The implementation of Verified Mark Certificates (VMCs) by Gmail, Apple Mail and additional mailbox providers has made it harder for fraudsters to impersonate banks and other financial services firms by showing a blue check mark (Gmail) and/or certifying language (Apple) for verified senders. This has made it much easier for email recipients on these platforms to recognize legitimate senders. A sample screenshot of an email sent to a Gmail account from Bank of America is shown below. Notice the blue check mark and certifying language that pops up when the mouse is placed over the check mark.

Several banks have purchased VMCs for their domains. A quick check of the VMC Certificate Transparency log shows logos for Bank of America, JP Morgan Chase, Truist Financial, M&T Bank, Ally Financial, Bank of Guam, Bank of Nova Scotia, Bank of the Southwest, Royal Bank of Canada, National Bank of Greece, City Union Bank Ltd, Vantage Bank Texas, Klarna Bank AB, UniCredit Bank S.A, ABN AMRO Bank N.V. and Carrefour Banque SA.

A wide range of global financial institutions have implemented Brand Indicators for Message Identification (BIMI) and VMCs, which promote their logo in sent emails and provide positive identification for their customers. Customers can instantly recognize a legitimate email from their bank and distinguish it from a phony one. This makes it easier for customers to distinguish legitimate emails from phishing emails attempting to impersonate financial brands.

While implementing a checkmark or VMC does not prevent a customer from receiving a phishing email from an external bad actor, this system trains customers to recognize indications of security measures in emails from their trusted institutions. In that way, VMC is a crucial step in building a culture of security for banks and financial institutions.

The branding aspect is another benefit for financial firms, as your logo extends beyond websites, brick and mortar locations, print, and advertising into an unmodifiable section of emails.

Get started with VMC

The steps to getting a VMC are straightforward, and for most financial organizations, these first two are already in place:

1. Register the trademark: Your business will need a registered trademark, as only trademark holders are eligible for VMCs. Check which trademark offices are approved for VMC here.
2. Enforce DMARC: Next, your domain must be DMARC enforced.
3. Apply for a VMC: Once you have confirmed these, apply for your VMC. Existing DigiCert CertCentral^® customers can login to their console and place their order there. New customers can start here: https://order.digicert.com/step1/vmc_basic.
4. Become verified: Finally, you will undergo verification to receive the VMC. You will need to upload your trademarked logo in a special SVG format. DigiCert will start to verify all your information per the VMC standards, which will include a video call with the applicant.

Once all the steps are completed, your VMC will be issued. You can then add this to your BIMI record and start sending authenticated emails.

Want to join the other firms that have already purchased VMCs or see how your logo would look? All the information can be found on the DigiCert website. You will be pleasantly surprised about how easy it is to get started and see the amazing benefits of VMCs.