Mumbai: The Reserve Bank of India (RBI) has introduced two exclusive internet domains, ‘bank.in’ for banks and ‘fin.in’ for non-bank financial entities, to enhance cybersecurity in the financial sector. Announced during the final bi-monthly Monetary Policy Committee (MPC) meeting of the fiscal year, the move aims to tackle rising digital fraud and phishing attempts.
Secure Domains for Financial Institutions
Starting April 2025, Indian banks can register under ‘bank.in’, while non-bank financial entities will gain access to ‘fin.in’ later. The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar for both domains. The RBI emphasized that this step is meant to improve consumer trust in digital transactions by minimizing cybersecurity threats.
Additional Factor Authentication for Cross-Border Transactions
The central bank also announced plans to introduce Additional Factor Authentication (AFA) for cross-border ‘Card Not Present’ transactions. While AFA is already mandated for domestic digital payments, extending this requirement to international transactions will enhance security. The RBI stated that the rule will apply where overseas merchants support AFA, and a draft circular will be released for public feedback.
Rising Digital Fraud Prompts Stricter Security Measures
With increasing instances of online payment fraud, the RBI’s move reflects a broader strategy to fortify the digital financial ecosystem. Strengthening authentication measures and restricting banking entities to verified domains could help prevent phishing attacks and unauthorized transactions.
The central bank continues to implement security-focused policies to protect consumers and ensure a safer digital banking experience.
Discussion about this post