Adaptation of decisions in case of identity theft’s suspicion

WIPO, Arbitration and Mediation Center, June 15, 2020, No. D2020-0646, Wintrust Financial Corporation v. Domain Administrator, Se / Name Redacted


WIPO’s case law databases have no fewer than 170 hits when there is a research for decisions against “Name Redacted”, a term used when experts decide not to include the name of the defendant in the complaint. This occurs when the defendant appears to have impersonated a third party and in order to protect his or her personal data.


Recently, in a case involving the domain name <>, an obvious case of cybersquatting where the defendant tried to make the public believe that they were related to Wintrust Financial Corporation, the expert made the decision not to mention the name of the defendant in the decision.


In fact, in the course of the proceedings, the Center received an e-mail from a third party regarding the identity of the Respondent, indicating that it was a case of identity theft. This communication was forwarded to the parties by the Center, which also contacted the defendant at another e-mail address, which had not been taken into account at the start of the proceedings, to ask them if they wished to file a response to the complaint, which they did not.


Even if the issue of impersonation is not proven with certainty, the expert, as a precaution, chooses not to expose the name of the defendant in the decision.


However, the expert includes an unpublished annex to the decision that includes the name of the defendant. An annex that the Center may forward to the Registrar. This technique has also been used in other decisions (V. ASOS plc. v. Name Redacted, WIPO, No. D2017-1520; Allen & Overy LLP v. Name Redacted, WIPO, D2019-1148).


In addition to the procedural adaptations that identity theft generates, this decision is an opportunity to remind the right holders to be vigilant with the naming charter established for the registration of domain names. For example, an inactive name reserved in the name of a subsidiary could appear legitimate. However, it could be a case of identity theft. This is why it is imperative, in order to protect the company, its managers and its customers, to establish the rules of good conduct regarding the reservation of domain names. In particular, the e-mail address used must be a generic address in the name of the company, such as, and a dedicated registrar must be designated.