We’ve almost made it all the way through the eleven LegitScript Standards. We’re continuing the discussion today with Standard #10. This one gets a little technical, but we’ll try to put it in non-geek terms as much as possible.
LegitScript Standard 10: Domain name registration. The domain name registration information of the pharmacy must be accurate, and the domain name registrant must have a logical nexus to the dispensing pharmacy. Absent extenuating circumstances, pharmacy websites utilizing anonymous domain name registration services will not be eligible for approval.
What is a domain name? A domain name is, in layman’s terms, the name of a website (e.g., legitscript.com or drugstore.com. In order to get a domain name, you go to a domain name registrar like GoDaddy, Directi or Moniker, check the availability, and pay an annual registration fee to the registrar.
When you buy a domain name, you have to register your information: name, address, phone number, email, and other contact information. This is sometimes called WhoIs information. The problem is, there’s a huge loophole: domain name registrars require you to provide your contact information, but they don’t check to make sure that it’s accurate. And there’s a second loophole: accurate or not, you can pay an extra fee to make your domain name registration anonymous.
How do rogue Internet pharmacies misuse the domain name registration system? It’s difficult to imagine a good reason that a legitimate Internet pharmacy business would ever need anonymity. Think about it: part of being a legitimate Internet pharmacy involves making sure that a pharmacist is available to answer any questions you have, and that there is transparency about the source of the drugs. Why would any legitimate Internet pharmacy hide their identity? Most often, rogue Internet pharmacies entities register fraudulently or anonymously, making it harder for the customer or law enforcement to track them down. It’s just another tool they use to remain in the shadows of the Internet.
Approached from the reverse perspective, we feel completely comfortable declining an Internet pharmacy application if we ask the Internet pharmacy to make their WhoIs information public, and they refuse. We have seen several situations where the individual or entity that controls the website, and that has actually registered the website, is not the entity displayed in the “Contact Us” section of the website.
Does that mean that the website registrant actually has to be the Pharmacist-in-Charge? No. It’s great if it is, but actually, our standards require that the domain name registration have a “logical nexus” to the dispensing pharmacy. To give a great example of what that means, look at the WhoIs registration information for amberpharmacy.com. The pharmacy isn’t the registrant; rather, it’s CSTG, which provides the design, development and hosting for the Internet pharmacy. Because we confirmed that this company controls the website on Amber Pharmacy’s behalf, is in the same neighborhood and is a legitimate hosting company, it meets our standards as having a “logical nexus” to the pharmacy. After all, we don’t expect that pharmacists are also website programmers, so it’s perfectly permissible for a pharmacy to outsource development of the website to a third company, as long as it is open and transparent, and can be verified.
How do I know if a pharmacy is registered anonymously or not? It’s fairly simple. Go to a website like WhoIs or Domain Tools and type in the website you want to know about. A page will appear with information about the website, and if you scroll down you will see the “Whois Record” which displays registration information for that site.
LegitScript requires all of its approved pharmacy sites to maintain transparency by listing accurate and valid registration information that has some sort of logical relationship to the dispensing pharmacy.