In a significant move to bolster cybersecurity and combat the rising threat of digital payment fraud, the Reserve Bank of India (RBI) has announced the introduction of exclusive internet domains – 'bank.in' for Indian banks and 'fin.in' for non-banking financial entities.
The initiative, announced by RBI Governor Sanjay Malhotra, aims to mitigate cyber threats such as phishing attacks and identity theft, which have become increasingly prevalent with the widespread adoption of digital payments.
The 'bank.in' domain will be exclusively available to registered Indian banks, ensuring that customers can easily identify legitimate banking websites and avoid fraudulent platforms. The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar for these domains. Actual registrations will commence in April 2025, with detailed guidelines for banks to be provided in due course.
Beyond banking institutions, the RBI also plans to launch a separate domain – 'fin.in' – for non-banking financial institutions, including payment aggregators, lending platforms, and fintech companies. This initiative is expected to bring enhanced security measures to digital financial service providers.
In another significant move, the RBI has mandated an Additional Factor of Authentication (AFA) for cross-border card-not-present (CNP) transactions. This decision aligns with existing security measures for domestic digital payments and is expected to provide an extra layer of protection for international transactions.
AFA, already a standard requirement for domestic transactions, ensures that digital payments are safeguarded against fraud by requiring users to authenticate their transactions through an additional verification step. The RBI now proposes to extend this security framework to international transactions, making it mandatory for overseas merchants to enable AFA. A draft circular regarding this proposal will soon be issued for stakeholder feedback.
The RBI's focus on cybersecurity and fraud prevention comes amid a surge in online banking fraud cases, phishing attacks, and fraudulent digital transactions. By launching exclusive domains and strengthening authentication protocols, the RBI aims to instill greater confidence in digital financial services among Indian consumers and businesses.