The RBI also unveiled plans to roll out Additional Factor of Authentication (AFA) for cross-border card-not-present (CNP) online transactions
The Reserve Bank of India (RBI) on Friday announced the introduction of an exclusive “bank.in” internet domain for banks in the country as part of its efforts to combat digital financial fraud and bolster cybersecurity in the banking sector.
The initiative is aimed at mitigating cyber threats such as phishing and malicious activities while offering a more secure online environment for digital banking and payment services, the central bank said in a statement.
The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar for the new domain. Registrations for “bank.in” are expected to commence in April 2025, providing a streamlined framework for secure financial services.
In addition to the banking sector, the RBI plans to introduce another exclusive domain, “fin.in”, for non-bank entities operating in the financial services industry. The move is part of the regulator’s broader efforts to enhance trust in digital payments and protect consumers from cyber fraud.
The RBI also unveiled plans to roll out Additional Factor of Authentication (AFA) for cross-border card-not-present (CNP) online transactions. AFA, commonly referred to as multi-factor authentication (MFA), involves the use of more than one factor to verify users and complete digital transactions via cards, prepaid instruments, and mobile banking channels.
“This will provide an additional layer of security in cases where the overseas merchant is enabled for AFA,” the RBI stated.
However, the central bank has not prescribed a specific factor for AFA, allowing flexibility in implementation. India’s digital payment ecosystem predominantly relies on SMS-based one-time passwords (OTPs) as the standard method for AFA.
The RBI’s initiatives come at a time when digital payment adoption is rising across the country, making cybersecurity a key priority for both regulators and financial institutions. The introduction of the new domains and authentication mechanisms is expected to enhance the overall security landscape and strengthen trust in digital financial services.
