It seems in this case that *even* if you register your domain to a viable trust authority, like CA. There is nothing inherent in the trust system outside of due diligence on the issuing authority to protect you from another less viable company issuing what looks like a valid Cert attached to your name? By that I mean outside of other measure floating around like dual authentication or anti-phishing checks via 3rd party software like Brand Watch etc. And *gasp* customer education that DOES NOT work. Oh and internal fraud checking capabilities that flag use outside of baseline for imediate investigation.