India’s central bank, the Reserve Bank of India (RBI), has announced the launch of a dedicated “bank.in” internet domain for banks across the country, aimed at tackling digital financial fraud.
“This initiative is designed to mitigate cybersecurity threats and malicious activities such as phishing, while also streamlining secure financial services to enhance trust in digital banking and payment systems,” the RBI stated in a release today.
In this effort, the Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar. Registrations for these domains are anticipated to begin in April 2025.
Additionally, the RBI mentioned plans to introduce a separate exclusive domain “fin.in” for other non-bank entities within the financial sector.
To improve trust in online payments, the RBI is introducing what it calls Additional Factor of Authentication (AFA) for cross-border card-not-present (CNP) online transactions.
AFA, or multi-factor authentication (MFA), involves using multiple factors to verify users and, in this context, to complete digital transactions made through cards, prepaid instruments, and mobile banking channels.
“This will add an extra layer of security when the overseas merchant supports AFA,” the RBI stated.
However, it’s important to mention that the RBI has not specified a particular factor for AFA. In India, the digital payments landscape has largely adopted SMS-based one-time passwords (OTPs) as the AFA method.