The Reserve Bank of India (RBI) is set to introduce an exclusive “bank.in” internet domain to help curb digital financial fraud and enhance security in the country’s banking sector. This move is aimed at reducing cyber threats, particularly phishing, and improving overall trust in online banking and payment services. The initiative is part of the RBI’s broader strategy to secure financial transactions and streamline banking operations, offering users greater confidence in digital platforms.
The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar for these domains. Banks are expected to begin registering for the “bank.in” domain starting in April 2025. This exclusive domain is designed to help protect against malicious activities by clearly differentiating legitimate banking websites from potentially fraudulent ones, ensuring a safer environment for digital banking in India.
In addition to the new domain, the RBI plans to roll out a separate “fin.in” domain to serve other non-bank entities in the financial sector.
This extension is intended to further enhance security and facilitate the identification of authorized financial institutions. These moves reflect the RBI’s continued commitment to strengthening India’s digital financial ecosystem and addressing the increasing risks associated with cyber threats in the sector.
To further improve security, the RBI is also introducing Additional Factor of Authentication (AFA) for cross-border card-not-present online transactions. AFA, which is a form of multi-factor authentication (MFA), adds an extra layer of protection for digital payments made through cards, prepaid instruments, and mobile banking channels. While the RBI has not mandated a specific authentication method, SMS-based one-time passwords (OTPs) are widely used as part of this security protocol.
