MUMBAI, Feb 7: To address cyber security threats, the Reserve Bank of India on Friday (February 7, 2025) announced that all Indian banks will exclusively use the internet domain name ‘bank.in’, while non-bank financial entities will use ‘fin.in’.
During the announcement of the last bi-monthly monetary policy for this fiscal year, RBI Governor Sanjay Malhotra stated that registrations for ‘bank.in’ are set to begin in April 2025, followed by the introduction of ‘fin.in’.
This initiative is designed to bolster trust in the financial sector, particularly in light of the rising concerns regarding digital payment fraud.
“To tackle this issue, the Reserve Bank of India (RBI) will provide an exclusive internet domain, ‘bank.in’, for Indian banks,” he said.
The aim of this initiative is to mitigate cyber security risks and harmful activities such as phishing, as well as to ensure secure financial services, thus enhancing confidence in digital banking and payment solutions.
The Institute for Development and Research in Banking Technology (IDRBT) will serve as the designated registrar.
Furthermore, Mr. Malhotra mentioned plans to implement an exclusive domain—’fin.in’—for non-bank entities in the financial space.
The RBI also resolved to introduce an additional security layer through Additional Factor of Authentication (AFA) for cross-border ‘Card Not Present’ transactions.
According to the central bank, the AFA requirement for digital payments has improved the safety of transactions, thereby encouraging customers to adopt digital payment methods. This requirement is currently obligatory for domestic transactions only.
“To ensure a similar level of security for online international transactions utilizing cards issued in India, it is proposed to implement AFA for international card not present (online) transactions as well,” the RBI stated.
This change will offer an extra layer of security when the overseas merchant is AFA-enabled. A draft circular will be released soon for stakeholder feedback. (Agencies)
