When ICANN talks about the benefits of increasing the gTLD name space they frequently mention how these additional domains can be used by commercial enterprises to advance the marketing of their brands, or employed by cultural and religious affinity groups to better promote the ideas and agendas of those associations. Mentioned less frequently is how some of these new gTlds could also be a force to make for more secure web sites, further the protections on sensitive PII data and help reduce phishing attacks. Registrars in the .com space presently ask two questions from their customers: Is your 2nd level domain name unique and is your check good? You answer yes to those and your 2nd level is accepted. It's not the registrar's purview to conduct investigations of their customers and pass judgment on their domains' suitability. The acquirers of these new gTLDs however will have the option of reserving the new gTLD for their exclusive use or to become in effect a registrar for that domain. And it would be their prerogative as to who could have a 2nd level in that new domain. What if an entity, a trade group association in this example, secured the rights to .secureonlinebanking and wanted to open it up to only legitimate banks? In this case those banks who wish to put their firms into this new top level would have to show proof they are a legitimate lender and not a phisher. The registrar could charge a higher registration fee to cover the costs of a thorough criminal background investigation of their new members. What if the registrar also wants to mandate that their member web sites meet a high level of security? The persistent criticism of Sarbanes-Oxley and PCI-DSS compliance is that it accomplishes only checklist security. In our example the registrar could go beyond a baseline level of security and require more stringent and exacting security controls such as more frequent and thorough vulnerability scanning or pen testing. These extra secure gTLD's would function in effect as bastion enclaves for financial institutions and e-commerce sights and recognize the importance of assuaging the fears of customers whose comfort level with e-business is not particularly high right now in lieu of the recent data breaches at retailers, such as Target and Neiman Marcus. Having an e-business in one of these enclaves would bestow on it a good data security seal of approval. And that would be a marketing opportunity that they could take to the bank.