ARIZONA ATTORNEY GENERAL – CONSUMER PROTECTION COMPLAINT

Important Jurisdictional & Filing Clarification:

I am a Malaysian citizen filing this complaint from Malaysia.

• My correct contact number is +60 19-828 0131.

• Any U.S. phone number entered in the online form was a placeholder used solely to bypass form restrictions.

• Any U.S. address fields were populated with Phoenix, Arizona information only to satisfy system requirements.

• My actual legal address is in Malaysia and can be provided upon request.

This clarification is provided to ensure accuracy and transparency for the Attorney General’s review.

Respondent

Namecheap, Inc.
Arizona-based domain name registrar
(Registrar of record and direct recipient of payment)

Complainant

Wong Tai Chiew
Malaysian Citizen
Email: [email protected]
Phone: +60 19-828 0131

Nature of Complaint

• Unfair and deceptive business practices, breach of contract, gross negligence, and the unauthorized conversion of a paid digital asset arising from the unauthorized deletion/transfer of the asset, followed by premature closure of the matter without explanation or remedy.
• Evidence of Regulatory Failure & Policy Breach

The Malaysian Communications and Multimedia Commission (MCMC) confirmed on December 5, 2025, that ‘Malaysia’ is a protected geographic name under ICANN Specification 5.

MCMC stated: “the domain name should not have been registered in the first instance under ICANN’s reserved-names policy framework.“

• The 2016 Affirmative Act

Critical Fact: Inbound Transfer & Acceptance of Duty

In 2016, the domain malaysia.build was officially transferred to Namecheap, Inc. This was not a passive registration but an affirmative act of business by Namecheap under Arizona jurisdiction.

1. Affirmative Act of Sale: Namecheap performed the technical and financial act of accepting this transfer, establishing a new contractual relationship governed by Arizona’s consumer protection standards.

2. Verification Failure: If the domain were truly a “reserved name” (as now claimed by third parties), Namecheap failed its basic duty of care to verify the asset’s status during the 2016 transfer process. Despite this, Namecheap continued to induce me into paying for renewal and security services for eight consecutive years.

3. Unjust Enrichment (A.R.S. § 44-1522): Namecheap profited from the recurring sale of services—specifically domain transfer, annual renewals, and specialized security protocols—that they now imply were ‘unauthorized’ or ‘invalid’ from the start. Under Arizona law, it is an unlawful practice to omit material facts (such as a domain’s supposed ‘reserved’ status) while continuously inducing a consumer to pay for the maintenance and protection of that asset.

Summary of the Incident

I am filing this complaint against Namecheap, Inc., my domain registrar for nearly 15 years (Supporting Evidence: https://youtu.be/_fR9ETHZiSM | https://loss.co/the-calculated-betrayal-how-namecheap-abandoned-a-15000-year-client/), regarding the unauthorized removal of my domain malaysia.build.

For 359+ days (since my first complaint dated Jun 11, 2025), Namecheap (Ticket #NC-UWS-6390) has refused to provide a remedy or restore the domain. This failure has caused catastrophic damage to a 9-year+ real estate project. I have already filed with the FTC (Report number: 195289817) and BBB (Pending), but seek the Attorney General’s intervention regarding this breach of security protocols by an Arizona-based company.

At the time of its unauthorized removal on or about December 5, 2023, the domain malaysia.build was:

• The domain was active, fully paid, and auto-renew enabled
• Nearly five months remained before expiration
• No EPP (authorization) code was requested or used
• No registrant notification was provided
• I did not authorize any transfer or deletion

This represents a complete failure of registrar security protocols, which are fundamental consumer protections relied upon by domain registrants.

Failure of Registrar Security Obligations

As the registrar of record, Namecheap was responsible for safeguarding the domain and enforcing standard security protocols.

Despite this duty:

• The domain was removed without authorization
• Namecheap could not identify who initiated the action
• No forensic explanation was provided
• Responsibility was repeatedly deferred to upstream providers and the registry

This represents a complete breakdown of registrar security safeguards that consumers pay for and reasonably rely upon. This unfair practice affects consumers in interstate and international commerce, as Namecheap serves global customers while maintaining operations in Arizona.

Premature Closure Without Resolution

After weeks of inquiries:

• On July 15, 2025, Namecheap’s legal team stated the matter was closed
• The support ticket was unilaterally closed the same day
• No restoration, explanation, or compensation was offered
• Subsequent emails received no response

This silence has now persisted for 325+ days (Namecheap’s final email dated July 15, 2025), demonstrating a refusal to engage in good-faith resolution.

Improper Deflection to Third Parties

Namecheap redirected responsibility to:

• Its upstream provider (eNom), and
• The .BUILD Registry

However:

• My contractual relationship and payment were solely with Namecheap
• I had no contractual relationship with these entities
• Consumers reasonably expect their registrar to act as their single point of accountability

This deflection left me without any meaningful remedy.

Why This Constitutes an Unfair or Deceptive Practice

Namecheap’s conduct constitutes an unlawful practice under A.R.S. § 44-1522 because its domain registration and related security services are “merchandise” (including intangibles and services) as defined in A.R.S. § 44-1521, and its actions involve unfair and deceptive practices in connection with the sale of such services.

