BPCE v Cornelia Meier, Nsi Group Sarl

ARBITRATION

AND

ADMINISTRATIVE PANEL DECISION

BPCE v. Cornelia Meier, Nsi Group Sarl

Case No. D2024-2815

1. The Parties

The Complainant is BPCE, France, represented by KALLIOPE Law Firm, France.

The Respondent is Cornelia Meier, Nsi Group Sarl, France.

2. The Domain Name and Registrar

The disputed domain name <groupbpec.com> is registered with Hostinger Operations, UAB (the “Registrar”).

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on July 10, 2024. On July 11, 2024, the Center transmitted by email to the Registrar a request for registrar verification in connection with the disputed domain name. On July 12, 2024, the Registrar transmitted by email to the Center its verification response disclosing registrant and contact information for the disputed domain name which differed from the named Respondent (Privacy Protect, LLC (PrivacyProtect.org)) and contact information in the Complaint. The Center sent an email communication to the Complainant on July 13, 2024, providing the registrant and contact information disclosed by the Registrar and inviting the Complainant to submit an amendment to the Complaint. The Complainant filed an amended Complaint on July 15, 2024.

The Center verified that the Complaint together with the amended Complaint satisfied the formal requirements of
the Uniform Domain Name Dispute Resolution Policy (the “Policy” or “UDRP”), the Rules for Uniform Domain
Name Dispute Resolution Policy (the “Rules”), and the WIPO Supplemental Rules for Uniform Domain Name
Dispute Resolution Policy (the “Supplemental Rules”).

In accordance with the Rules, paragraphs 2 and 4, the Center formally notified the Respondent of the Complaint, and the proceedings commenced on July 17, 2024. In accordance with the Rules, paragraph 5, the due date for Response was August 6, 2024. The Respondent did not submit any response. Accordingly, the Center notified the Respondent’s default on August 16, 2024.

page 2

The Center appointed Emmanuelle Ragot as the sole panelist in this matter on August 27, 2024. The Panel
finds that it was properly constituted. The Panel has submitted the Statement of Acceptance and Declaration of

Impartiality and Independence, as required by the Center to ensure compliance with the Rules, paragraph 7.

4. Factual Background

The Complainant, BPCE, is one of the largest banking groups in France, acting as the central institution responsible for the two banking networks Banques Populaires and Caisses d’Epargne.

The Complainant operates a full range of banking, financial, and insurance activities. It employs 105,000 people and serves a total of 36 million customers. BPCE is present in more than 40 countries through its different subsidiaries.

The Complainant is the owner of numerous trademarks including the following ones:

- France trademark BPCE. No. 3653852, registered on November 6, 2009; for services in classes 9, 16, 35, 36,

38, 41, and 45;

- The International trademark registered under number 1033662 on December 15, 2009, for services in class 36;

and

- The United States of America trademark registered under number 5743541 on May 7, 2019, for services in

class 36.

The Complainant and its subsidiary GCE Technologies also registered domain names reflecting the trademark
BPCE, such as <bpce.fr>, registered in 2008, and <groupebpce.com>, registered in 2009.

The disputed domain name was registered on June 2, 2024, and it was leading to an active website in French from a fake bank “GROUP BPEC” offering competing banking and financial services. Phishing’s purposes are claimed by the Complainant as the Respondent has also activated the mail exchange (“MX”) servers of the

disputed domain name which now leads to an inaccessible website but could according to the Complainant be

reactivated at any moment.

5. Parties’ Contentions

A. Complainant

The Complainant contends that it has satisfied each of the elements required under the Policy for a transfer of the disputed domain name.

Notably, the Complainant contends that the disputed domain name is identical or confusingly similar to its
trademark BPCE duly exploited for banking and financial services. The disputed domain name reproduces the
Complainant’s trademark in its entirety but using a typo squatting by inversion of letters “c” and “e” in “BPCE”

page 3

and deletion of the “e” at the end of the word “groupe”. Therefore, the disputed domain name is confusingly
similar to the Complainant’s trademark and the public will tend to believe that the disputed domain name is

related in one way or another to the Complainant.

