Mumbai: In a strategic move to enhance cybersecurity and curb the rising incidents of digital payment fraud, the Reserve Bank of India (RBI) has announced the introduction of exclusive internet domains— ‘bank.in’ for Indian banks and ‘fin.in’ for non-banking financial entities.
RBI Governor Sanjay Malhotra confirmed the initiative on Friday, emphasizing its role in securing the digital financial ecosystem.
Table of Contents
Exclusive Domains to Strengthen Cybersecurity in Banking
The RBI’s latest initiative aims to mitigate cyber threats such as phishing attacks and identity theft, which have become increasingly common with the rapid adoption of digital payments.
The ‘bank.in’ domain will be exclusively available to registered Indian banks, ensuring that customers can easily identify legitimate banking websites and avoid fraudulent platforms.
The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar for these domains. According to the RBI, actual registrations will commence in April 2025, and banks will be provided with detailed guidelines regarding the registration process in due course.
‘Fin.in’ Domain for Non-Banking Financial Entities
Apart from securing banking institutions, the RBI also plans to launch a separate domain—‘fin.in’—for non-banking financial institutions. This initiative is expected to bring enhanced security measures to digital financial service providers, including payment aggregators, lending platforms, and fintech companies.
Enhancing Security with Additional Factor Authentication (AFA) for Cross-Border Transactions
In another significant move, the RBI has mandated an Additional Factor of Authentication (AFA) for cross-border card-not-present (CNP) transactions. The decision aligns with existing security measures for domestic digital payments and is expected to provide an extra layer of security for international transactions.
AFA, which is already a standard requirement for domestic transactions, ensures that digital payments are safeguarded against fraud by requiring users to authenticate their transactions through an additional verification step.
The RBI now proposes to extend this security framework to international transactions, making it mandatory for overseas merchants to enable AFA. A draft circular regarding this proposal will soon be issued for stakeholder feedback.
How AFA Will Impact Digital Payments
The Alternative Authentication Mechanism (AFA) guidelines set by the RBI dictate that digital transactions should have multiple security layers based on risk assessment. Under these guidelines:
- Banks and financial institutions must implement an additional verification step for most digital payments.
- A risk-based approach will be used to determine the appropriate level of authentication.
- Transaction value, origination channel, and customer risk profile will be considered when applying authentication measures.
Why These Measures Matter
The RBI’s focus on cybersecurity and fraud prevention comes amid a surge in online banking fraud cases, phishing attacks, and fraudulent digital transactions. By launching exclusive domains and strengthening authentication protocols, the RBI aims to instill greater confidence in digital financial services among Indian consumers and businesses.
Expected Benefits of RBI’s New Measures
- Enhanced Trust & Security: Customers can verify legitimate banking websites, reducing phishing and identity theft risks.
- Streamlined Digital Payments: Ensuring robust security will encourage more individuals and businesses to adopt digital payments.
- Better Regulatory Oversight: Exclusive domains allow the RBI to maintain tighter control over online banking and financial services.
- Stronger Fraud Prevention: Mandating AFA for cross-border transactions will make international digital payments more secure.
