India's RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud.

"This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a statement issued today.

To that end, the Institute for Development and Research in Banking Technology (IDRBT) will act as the exclusive registrar. Registrations for the domains are expected to start from April 2025.

The RBI also said it plans to roll out a separate exclusive domain "fin.in" for other non-bank entities in the financial sector.

As part of broader efforts to enhance trust in online payments, the RBI said it's also debuting what's called Additional Factor of Authentication (AFA) for cross-border card-not-present (CNP) online transactions.

AFA, also called multi-factor authentication (MFA), refers to the process of using more than one factor to authenticate users, and, in this case, complete digital transactions undertaken via cards, prepaid instruments and mobile banking channels.

"This will provide an additional layer of security in cases where the overseas merchant is enabled for AFA," the RBI said.

However, it's worth noting that the RBI has not mandated a specific factor for AFA. The digital payments ecosystem in India largely embraced SMS-based one-time passwords (OTPs) as AFA.