1. Failure of Consideration: Namecheap accepted payment for specific registrar services—namely the security and maintenance of a digital asset—which they fundamentally failed to provide.
2. Unfair Trade Practice: Accepting recurring payments for “Domain Privacy” and “Security” while allowing an asset to be removed without an EPP code is a classic unfair trade practice.
3. Unauthorized Conversion: The removal of malaysia.build without authorization or notice constitutes an unauthorized conversion of a paid digital asset.
4. Deceptive Omission: By failing to notify me of the removal and unilaterally closing the ticket #NC-UWS-6390 without a forensic explanation, Namecheap has engaged in deceptive conduct intended to avoid accountability for a security failure.
5. Shifting Explanations and Responsibility: Responsibility was shifted to third parties beyond my control.

Anticipated Limitation-of-Liability Defense

I anticipate Namecheap may rely on a limitation-of-liability clause.

However:

• This was not a minor service issue, but the permanent loss of property
• Limitation clauses do not shield companies from gross negligence
• Deleting or transferring an asset without authorization exceeds ordinary contractual risk
• Arizona consumer protection principles recognize exceptions where conduct is reckless or willful

Evidence and Documentation

A complete, public evidence archive is available, including:

• Primary Evidence Site: https://loss.co/ and https://loss.co/responses/
• The Malaysian Communications and Multimedia Commission (MCMC)’s Response: https://loss.co/malaysia-gac-response/
• Details of the Lost Asset: https://loss.co/the-project/
• Functionality Proof: https://loss.co/videos/
• Live Project Environment & Proof of Development: https://malaysia.sibu.design
• FTC Formal Complaint: https://loss.co/ftc/
• BBB Formal Complaint: https://loss.co/bbb/
• Full email trails: https://loss.co/namecheap-enom-build-registry-complete-email-trail/
• Proof of long-term customer relationship: https://loss.co/proof-of-successful-preorder-registration-transfers-renewals-2014-2023/

This establishes two critical facts for this investigation:

1. Initial Negligence: Namecheap (the Registrar) allowed the registration of a reserved geographic name without the required “non-objection” letter, violating ICANN policy from day one.

2. Negligent Deletion: Instead of following a transparent, notified process to correct a policy error, Namecheap facilitated a silent, unauthorized deletion/transfer 10 years later without an EPP code or registrant notice.

3. Consumer Deception: Namecheap accepted 10 years of renewal payments for an asset they now claim (by omission) they had no duty to protect, despite the error originating in their own registration systems.

Harm Suffered

The loss of malaysia.build caused:

• Loss of a core business asset
• Disruption of a real estate platform developed over nine years+ (development investment exceeding tens of thousands USD, plus ongoing lost revenue opportunity – see functionality proof: https://loss.co/videos/ or demo website: https://malaysia.sibu.design)
• Significant financial and reputational harm
• Ongoing inability to launch or monetize the project

Requested Resolution

I respectfully request that the Arizona Attorney General:

1. Investigate Namecheap, Inc.’s conduct for potential violations of Arizona consumer protection laws.

2. Determine whether these actions constitute unfair or deceptive practices.

3. Facilitate accountability and corrective action.

4. Seek appropriate relief, including but not limited to:

   • Restoration of the domain malaysia.build to my control, and

   • Fair financial compensation for business disruption, development losses, and related harm.

5. Ensure registrar security obligations are meaningfully enforced to protect consumers, including international customers who rely on Arizona-based registrars.

Closing Statement

For nearly 15 years, I entrusted Namecheap with my digital assets, maintaining a large domain portfolio and relying on their security assurances. The unauthorized loss of this domain, followed by months of silence, represents a profound breach of trust and consumer protection expectations.

I submit this complaint in good faith and respectfully request the Attorney General’s review and assistance.

Declaration

The information provided is true and accurate to the best of my knowledge and supported by contemporaneous documentation.

Sincerely,

Wong Tai Chiew

Malaysian Citizen
📞 +60 19-828 0131
📧 [email protected]

Date: Dec 23, 2025

The evidence is cataloged here. The structural solution is THE WONG CLAUSE, and it is being institutionalized.

Disclaimer: This website reflects the author’s personal account and opinions regarding the loss of access to the domain *malaysia.build*. The information presented is based on direct experience, contemporaneous records, and a good-faith belief in its accuracy at the time of publication. Mentions of companies, registrars, registries, or other organizations are included only to factually describe events and circumstances relevant to this case. These references are provided solely to factually describe documented events and communications. They should not be read as allegations of misconduct, negligence, or liability of any individual, company, or organization. The content is provided solely for informational and documentary purposes. It does not constitute legal, financial, or professional advice, and should not be relied upon as a definitive statement of fact or legal conclusion.

Corrections Policy: If any party believes that information contained on this website is inaccurate, incomplete, or misleading, they are invited to contact the author at [email protected]. All requests will be reviewed promptly and in good faith. Verified corrections, clarifications, or updates will be published transparently.

Right of Reply: Any registrar, registry, upstream provider, or organization referenced in this website is welcome to submit a written response. Such responses will be published in full, unedited, to ensure fairness and balance.

© 2025 WONG TAI CHIEW. All Rights Reserved.