RBI to introduce exclusive internet domains for banks and non-banks

RBI proposes additional factor authentication (AFA) for online international 'card-not-present' transactions

The Reserve Bank of India (RBI) is introducing exclusive internet domains for financial sector participants including banking and non-banking entities. Indian banks will have a ‘bank.in’ domain, whereas non-bank entities will have a ‘fin.in’ domain. Registrations for the same will commence from April this year. 

 

RBI’s move to introduce exclusive banking domains comes on the back of a need to contain cyber security threats such as phishing attacks. 

 

“This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services,” the RBI said in a statement on developmental and regulatory policies.

 

 

The Institute for Development and Research in Banking’ Technology (IDRBT) will act as the exclusive registrar.

 

“A verified domain for regulated financial entities will provide greater transparency and security, ensuring that borrowers can access credit solutions with confidence,” said Ashish Goyal, co-founder and chief financial officer (CFO), Fibe; a digital lending fintech. 

 

According to RBI data, over 18,000 incidents occurred involving Rs 21,367 crore in the first of the financial year 2025 (H1FY25). In H1FY24, there were 14,480 incidents of fraud, with the amount involved being only Rs 2,623 crore.

 

In FY24, the amount involved in frauds was the lowest in a decade, while the average value was the lowest in 16 years.

 

"RBI Governor’s emphasis on rising cyber threats and digital risks underscores the importance of strengthening financial sector resilience. The introduction of the ‘fin.in’ domain for financial institutions is a proactive step in securing the digital ecosystem," said Jatinder Handoo, CEO, Digital Lenders Association of India (DLAI). 

 

AFA for international card not present transactions

 

The RBI has proposed to enable additional factor authentication (AFA) for online international ‘card-not-present’ (CNP) transactions, seeking to strengthen security of payments overseas.

 

In its draft guidelines of AFA for cross border CNP transactions, the RBI said card issuers will register their bank identification numbers (BIN) with card networks for AFA validation. 

 

Card issuers shall validate AFA for non-recurring cross-border CNP transaction, whenever a request for AFA is raised by the overseas merchant or the overseas acquirer, the RBI said. 

 

A risk-based mechanism to handle all cross-border transactions shall be put in place by card issuers, according to the draft guidelines. 

 

Card-not-present is a transaction made remotely without requiring a physical card to process a payment through a point-of-sale device or terminal. AFA is the use of more than one factor for authenticating a payment instruction and was previously mandated only for domestic transactions.

 

The RBI said its new proposal would provide an additional layer of security in cases where the overseas merchant is enabled for AFA. It will issue a draft circular after feedback from stakeholders.

 

“Introduction of AFA for digital payments has enhanced the safety of transactions, which in turn provided confidence to customers to adopt digital payments. In order to provide a similar level of safety for online international transactions using cards issued in India, it is proposed to enable AFA for international card-not-present (online) transactions as well,” the RBI said.