Indian banks to have ‘bank.in’ domain to tackle digital banking frauds

New Delhi: To combat cyber security risks and escalating cases of digital fraud, the Reserve Bank of India (RBI) will develop a special Internet domain 'bank.in' for all Indian banks.

This domain, whose registrations will begin in April, is expected to assist users in identifying real and reputable bank websites while avoiding dubious ones. According to RBI Governor Sanjay Malhotra, the country's financial industry would be represented by the 'fin.in' domain after the 'bank.in' domain is launched.

Malhotra, who expressed concern about the "surge in digital frauds" in India, also announced that the central bank plans to extend additional factor authentication (AFA) to online international digital payments made to offshore merchants using India-issued cards. Currently, only domestic transactions require AFA, Indian Express reported.

“The rapid digitalisation of financial services has brought convenience and efficiency but has also increased exposure to cyber threats and digital risks, which are getting sophisticated day by day. The surge in digital frauds is a matter of concern, warranting action by all stakeholders,” Malhotra as he announced these two measures in his statement on the central bank’s bi-monthly monetary policy.

“Banks and NBFCs must continuously improve preventive and detective controls to mitigate cyber risks. They must develop robust incident response and recovery mechanisms, reinforced through periodic testing, for operational resilience,” Malhotra added.

According to the Indian central bank, the new exclusive Internet domains for the country's banking and financial sector can assist decrease cyber security threats and malicious activities such as phishing, while also streamlining secure financial services and boosting trust in digital banking and payment systems.

“The Institute for Development and Research in Banking’ Technology (IDRBT) will act as the exclusive registrar. The actual registrations will commence from April 2025. Detailed guidelines for banks will be issued separately. Going forward, it is planned to have an exclusive domain viz, ‘fin.in’ for other non-bank entities in the financial sector,” the RBI said in a release.

On the additional factor of authentication for overseas online payments, the central bank stated that it wants such transactions to be as secure as digital payments in India.

“Introduction of Additional Factor of Authentication (AFA) for digital payments has enhanced the safety of transactions which, in turn, provided confidence to customers to adopt digital payments. This requirement, however, is mandatory for domestic transactions only… In order to provide a similar level of safety for online international transactions using cards issued in India, it is proposed to enable AFA for international card not present (online) transactions as well. This will provide an additional layer of security in cases where the overseas merchant is enabled for AFA. Draft circular will be issued shortly for feedback from stakeholders,” the RBI said.