Home / Blogs

Brand Protection Beyond the “Whack-a-Mole” Approach

I recently shared at a conference how a seasoned brand and fraud expert from one of the world’s largest global financial institutions lamented a major attack where multiple fraudulent websites would pop up every single day. All attacks were launched from the same registrar and web hosting company, and no matter how much they reached out to these providers, they received the same reply: “we will pass on your request to the registrant or site owner,” and then nothing happened. The brand and fraud specialist felt like he was playing whack-a-mole—IT WAS NEVER ENDING—and he wondered why the registrar and web host were not getting in trouble for harboring the criminal, and why there was nothing he could do.

The answer could lie in the approach taken for online brand protection and whether a company is contributing to stopping the whack-a-mole game. Traditionally, most companies employ ongoing online brand monitoring, then enforce on it. But it doesn’t change the fact that this will never fundamentally change the game—the endless cycle of detection and enforcement.

In recent years, some brand owners have started doing things a little bit differently. They have started to cooperate directly with platforms, and some also conduct online-offline joint operations. While these are extremely good measures—we also encourage our clients to establish direct communication with the platforms—this may still be inadequate because the world is changing.

1. Proliferation of eCommerce during COVID-19

  • Lockdowns and social distancing guidelines have forced people to buy online in most countries. According to recent statistics, U.S. eCommerce revenue has grown by 110%, EU 69%, APAC 45%, and the rest of the world 200% YoY.
  • As the number of eCommerce platforms grow, it will be harder for brand owners to create and nurture meaningful cooperation with every platform in direct enforcement operations or programs.
  • Smaller emerging boutique eCommerce sites may not have the resources or experience to implement effective programs to protect brand owners.
  • Aside from counterfeiting issues where products are concerned, brands hold a lot of customer data. Phishing and cybersecurity breaches impact a brand’s revenue and reputation and should be a concern for brands as well.

2. Deglobalisation and shifts in supply chains

  • During the pandemic, we’ve noticed more nations drawing boundaries and imposing internet and data privacy laws. More countries are safeguarding their national interests, protecting local supply and exports, supporting local industries, etc. This deglobalization of the world will fragment the internet. It’s also reshaping the global supply chain and localizing brand infringement.
  • A lot of brand protection resources are currently focused on Mainland China, but if supply chains shift to Latin America and Southeast Asia, brand protection managers may need to rethink their strategy.

3. Growing ideology conflict

  • The EU’s General Data Protection Regulation (GDPR) has caused most domain WHOIS records to be redacted, significantly reducing the ability to conduct online enforcement. The WHOIS redaction debate doesn’t happen in the European parliament, but at the Internet Corporation of Assigned Names and Numbers (ICANN)—the organization responsible for coordinating the Internet ecosystem—through a process called Expedited Policy Development Process (EPDP).
  • On the one hand, human rights activists who are typically very vocal, and some governments, want to redact everything. On the other hand, law enforcement and some other government bodies wanting some disclosure. But the pro-redaction camp is winning because in the ICANN world, you also have registries, registrars, and the hosting providers—none of whom want any disclosure. A registrar has even stopped collecting any information at all.
  • But what is the sentiment of the business and IP communities, and is their voice heard where policies are made? Brand owners often ask:
    • Who is the infringer?
    • Can I get the information to prosecute?
    • How can I get the registrar to take action?
    If companies need to find out who the infringer is, get information, or even find a better way to get a registrar to take action, then they need to start paying attention to the internet policies that impact their brand protection strategies.

There are numerous internet policies that are critical in determining the success of a brand protection manager.

Take the Digital Millennium Copyright Act (DMCA), for example. It established that “online service providers” are not accountable for infringements using its service (if certain conditions are met, i.e., safe harbor). As a result, while many registrars claim that they have no access or control over the content, therefore, they’re not obliged to take action, many ISPs will simply reply that they have passed on the complaint message, as they are not held liable. However, some newer copyright regulations, such as the EU Digital Single Market copyright directive, and some new laws in China, may mitigate the issue of platforms not being held accountable.

Some internet policies have a global reach, such as the Rights Protection Mechanisms currently in revision at ICANN. Some policies are local in nature, such as the UK IP Protection Pilot Program that allows providers such as CSC to use a different method for infringement takedowns.

Some internet policies are not intended to be internet policies but can impact and change the landscape of how the online world works. For example, China’s Anti-Monopoly Rule may allow boutique eCommerce platforms to thrive in China, which in turn will change how you should conduct online brand protection.

It’s important the business community acts together to influence the development of these policies at various levels.

In conclusion, I have three recommendations for brand owners:

  1. Continue to do the basics—monitoring, enforcement, and developing platform relationships involving three-way partnerships among brand stakeholders), brand protection provider (as the workload is going to be heavier with more emerging platforms), and platforms.
  2. Start paying attention and play an active role in internet policy development; there are numerous forums for enterprise engagement.
  3. Think security and think of brand protection beyond just anti-counterfeit. Data is king; brand protection also means anti-fraud, anti-phishing, protecting the brand on social media, app store, and stand-alone websites.

By Alban Kwan, East Asia Regional Director at CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC