RBI Introduces ‘bank.in’ & ‘fin.in’ Domains to Enhance Digital Payment Security

Samba Times Special

New Measures to Strengthen Cybersecurity in Banking

The Reserve Bank of India (RBI) has taken a significant step to curb digital payment fraud by introducing exclusive internet domains—‘bank.in’ for banks and ‘fin.in’ for other financial institutions. This initiative, announced by RBI Governor Sanjay Malhotra, aims to enhance cybersecurity, prevent phishing attacks, and build trust in digital transactions.

With the increasing adoption of online banking and digital payments, cyber frauds have also risen. Many customers fall victim to phishing websites that mimic legitimate banking platforms. By launching ‘bank.in’ as a dedicated domain, the RBI ensures that customers can easily verify the authenticity of bank websites, reducing the risk of fraud.

How It Will Benefit Customers

1. Enhanced Security
   • Customers will be able to identify genuine banking websites, preventing scams and data breaches.
   • Fraudsters often use fake URLs similar to real bank websites to steal personal information; ‘bank.in’ will help counter this.
2. Increased Trust in Digital Payments
   • Secure domains mean safer transactions, boosting confidence in digital banking services.
   • As online banking expands, such security measures will encourage more people to switch to digital payments.
3. Better Regulation and Monitoring
   • The Institute for Development and Research in Banking Technology (IDRBT) will act as the exclusive registrar, ensuring proper implementation and oversight.
   • The RBI will provide guidelines to banks, ensuring compliance and consistent security measures across all financial institutions.
4. Introduction of ‘fin.in’ for Non-Bank Financial Entities
   • RBI’s plan to extend secure domain names to non-banking financial institutions (NBFCs) will further strengthen the overall financial ecosystem.

Stronger Authentication for International Transactions

The RBI is also making Additional Factor of Authentication (AFA) mandatory for international Card Not Present (CNP) transactions. Currently, this security layer applies only to domestic digital payments. With this extension, customers will enjoy the same level of protection for international transactions, reducing fraud risks when shopping online from foreign merchants.

Why AFA Matters

• Protects Against Unauthorized Transactions: Even if a fraudster gets access to card details, they won’t be able to complete transactions without the additional authentication step.
• Enhances Customer Confidence: More security means people will feel safer using their cards for online international transactions.
• Risk-Based Approach: Issuers can decide the level of authentication needed based on factors like transaction amount, origin, and customer risk profile.

Conclusion

With cyber threats evolving, RBI’s proactive approach ensures a safer digital banking experience. The introduction of ‘bank.in’ and ‘fin.in’ domains will help customers easily verify legitimate banking websites, reducing fraud risks. Additionally, enforcing AFA for international transactions will protect cardholders from unauthorized use.

These measures mark a significant step toward a more secure, reliable, and trustworthy digital payment ecosystem in India. Customers can expect safer transactions, reduced fraud risks, and enhanced trust in digital banking services—ensuring financial security in the digital era.