i) of the Policy.
C. Rights or Legitimate Interests
6.27 As is discussed in the context of bad faith, the Panel accepts that each of the Domain Names was registered because it incorporated typosquatting variants of the Complainant’s mark and other words likely to be associated with the business and services of the Complainant and have subsequently been held with the intention of taking some form of unfair advantage of the Complainant’s mark. There is no right or legitimate interest in holding a domain name for such a purpose.
6.28 It follows that the Complainant has made out the requirements of paragraph 4(a)(ii) of the Policy in respect of each of the Domain Names.
D. Registered and Used in Bad Faith
6.29 Notwithstanding that “Discover” is an ordinary English word, and is also capable of being used in combination with words such as “personal loans”, “student loans” in a descriptive manner, the Panel has little hesitation in concluding that each of the Domain Names was initially registered and has been held with the intention of taking some form of unfair advantage of the trade mark rights of the Complainant’s business.
6.30 The first reason for this is that all but two of the Domain Names involve misspelling of the words “personal loans” and “student loans” and accordingly each of those Domain Names cannot be sensibly read as anything other than a deliberately created typosquatting variation of both the Complainant’s registered trade mark and those terms. Typosquatting cries out for an explanation and in the absence of once being provided, and if the domain name incorporates a mark that has a significant degree of reputation, the most likely explanation is that the Respondent’s intention is to seek to take advantage of the rights of the trade mark holder. As is recorded in section 3.1.4 of the WIPO Overview 3.0:
“Panels have consistently found that the mere registration of a domain name that is identical or confusingly similar (particularly domain names comprising typos or incorporating the mark plus a descriptive term) to a famous or widely-known trademark by an unaffiliated entity can by itself create a presumption of bad faith.”
6.31 The remaining Domain Names are <wwwdiscover360financial.com> and <discoverspersonalloan.com>. The Domain Name <wwwdiscover360financial.com> does not involve any misspelling of any words, but instead can only sensibly be understood as a mistyping of the url, “wwwdiscover360financial.com”. Accordingly, this is just another form of typosquatting and the analysis is no different. That leaves the Domain Name <discoverspersonalloan.com>. Arguably, when read in isolation, this is simply the words “discovers”, “personal” and “loan” in combination. But that combination of words is awkward and once it is recognised that the Domain Name was part of broader pattern of typo registrations, it seems far more likely that the Domain Name is yet another example of typosquatting with the term “discover” pluralised.
6.32 The second very strong factor that points to bad faith in this case, is the Respondent use of a privacy service and Fundacion Privacy Services LTD in particular. In Nishimura & Asahi v. Super Privacy Service LTD c/o Dynadot, WIPO Case No. D2019-2070 this Panel stated as follows:
“A number of early UDRP decisions suggested that the mere use of a privacy service was an indicator of bad faith. Subsequently, panels have tended to adopt a more nuanced approach in accepting there can be legitimate uses of such services but in particular cases the way that they have been used may support a finding of bad faith (see section 3.6 of the WIPO Overview 3.0). It may be that if the ICANN Temporary Specification continues to apply for a significant period of time, the pendulum may swing back somewhat. If general WhoIs details are redacted as a matter of course, it is more difficult to see what is the legitimate additional purpose that such services provide.”
6.33 These comments hold good in this case, particularly since each of the Domain Names was registered after the implementation of the ICANN Temporary Specification. However, regardless of exact current position of the pendulum so far as the general use of these services is concerned, the Respondent has chosen to use a particular register and a particular privacy service that now has an extensive history of refusing to disclose the details of the underlying registrant and where in nearly all such cases the complainant succeeded. As the Panel has already recorded in the context of the Registrar’s conduct, that history strongly suggests that the Registrar together with Fundacion Privacy Services LTD, has adopted a business model of providing registrar and privacy services either to a single or multiple cybersquaters. If that is so, the use of this particular service arguably now carries with it a presumption of bad faith registration and use.
6.34 Finally, there is the fact that the registrant did not challenge the Complainant’s claims and was instead prepared to transfer the Domain Names to the Complainant but in a manner that preserved its anonymity. The insistence on anonymity is consistent with the registrant wanting to disguise its wrongdoing.
6.35 In the circumstances, the Panel finds that the Complainant has made out the requirements of paragraph 4(a)(iii) of the Policy.
7.1 For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Names, <discoverersonaloans.com>, <discoverperoanloans.com>, <discoverperonslloans.com>, <discoverpersoanalloans.com>, <discoverpersonailloans.com>, <discoverpersonanlloan.com>, <discoverpersonqalloans.com>, <discoverpetrsonalloans.com>, <discoverporsonalloans.com>, <discoverspersonalloan.com>, <discoverstubdentloans.com>, <discoverypersonaloan.com>, <wwwdiscover360financial.com> be transferred to the Complainant.
Matthew S. Harris
Date: July 2, 2021