Digital Banking Fraud: RBI Introduces Exclusive Domain to Combat Cyber Threats

February 7, 2025

By Ravie Lakshmanan

The Reserve Bank of India (RBI) has announced the introduction of an exclusive "bank.in" internet domain for banks in India to combat digital financial fraud. This initiative aims to reduce cyber security threats and malicious activities such as phishing, and streamline secure financial services, thereby enhancing trust in digital banking and payment services.

New Domain to Combat Digital Financial Fraud

The RBI has partnered with the Institute for Development and Research in Banking Technology (IDRBT) to act as the exclusive registrar for the "bank.in" domain. Registrations for the domains are expected to start from April 2025. The RBI also plans to roll out a separate exclusive domain "fin.in" for other non-bank entities in the financial sector.

Additional Factor of Authentication (AFA) to Enhance Security

As part of broader efforts to enhance trust in online payments, the RBI is debuting what’s called Additional Factor of Authentication (AFA) for cross-border card-not-present online transactions. AFA, also known as multi-factor authentication (MFA), refers to the process of using more than one factor to authenticate users, and in this case, complete digital transactions undertaken via cards, prepaid instruments, and mobile banking channels.

AFA to Provide an Additional Layer of Security

The RBI stated that AFA will provide an additional layer of security in cases where the overseas merchant is enabled for AFA. However, it’s worth noting that the RBI has not mandated a specific factor for AFA. The digital payments ecosystem in India largely embraced SMS-based one-time passwords (OTPs) as AFA.

Stay Up-to-Date with the Latest Cybersecurity News

Follow us on Twitter and LinkedIn to read more exclusive content we post.