New Delhi, February 7 – In a bid to tackle rising digital payment frauds, the Reserve Bank of India (RBI) has announced the launch of dedicated internet domains – Bank.in for banks and Fin.in for non-banking financial institutions (NBFCs). The initiative aims to enhance cybersecurity, mitigate phishing threats, and streamline secure financial services, fostering greater trust in digital banking and payment systems.
RBI Governor Sanjay Malhotra, while unveiling the bi-monthly monetary policy review on Friday, highlighted concerns over the surge in digital fraud incidents. To address this, Bank.in will be introduced for Indian banks starting April this year, with Fin.in set to follow for NBFCs in the near future.
The Institute for Development and Research in Banking Technology (IDRBT) will act as the exclusive registrar for these domains, with actual registrations commencing from April 2025. Detailed guidelines for banks regarding the implementation of Bank.in will be released separately, while a similar framework for Fin.in will be established later.
Additionally, RBI has introduced an extra layer of security for cross-border card-not-present (CNP) transactions to bolster digital payment security. While Additional Factor Authentication (AFA) has significantly enhanced domestic transaction safety, it was not mandatory for international online transactions. The new proposal will extend AFA to international online transactions made using Indian-issued cards, ensuring an added layer of protection where foreign merchants support this authentication mechanism.
RBI will soon release a draft circular seeking feedback from stakeholders before implementing these measures.