Second, the Complainant indicates that the Respondent has no rights or legitimate interests with respect to the
disputed domain name. The Complainant has not granted any license, nor any authorization to use the
trademarks including as a domain name. Besides, the term “bpce” and the trademarks BPCE are well known in
France and abroad. Referring to the use of the disputed domain name the Complainant argues that the
Respondent’s use of the disputed domain name does not qualify as a bona fide offering of goods and services.

With regard to bad faith registration and use of the disputed domain name by the Respondent, the Complainant notes that it is unquestionable that the registration of the trademarks BPCE pre-date the registration of the disputed domain name. The choice of the disputed domain name is not coincidental, but on the contrary seems to have been done on purpose to generate a likelihood of confusion with the Complainant’s trademarks. The disputed domain name was intentionally selected and registered in order to target and mislead Internet users and to take advantage of the goodwill and reputation of the Complainant and its trademarks for the purposes of diverting traffic to the Respondent’s website and for phishing purposes.

Indeed, the Respondent has activated the MX servers, enabling the Respondent to potentially send fraudulent emails for investment offerings to potential clients of BPCE. The Complainant is particularly concerned about this situation because in banking services, consumer protection and security services are key issues given the sensitive nature of the data processed. Finally, the Complainant states that the Respondent’s bad faith is also evident in the Respondent’s willingness to conceal its identity by registering the disputed domain name

anonymously and providing false coordinates to the Registrar.

The Complainant requests the transfer of the disputed domain name.

B. Respondent

The Respondent did not reply to the Complainant’s contentions.

6. Discussion and Findings

Pursuant to paragraph 4(a) of the Policy, in order to obtain a transfer of the disputed domain name, the

Complainant must establish each of the following three elements:

i. the disputed domain name is identical or confusingly similar to a trademark or service mark in which the

Complainant has rights; and

ii. the Respondent has no rights or legitimate interests in respect of the disputed domain name; and

iii. the disputed domain name has been registered and is being used in bad faith.

Besides, paragraph 15(a) of the Rules provides that “[a] Panel shall decide a complaint on the basis of the statements and documents submitted and in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable”.

Paragraphs 10(b) and 10(d) of the Rules also provide that “[i]n all cases, the Panel shall ensure that the Parties are treated with equality and that each Party is given a fair opportunity to present its case” and that “[t]he Panel shall determine the admissibility, relevance, materiality and weight of the evidence”.

page 4

Besides, the Respondent’s failure to reply to the Complainant’s contentions does not automatically result in a decision in favor of the Complainant, although the Panel is entitled to draw appropriate inferences therefrom, in accordance with paragraph 14(b) of the Rules (see WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition (“WIPO Overview 3.0”), section 4.3).

Taking the foregoing provisions into consideration the Panel finds as follows.

A. Identical or Confusingly Similar

It is well accepted that the first element functions primarily as a standing requirement. The standing (or
threshold) test for confusing similarity involves a reasoned but relatively straightforward comparison between the

Complainant’s trademark and the disputed domain name. WIPO Overview 3.0, section 1.7.

The Complainant has shown rights in respect of a trademark or service mark for the purposes of the Policy.
WIPO Overview 3.0, section 1.2.1.

The entirety of the mark is reproduced within the disputed domain name. Accordingly, the disputed domain name is confusingly similar to the mark for the purposes of the Policy. WIPO Overview 3.0, section 1.7. Although the misspelling of “group” by removing the letter “e” and misspelling by inversion of letter “e” and “c” of “BPEC” for “BPCE” may bear on assessment of the second and third elements, the Panel finds the misspelling of such term does not prevent a finding of confusing similarity between the disputed domain name and the mark for the purposes of the Policy and a domain name which consists of a common, obvious, or intentional misspelling of a trademark is considered by panels to be confusingly similar to the relevant mark for purposes of the first element. WIPO Overview 3.0, section 1.9.

The Panel finds the mark is recognizable within the disputed domain name. Accordingly, the disputed domain name is confusingly similar to the mark for the purposes of the Policy. WIPO Overview 3.0, section 1.7 and section 1.9.

The Panel finds the first element of the Policy has been established.

