In a bid to bolster cybersecurity in India’s financial sector, the Reserve Bank of India (RBI) has announced exclusive internet domains—‘bank.in’ for registered banks and ‘fin.in’ for non-banking financial entities. RBI Governor Sanjay Malhotra revealed that registrations for ‘bank.in’ will commence in April 2025, followed by ‘fin.in’, with the initiative aimed at reducing phishing attempts and fortifying digital banking trust.

The move responds to rising cyber threats and fraud within India’s digital payment ecosystem. By restricting financial institutions to these domains, RBI seeks to establish a more secure and verifiable digital presence, minimizing risks from fraudulent websites impersonating legitimate banks.

Registrar and authentication: The Institute for Development and Research in Banking Technology (IDRBT) has been designated as the sole registrar for these domains. Additionally, the central bank plans to implement an Additional Factor of Authentication (AFA) for cross-border ‘Card Not Present’ transactions. While AFA is already mandated for domestic digital payments, its extension to international online transactions is expected to enhance security. This measure, however, will apply only where overseas merchants support AFA, with a draft circular for industry feedback forthcoming.

Bottom line: The introduction of ‘.bank.in’ and ‘.fin.in’ marks a strategic step in securing India’s financial ecosystem, yet its success hinges on widespread adoption and enforcement. Industry experts recognize that exclusive domains can enhance trust, but without strict compliance and consumer awareness, fraudsters may still exploit loopholes. The challenge lies in ensuring that institutions swiftly transition while educating users to recognize these domains as the gold standard for secure banking.