B. Rights or Legitimate Interests

Paragraph 4(c) of the Policy provides a list of circumstances in which the Respondent may demonstrate rights or legitimate interests in a disputed domain name.

Although the overall burden of proof in UDRP proceedings is on the complainant, panels have recognized that proving a respondent lacks rights or legitimate interests in a domain name may result in the difficult task of “proving a negative”, requiring information that is often primarily within the knowledge or control of the respondent. As such, where a complainant makes out a prima facie case that the respondent lacks rights or legitimate interests, the burden of production on this element shifts to the respondent to come forward with relevant evidence demonstrating rights or legitimate interests in the domain name (although the burden of proof always remains on the complainant). If the respondent fails to come forward with such relevant evidence, the complainant is deemed to have satisfied the second element. WIPO Overview 3.0, section 2.1.

Having reviewed the available record, the Panel finds the Complainant has established a prima facie case that the Respondent lacks rights or legitimate interests in the disputed domain name. The Respondent has not rebutted the Complainant’s prima facie showing and has not come forward with any relevant evidence demonstrating rights or legitimate interests in the disputed domain name such as those enumerated in the Policy or otherwise.

page 5

Indeed, the Complainant contends that it has not given its consent to the Respondent to use its BPCE trademark in a domain name registration or in any other manner.

Besides, there is nothing in the record of the case likely to indicate that the Respondent may be commonly known by the disputed domain name.

Furthermore, it results from the available records that the disputed domain name has been used for a website offering of competing services and requesting confidential information.

Obviously, such use of the disputed domain name does not amount to a legitimate noncommercial or fair use.

On the contrary, such use is made with the intent for commercial gain by misleadingly diverting Internet users expecting to find the Complainant and may also tarnish the Complainant’s trademark given the likely phishing intent behind the disputed domain name.

In this respect, panels have held that the use of a domain name for illegal activity (such as phishing) can never confer rights or legitimate interests on a respondent. WIPO Overview 3.0, section 2.13.1.

The Panel finds the second element of the Policy has been established.

C. Registered and Used in Bad Faith

The Panel notes that, for the purposes of paragraph 4(a)(iii) of the Policy, paragraph 4(b) of the Policy establishes circumstances, in particular, but without limitation, that, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith.

In the present case, the Panel finds that:

- the disputed domain name is similar to the Complainant’s BPCE trademark which is intrinsically distinctive, has a reputation (e.g., BPCE v. WhoisGuard Protected, WhoisGuard, Inc. / Fransis Coarno, Danstic, WIPO Case No. D2020-0967; BPCE v. Pierre Agou Michel, WIPO Case No. D2020-2361; BPCE v. Emmanuel Asamoah, WIPO Case No. D2022-3866) and predates the registration of the disputed domain name by 15 years,

- the Respondent, while invited to defend its case, has been remaining silent in this procedure.

- the Respondent’s registration (WhoIs) was masked behind a privacy service, therefore it reflects the will of the
Respondent to hide its identity.

- The Respondent has registered the disputed domain name with a Mail Exchanger record (“MX record”) which is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain and provides a preference value which is used to prioritize

mail delivery if multiple mail servers are available. Consequently, MX activation allows the Respondent to create threat to the Complainant.

email address using the disputed domain name for phishing attack. Email phishing attack is a type of social
engineering attack usually used to steal user data, including logins and credit card numbers. While no evidence
has been provided of the actual use of the disputed domain name for fraudulent emails, such use is not
unimaginable given the website to which the disputed domain name was previously used for and thus the
- It necessarily results from the above findings that the Respondent registered the disputed domain name being
fully aware of the Complainant’s prior trademark rights.

page 6

Besides, the conditions in which the disputed domain name has been used are deceptive, illegal, and made for commercial gain. In that regard, it is consistently held that the use of a domain name for illegitimate activity is considered as manifest evidence of bad faith (see WIPO Overview 3.0, sections 3.1.4).

The Panel finds that the Complainant has established the third element of the Policy.

7. Decision

For the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the disputed domain name <groupbpec.com> be transferred to the Complainant.

/Emmanuelle Ragot/
Emmanuelle Ragot
Sole Panelist
Date: September 10, 2024